RE: linux on a 2500 ? Was: Programming under IOS [7:3362]
And soon there's going to be millions of Mac OS X Unix boxes under attack. Macintoshes used to be pretty safe. Apple must have some concerns I would think. Just rambling.. Priscilla At 12:56 AM 5/8/01, Carroll Kong wrote: >At 11:38 PM 5/7/01 -0400, Chuck Larrieu wrote: > >Check out http://www.attrition.org/mirror/attrition/ > > > >Interesting to read the history files. It would appear that nearly half of > >compromised servers are NOT Wintels. Which says a lot about the security of > >ALL operating systems. > > > >Chuck > >Without looking at the site, I would say most are from Linux and Solaris >boxes from a default install. A unix box is far more dangerous in the >hands of a mediocre admin as opposed to a windows box in the hands of a >newbie. CAVEAT EMPTOR! > > > >-Carroll Kong >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3646&t=3362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: linux on a 2500 ? Was: Programming under IOS [7:3362]
Interesting that Cisco has yet to implement SSH2. Their speed on fixing bugs for the CallManager line is less than impressive (the Unity guys rock). I really dislike selling broken products. And I *like* Cisco for the most part (especially if you compare them to others). Just some thoughts. Don't even get me started on a recent 1750 install that blew up today. All 20 routers are from a defective lot and work fine with data, but screech horribly when you use FXS modules. Cisco TAC was going to replace everything and drop-ship them to each site with all the right parts installed, but the RMA team blocked it and is forcing us to go back to our vendor (TechData), but the voice part of this install didn't take place until 6 mos. later (customer didn't have the PBX equipment ready and didn't care, just wanted data up), so we can't return it. Gotta love it, but at this point I'm out of the loop until they get it straightened out. Ok, I'll stop ranting now. I'm fighting an evil NT4 install so I can work on CSPM. Yet another product that needs to be updated ;-p -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Carroll Kong"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > At 11:09 PM 5/7/01 -0400, Jason Roysdon wrote: > >Of course if the source is open, it has more eyes looking at it (than say M$ > >software which seems to be having a new security announcement every week > >right now). > > > >-- > >Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > >List email: [EMAIL PROTECTED] > >Homepage: http://jason.artoo.net/ > > > > > > > >""Allen May"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Being a Libra I have to agree & disagree about open source. Open source > > > also allows the good hackers to find exploits much more easily by reverse > > > engineering the whole process. Open source is very cool for application > > > design but gives too much information to those with more destructive > > > tendencies. > > > > > > Just my re-contribution of 2 cents out of my stockpile I collected ;) > > Before we get into holy wars about this, open source is not always the > ultimate end all solution. There is good and bad software out there, and > they can be either open or closed source. > > The idea that a million eyes watching it sounds great in theory, but whose > eyes are watching? Are a million monkeys going to be able to setup a > network properly? Or would you trust a small team of CCIEs? Also, most > people do not audit the code, or they fail to do so properly. So, that > million might be cut down a few orders of magnitude. > > People sometimes work better when they are being paid and are somewhat held > liable for their work. With open source, it is really a "hey, if it messes > things up, sorry". Closed source is not liable either (they are to a > certain degree though), however, there is less expectation from an open > source product as a closed source. Cisco does not turn around and say > "Hey, I will fix that bug a bit later on, I got other things to do." But > the open source guy can. (Ok, sometimes the commercial guys do say that... > hehe, and you can get commercial support on open source software, but I > think you guys get the idea). > > This is not to say all open source is bad, there is some excellent open > source products out there which I would pick over commercial solutions. I > just thing we really should not devolve the entire discussion to open vs > closed. I do not think that is the case. > > On the side, when there was a vulnerability in ssh, for some odd reason, > the simple buffer overflow was ALREADY Fixed in ALL commercial > implementations, the only one vulnerable was OpenSSH 2.2.0 and previous > friends or so. Sure the "many eyes" found it, but quite a bit late on a > bit of code which should have been fixed eons ago. Not to say that I would > not use OpenSSH, I think it is great stuff. Just that, sometimes the > commercial implementations are better for some products and part of it is > the fact that they are getting paid and they have a public image to maintain. > > Please note I said sometimes. If anything I am more so an open source fan > than most would think. I am really more towards the right solution for the > right job be it open or closed. > > > > > -Carroll Kong > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3552&t=3362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: linux on a 2500 ? Was: Programming under IOS [7:3362]
At 11:38 PM 5/7/01 -0400, Chuck Larrieu wrote: >Check out http://www.attrition.org/mirror/attrition/ > >Interesting to read the history files. It would appear that nearly half of >compromised servers are NOT Wintels. Which says a lot about the security of >ALL operating systems. > >Chuck Without looking at the site, I would say most are from Linux and Solaris boxes from a default install. A unix box is far more dangerous in the hands of a mediocre admin as opposed to a windows box in the hands of a newbie. CAVEAT EMPTOR! -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3549&t=3362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: linux on a 2500 ? Was: Programming under IOS [7:3362]
At 11:09 PM 5/7/01 -0400, Jason Roysdon wrote: >Of course if the source is open, it has more eyes looking at it (than say M$ >software which seems to be having a new security announcement every week >right now). > >-- >Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ >List email: [EMAIL PROTECTED] >Homepage: http://jason.artoo.net/ > > > >""Allen May"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Being a Libra I have to agree & disagree about open source. Open source > > also allows the good hackers to find exploits much more easily by reverse > > engineering the whole process. Open source is very cool for application > > design but gives too much information to those with more destructive > > tendencies. > > > > Just my re-contribution of 2 cents out of my stockpile I collected ;) Before we get into holy wars about this, open source is not always the ultimate end all solution. There is good and bad software out there, and they can be either open or closed source. The idea that a million eyes watching it sounds great in theory, but whose eyes are watching? Are a million monkeys going to be able to setup a network properly? Or would you trust a small team of CCIEs? Also, most people do not audit the code, or they fail to do so properly. So, that million might be cut down a few orders of magnitude. People sometimes work better when they are being paid and are somewhat held liable for their work. With open source, it is really a "hey, if it messes things up, sorry". Closed source is not liable either (they are to a certain degree though), however, there is less expectation from an open source product as a closed source. Cisco does not turn around and say "Hey, I will fix that bug a bit later on, I got other things to do." But the open source guy can. (Ok, sometimes the commercial guys do say that... hehe, and you can get commercial support on open source software, but I think you guys get the idea). This is not to say all open source is bad, there is some excellent open source products out there which I would pick over commercial solutions. I just thing we really should not devolve the entire discussion to open vs closed. I do not think that is the case. On the side, when there was a vulnerability in ssh, for some odd reason, the simple buffer overflow was ALREADY Fixed in ALL commercial implementations, the only one vulnerable was OpenSSH 2.2.0 and previous friends or so. Sure the "many eyes" found it, but quite a bit late on a bit of code which should have been fixed eons ago. Not to say that I would not use OpenSSH, I think it is great stuff. Just that, sometimes the commercial implementations are better for some products and part of it is the fact that they are getting paid and they have a public image to maintain. Please note I said sometimes. If anything I am more so an open source fan than most would think. I am really more towards the right solution for the right job be it open or closed. -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3548&t=3362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: linux on a 2500 ? Was: Programming under IOS [7:3362]
No, what that says is that every MORON MCSE thinks they can run a *nix box because good ol bill said so. They run old versions of software and get compromised. Fact. "look jim bob, i learned to type in 'ls' at the prompt', take that Mr. Gates and your MCSE." > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Chuck Larrieu > Sent: Monday, May 07, 2001 11:38 PM > To: [EMAIL PROTECTED] > Subject: RE: linux on a 2500 ? Was: Programming under IOS [7:3362] > > > Check out http://www.attrition.org/mirror/attrition/ > > Interesting to read the history files. It would appear that > nearly half of > compromised servers are NOT Wintels. Which says a lot about > the security of > ALL operating systems. > > Chuck > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, May 07, 2001 8:09 PM > To: [EMAIL PROTECTED] > Subject: Re: linux on a 2500 ? Was: Programming under > IOS [7:3362] > > Of course if the source is open, it has more eyes looking at > it (than say M$ > software which seems to be having a new security announcement > every week > right now). > > -- > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > List email: [EMAIL PROTECTED] > Homepage: http://jason.artoo.net/ > > > > ""Allen May"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Being a Libra I have to agree & disagree about open source. > Open source > > also allows the good hackers to find exploits much more > easily by reverse > > engineering the whole process. Open source is very cool > for application > > design but gives too much information to those with more destructive > > tendencies. > > > > Just my re-contribution of 2 cents out of my stockpile I > collected ;) > > > > - Original Message - > > From: "Control Program" > > To: > > Sent: Sunday, May 06, 2001 9:19 PM > > Subject: Re: linux on a 2500 ? Was: Programming under IOS [7:3362] > > > > > > > On Sun, May 06, 2001 at 01:28:25PM -0400, Chuck Larrieu wrote: > > > > Without getting into the relative merits of router > running open versus > > > > closed code, or the obvious cost issue, what would be > the advantage > of > > a > > > > Linux OS versus IOS? > > > > > > Why not consider open versus closed source code? The public > availability > > of > > > operating system source code is an enormous advantage > that Linux systems > > > (and a variety of others like Mach and the FreeBSD/NetBSD/OpenBSD > family) > > > have over their proprietary counterparts. Source > availability enables > > rapid > > > development by allowing for higher-quality feedback from > people who > aren't > > > directly involved with development. Anyone, anywhere, > can submit a > patch > > to > > > the development team - as well as to the public - to > correct a bug or > add > > a > > > feature. This has proved invaluable in security circles; > in some cases, > > > kernel-level fixes have been written and made available > within two to > > three > > > hours of the discovery of a new security vulnerability. > > > > > > Source availability allows for advanced troubleshooting > in the event > that > > > you trace your problem to an operating system bug. With > proprietary > > > alternatives, your only recourse is to notify technical > support and hope > > the > > > developers get around to fixing your bug before it's too > late to matter. > > > The same reasoning applies to adding new features or > customizations. > > > > > > It is rapidly becoming clear that public availability of > program source > > code > > > directly affects the quality of that code. Such availability > effectively > > > distributes the 'development load' among many more > people, with all the > > > attendant benefits that distributed processing implies. > > > > > > Some other immediate benefits of using something like a > Linux-based > system > > > on router hardware include instant support for and > compatibility with > > > existing OS file formats and filesystem types; a much > greater ability to > > > 'tune' your kernel image to your specific situation, > providing decreased > > > image size and situationally-optimize
RE: linux on a 2500 ? Was: Programming under IOS [7:3362]
Check out http://www.attrition.org/mirror/attrition/ Interesting to read the history files. It would appear that nearly half of compromised servers are NOT Wintels. Which says a lot about the security of ALL operating systems. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, May 07, 2001 8:09 PM To: [EMAIL PROTECTED] Subject:Re: linux on a 2500 ? Was: Programming under IOS [7:3362] Of course if the source is open, it has more eyes looking at it (than say M$ software which seems to be having a new security announcement every week right now). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Allen May"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Being a Libra I have to agree & disagree about open source. Open source > also allows the good hackers to find exploits much more easily by reverse > engineering the whole process. Open source is very cool for application > design but gives too much information to those with more destructive > tendencies. > > Just my re-contribution of 2 cents out of my stockpile I collected ;) > > - Original Message - > From: "Control Program" > To: > Sent: Sunday, May 06, 2001 9:19 PM > Subject: Re: linux on a 2500 ? Was: Programming under IOS [7:3362] > > > > On Sun, May 06, 2001 at 01:28:25PM -0400, Chuck Larrieu wrote: > > > Without getting into the relative merits of router running open versus > > > closed code, or the obvious cost issue, what would be the advantage of > a > > > Linux OS versus IOS? > > > > Why not consider open versus closed source code? The public availability > of > > operating system source code is an enormous advantage that Linux systems > > (and a variety of others like Mach and the FreeBSD/NetBSD/OpenBSD family) > > have over their proprietary counterparts. Source availability enables > rapid > > development by allowing for higher-quality feedback from people who aren't > > directly involved with development. Anyone, anywhere, can submit a patch > to > > the development team - as well as to the public - to correct a bug or add > a > > feature. This has proved invaluable in security circles; in some cases, > > kernel-level fixes have been written and made available within two to > three > > hours of the discovery of a new security vulnerability. > > > > Source availability allows for advanced troubleshooting in the event that > > you trace your problem to an operating system bug. With proprietary > > alternatives, your only recourse is to notify technical support and hope > the > > developers get around to fixing your bug before it's too late to matter. > > The same reasoning applies to adding new features or customizations. > > > > It is rapidly becoming clear that public availability of program source > code > > directly affects the quality of that code. Such availability effectively > > distributes the 'development load' among many more people, with all the > > attendant benefits that distributed processing implies. > > > > Some other immediate benefits of using something like a Linux-based system > > on router hardware include instant support for and compatibility with > > existing OS file formats and filesystem types; a much greater ability to > > 'tune' your kernel image to your specific situation, providing decreased > > image size and situationally-optimized performance; the potential for much > > more advanced user interface features; and immediately available tools > that > > can be easily modified and cross-compiled to run on router hardware > > (tcpdump, packet generators, netcat, intrusion detection utilities, ...). > > > > > > > Doesn't the "OS" have to be an inherent part of the "IOS" in any case? I > > > presume that Cisco boxes operate as do any Von Neuman based > architectures, > > > and that the IOS is really more an application that is loaded via the > boot > > > proms, where the "operating system" resides? Am I completely out of the > > > water here? > > > > I don't know if you're out of the water, but I was unable to make sense of > > this paragraph. Perhaps you mean to ask about the difference between IOS > > and other operating systems like Unix/Linux? In that case, there's really > > no difference at all - IOS is an operating system like any other, although > > more specialized than Unix. Unix does, however, separates the kernel
Re: linux on a 2500 ? Was: Programming under IOS [7:3362]
Of course if the source is open, it has more eyes looking at it (than say M$ software which seems to be having a new security announcement every week right now). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Allen May"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Being a Libra I have to agree & disagree about open source. Open source > also allows the good hackers to find exploits much more easily by reverse > engineering the whole process. Open source is very cool for application > design but gives too much information to those with more destructive > tendencies. > > Just my re-contribution of 2 cents out of my stockpile I collected ;) > > - Original Message - > From: "Control Program" > To: > Sent: Sunday, May 06, 2001 9:19 PM > Subject: Re: linux on a 2500 ? Was: Programming under IOS [7:3362] > > > > On Sun, May 06, 2001 at 01:28:25PM -0400, Chuck Larrieu wrote: > > > Without getting into the relative merits of router running open versus > > > closed code, or the obvious cost issue, what would be the advantage of > a > > > Linux OS versus IOS? > > > > Why not consider open versus closed source code? The public availability > of > > operating system source code is an enormous advantage that Linux systems > > (and a variety of others like Mach and the FreeBSD/NetBSD/OpenBSD family) > > have over their proprietary counterparts. Source availability enables > rapid > > development by allowing for higher-quality feedback from people who aren't > > directly involved with development. Anyone, anywhere, can submit a patch > to > > the development team - as well as to the public - to correct a bug or add > a > > feature. This has proved invaluable in security circles; in some cases, > > kernel-level fixes have been written and made available within two to > three > > hours of the discovery of a new security vulnerability. > > > > Source availability allows for advanced troubleshooting in the event that > > you trace your problem to an operating system bug. With proprietary > > alternatives, your only recourse is to notify technical support and hope > the > > developers get around to fixing your bug before it's too late to matter. > > The same reasoning applies to adding new features or customizations. > > > > It is rapidly becoming clear that public availability of program source > code > > directly affects the quality of that code. Such availability effectively > > distributes the 'development load' among many more people, with all the > > attendant benefits that distributed processing implies. > > > > Some other immediate benefits of using something like a Linux-based system > > on router hardware include instant support for and compatibility with > > existing OS file formats and filesystem types; a much greater ability to > > 'tune' your kernel image to your specific situation, providing decreased > > image size and situationally-optimized performance; the potential for much > > more advanced user interface features; and immediately available tools > that > > can be easily modified and cross-compiled to run on router hardware > > (tcpdump, packet generators, netcat, intrusion detection utilities, ...). > > > > > > > Doesn't the "OS" have to be an inherent part of the "IOS" in any case? I > > > presume that Cisco boxes operate as do any Von Neuman based > architectures, > > > and that the IOS is really more an application that is loaded via the > boot > > > proms, where the "operating system" resides? Am I completely out of the > > > water here? > > > > I don't know if you're out of the water, but I was unable to make sense of > > this paragraph. Perhaps you mean to ask about the difference between IOS > > and other operating systems like Unix/Linux? In that case, there's really > > no difference at all - IOS is an operating system like any other, although > > more specialized than Unix. Unix does, however, separates the kernel > > (low-level hardware support, core I/O, and processor and memory > management) > > from user-level applications such as the shell (CLI), shared libraries, > and > > daemon processes such as inetd (the Internet protocol super-server) and > > cron. Because of its historically specialized nature, IOS melds 'kernel' > > functionality with 'application' functionality. > > > > Experience
Re: linux on a 2500 ? Was: Programming under IOS [7:3362]
Being a Libra I have to agree & disagree about open source. Open source also allows the good hackers to find exploits much more easily by reverse engineering the whole process. Open source is very cool for application design but gives too much information to those with more destructive tendencies. Just my re-contribution of 2 cents out of my stockpile I collected ;) - Original Message - From: "Control Program" To: Sent: Sunday, May 06, 2001 9:19 PM Subject: Re: linux on a 2500 ? Was: Programming under IOS [7:3362] > On Sun, May 06, 2001 at 01:28:25PM -0400, Chuck Larrieu wrote: > > Without getting into the relative merits of router running open versus > > closed code, or the obvious cost issue, what would be the advantage of a > > Linux OS versus IOS? > > Why not consider open versus closed source code? The public availability of > operating system source code is an enormous advantage that Linux systems > (and a variety of others like Mach and the FreeBSD/NetBSD/OpenBSD family) > have over their proprietary counterparts. Source availability enables rapid > development by allowing for higher-quality feedback from people who aren't > directly involved with development. Anyone, anywhere, can submit a patch to > the development team - as well as to the public - to correct a bug or add a > feature. This has proved invaluable in security circles; in some cases, > kernel-level fixes have been written and made available within two to three > hours of the discovery of a new security vulnerability. > > Source availability allows for advanced troubleshooting in the event that > you trace your problem to an operating system bug. With proprietary > alternatives, your only recourse is to notify technical support and hope the > developers get around to fixing your bug before it's too late to matter. > The same reasoning applies to adding new features or customizations. > > It is rapidly becoming clear that public availability of program source code > directly affects the quality of that code. Such availability effectively > distributes the 'development load' among many more people, with all the > attendant benefits that distributed processing implies. > > Some other immediate benefits of using something like a Linux-based system > on router hardware include instant support for and compatibility with > existing OS file formats and filesystem types; a much greater ability to > 'tune' your kernel image to your specific situation, providing decreased > image size and situationally-optimized performance; the potential for much > more advanced user interface features; and immediately available tools that > can be easily modified and cross-compiled to run on router hardware > (tcpdump, packet generators, netcat, intrusion detection utilities, ...). > > > > Doesn't the "OS" have to be an inherent part of the "IOS" in any case? I > > presume that Cisco boxes operate as do any Von Neuman based architectures, > > and that the IOS is really more an application that is loaded via the boot > > proms, where the "operating system" resides? Am I completely out of the > > water here? > > I don't know if you're out of the water, but I was unable to make sense of > this paragraph. Perhaps you mean to ask about the difference between IOS > and other operating systems like Unix/Linux? In that case, there's really > no difference at all - IOS is an operating system like any other, although > more specialized than Unix. Unix does, however, separates the kernel > (low-level hardware support, core I/O, and processor and memory management) > from user-level applications such as the shell (CLI), shared libraries, and > daemon processes such as inetd (the Internet protocol super-server) and > cron. Because of its historically specialized nature, IOS melds 'kernel' > functionality with 'application' functionality. > > Experience has shown that the modular design approach scales much better in > the long run. > > > > In raw terms of what is happening on a router, does a Linux based OS versus > > whatever the Cisco IOS is really matter? in terms of code size? In terms of > > router speed? > > This is purely a 'one OS against another' issue. Is Windows 2000 'better' > than Linux if you have an Intel box? Despite the religious handwaving of > the advocacy-inclined, the fact is it depends on what you want to do. > > In addition and again, having more than one alternative available has > historically proven vastly beneficial to hardware lifetime and acceptance. > > > > The IOS, as best I can guess, has it's roots in C. > > It is written
Re: linux on a 2500 ? Was: Programming under IOS [7:3362]
On Sun, May 06, 2001 at 01:28:25PM -0400, Chuck Larrieu wrote: > Without getting into the relative merits of router running open versus > closed code, or the obvious cost issue, what would be the advantage of a > Linux OS versus IOS? Why not consider open versus closed source code? The public availability of operating system source code is an enormous advantage that Linux systems (and a variety of others like Mach and the FreeBSD/NetBSD/OpenBSD family) have over their proprietary counterparts. Source availability enables rapid development by allowing for higher-quality feedback from people who aren't directly involved with development. Anyone, anywhere, can submit a patch to the development team - as well as to the public - to correct a bug or add a feature. This has proved invaluable in security circles; in some cases, kernel-level fixes have been written and made available within two to three hours of the discovery of a new security vulnerability. Source availability allows for advanced troubleshooting in the event that you trace your problem to an operating system bug. With proprietary alternatives, your only recourse is to notify technical support and hope the developers get around to fixing your bug before it's too late to matter. The same reasoning applies to adding new features or customizations. It is rapidly becoming clear that public availability of program source code directly affects the quality of that code. Such availability effectively distributes the 'development load' among many more people, with all the attendant benefits that distributed processing implies. Some other immediate benefits of using something like a Linux-based system on router hardware include instant support for and compatibility with existing OS file formats and filesystem types; a much greater ability to 'tune' your kernel image to your specific situation, providing decreased image size and situationally-optimized performance; the potential for much more advanced user interface features; and immediately available tools that can be easily modified and cross-compiled to run on router hardware (tcpdump, packet generators, netcat, intrusion detection utilities, ...). > Doesn't the "OS" have to be an inherent part of the "IOS" in any case? I > presume that Cisco boxes operate as do any Von Neuman based architectures, > and that the IOS is really more an application that is loaded via the boot > proms, where the "operating system" resides? Am I completely out of the > water here? I don't know if you're out of the water, but I was unable to make sense of this paragraph. Perhaps you mean to ask about the difference between IOS and other operating systems like Unix/Linux? In that case, there's really no difference at all - IOS is an operating system like any other, although more specialized than Unix. Unix does, however, separates the kernel (low-level hardware support, core I/O, and processor and memory management) from user-level applications such as the shell (CLI), shared libraries, and daemon processes such as inetd (the Internet protocol super-server) and cron. Because of its historically specialized nature, IOS melds 'kernel' functionality with 'application' functionality. Experience has shown that the modular design approach scales much better in the long run. > In raw terms of what is happening on a router, does a Linux based OS versus > whatever the Cisco IOS is really matter? in terms of code size? In terms of > router speed? This is purely a 'one OS against another' issue. Is Windows 2000 'better' than Linux if you have an Intel box? Despite the religious handwaving of the advocacy-inclined, the fact is it depends on what you want to do. In addition and again, having more than one alternative available has historically proven vastly beneficial to hardware lifetime and acceptance. > The IOS, as best I can guess, has it's roots in C. It is written in C (and assembler), as is Linux. > web link below, there aren't a lot of features in these Linux OS's either. > I suppose over time that will be resolved, but at what cost in terms of OS > image size? As discussed earlier, image size is much less of a concern with Linux right now than IOS. The ability to situationally optimize a given image allows you to include exactly the features you need, contributing to efficiency in space (image size and memory footprint) and time (performance). Furthermore, the Linux architectural approach is modular. Most kernel functions are now available as loadable modules which can be dynamically loaded and unloaded during runtime. > writing for a Cisco box, they have to ensure compatibility in every > way shape and form with other Cisco boxes, What kind of compatibility? Network protocol-wise? That's the reason why standards and open specifications exist - they promote interoperability. That's why, in a different OS implementation, you'll get OSPF and BGP, but not EIGRP. In the realm of the 'implementatio
RE: linux on a 2500 ? Was: Programming under IOS [7:3362]
Without getting into the relative merits of router running open versus closed code, or the obvious cost issue, what would be the advantage of a Linux OS versus IOS? Doesn't the "OS" have to be an inherent part of the "IOS" in any case? I presume that Cisco boxes operate as do any Von Neuman based architectures, and that the IOS is really more an application that is loaded via the boot proms, where the "operating system" resides? Am I completely out of the water here? In raw terms of what is happening on a router, does a Linux based OS versus whatever the Cisco IOS is really matter? in terms of code size? In terms of router speed? The IOS, as best I can guess, has it's roots in C. I say this based on things like variable names, and related behaviours. Obviously, the source code is compiled, and probably optimized for speed rather than size, if IOS bloat is any indication. On the other hand, judging from what I see on the web link below, there aren't a lot of features in these Linux OS's either. I suppose over time that will be resolved, but at what cost in terms of OS image size? Well, I suppose for one thing the Linux crowd doesn't have to concern itself with backwards compatibility. That can be a distinct advantage. On the other hand, writing for a Cisco box, they have to ensure compatibility in every way shape and form with other Cisco boxes, not to mention interoperability with other vendor stuff and compatibility with the RFC's Being one of those types who is curious about a lot of things, especially about the way things work, I would certainly enjoy reading the com those who know more than I. I continue to be impressed with the passion, ingenuity, and sheer determination of the Linux crowd. Who else would actually create an RFC1149 compliant system? ;-> Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jacques Atlas Sent: Sunday, May 06, 2001 7:00 AM To: [EMAIL PROTECTED] Subject:Re: linux on a 2500 ? Was: Programming under IOS [7:3362] On Sun, 6 May 2001, Jacques Atlas wrote: ||It has already BEEN done !! :-) | |got a url for us ? http://www.mcvax.org/~koen/uClinux-cisco2500/ -- jacques FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3373&t=3362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: linux on a 2500 ? Was: Programming under IOS [7:3362]
On Sun, 6 May 2001, Jacques Atlas wrote: ||It has already BEEN done !! :-) | |got a url for us ? http://www.mcvax.org/~koen/uClinux-cisco2500/ -- jacques Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3364&t=3362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: linux on a 2500 ? Was: Programming under IOS [7:3362]
On Sun, 6 May 2001, Jason wrote: |It has already BEEN done !! :-) got a url for us ? -- jacques Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3363&t=3362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: linux on a 2500 ? Was: Programming under IOS [7:3362]
It has already BEEN done !! :-) ""Brian"" wrote in message 011d01c0bd97$a7d15880$[EMAIL PROTECTED]">news:011d01c0bd97$a7d15880$[EMAIL PROTECTED]... > netbsd is the most portable of the free nixes, thatd be the one to expect, > if one could do it. > > Brian Whalen > > - Original Message - > From: "Eric Waguespack" > To: > Sent: Friday, March 30, 2001 10:51 AM > Subject: Re: linux on a 2500 ? Was: Programming under IOS > > > > You can run Linux on a 2500? I searched the archive for more details.. > didn't find any, anyone got a link? > > > > -Eric > > > > Karen E Young wrote: > > > > > Chee Leong, > > > > > > There really isn't a need to write an external interface method (such as > sockets) when one already exists. > > > > > > Most, if not all, of what you're asking for is available via SNMP. If > you really want to write a program to obtain this info all you need to do is > write one to issue SNMP GETs for the info you want to obtain, collect the > responses, parse the data, and format it into your chosen format. > > > > > > Perl is a pretty good choice for something like this and it seems to me > that I ran across something in Visual Basic that would let you do it too. > > > > > > Hope this helps, > > > > > > Karen Young > > > > > > *** REPLY SEPARATOR *** > > > > > > On 3/30/2001 at 10:30 AM Ryan O'Connell wrote: > > > > > > >There is no porvision for running code other than the IOS itself on a > Cisco > > > >router. (Except you can run Linux on 2500s, but that's probably not > what > > > >you're after) > > > > > > > >On Fri, Mar 30, 2001 at 04:14:43PM -0800, Tan Chee Leong wrote: > > > >> Hi, > > > >> > > > >> First, my apologies if the question makes no sense at all as I am > just = > > > >> evaluating it's possibility. I am also fairly new to CISCO stuff > (only = > > > >> got my CCNA a month ago) so your advise on this will be very helpful > = > > > >> although it is off-topic. > > > >> > > > >> I am thinking of writing some small programs within the IOS platform > = > > > >> such that it can communicate with an external host, using socket = > > > >> programming if you like. I am interested in obtaining the following: > > > >> > > > >> 1.basic configuration. I know it's contained in the > startup-config = > > > >> and with snmp turned on, this information can be retrieved. However, > = > > > >> what if snmp is not turned on? Is it possible, without going to all > the = > > > >> routers to enable snmp, to still obtain this information from a host > = > > > >> using tcp? =20 > > > >> 2.route table. Particularly I am interested in studying the > dynamic = > > > >> changes of the route table over some period of time. Hence if the = > > > >> router can periodically send information to some internal host within > = > > > >> the network, a collection of route tables can be obtained. > > > >> > > > >> If in the end I have to do my own programming, it will lead on to = > > > >> several other questions:=20 > > > >> > > > >> 1.is it feasible in the first place, given that CISCO IOS is = > > > >> proprietory stuff? =20 > > > >> 2.where can I get programming info? any recommendations? > > > >> > > > >> Really appreciate if you can help me on this. > > > >> > > > >> Cheers, > > > >> Chee Leong > [EMAIL PROTECTED] > > > > > > > >-- > > > >Ryan O'Connell - - http://www.complicity.co.uk > > > > > > > >I'm not losing my mind, no I'm not changing my lines, > > > >I'm just learning new things with the passage of time Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3362&t=3362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: linux on a 2500 ? Was: Programming under IOS
Now if you could run linux on your microwave oven...I would be impressed. 'Start' Please enter root password ** ls -l total 1 -rw-r--r--- 2 root admin658 Apr 1 12:00 raw_chicken.meat ./cook.exe # done! logout - Original Message - From: <[EMAIL PROTECTED]> To: "CiscO_Groupstudy" <[EMAIL PROTECTED]>; "Matt Wehland" <[EMAIL PROTECTED]> Sent: Friday, April 06, 2001 1:43 PM Subject: Re: linux on a 2500 ? Was: Programming under IOS > There probably aren't a lot of practical reasons to do this. But > sometimes we geeks just do things because its cool. :-) > > -Kent > > On 6 Apr 2001, at 0:08, Matt Wehland wrote: > > > Well I've watched this thread for a couple of days and hoped someone > > else would find the right answer (I didn't feel like digging). I knew > > I had seen something about this on my local Linux user group list > > several months ago. Unfortunately I couldn't find it in my mail > > archives, bookmarks, general web searches or elsewhere. After asking > > my local LUG for help and then some more searching, here is the link > > to the uclinux-cisco project (uclinux is a project for running linux > > on embedded system, uclinux-cisco is a port to the cisco platform, > > 2500 series mostly) There is source (~56MG) and several percompiled > > binaries. > >http://www.mcvax.org/~koen/uClinux-cisco2500/ > > Neat idea, and I do want to play with some of the precompiles kernels, > > but I really have to ask myself, WHY? > > > > What is the problem being solved by running linux on such an expensive > > (for what you get) platform? > > > > Any ideas, the web site seemed lacking in this kind of info. > > > > Oh well, some of the most enjoyable things are done just for the hell > > of it. > > > > Matt Wehland > > [EMAIL PROTECTED] > > MCSE CCNA > > Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: linux on a 2500 ? Was: Programming under IOS
There probably aren't a lot of practical reasons to do this. But sometimes we geeks just do things because its cool. :-) -Kent On 6 Apr 2001, at 0:08, Matt Wehland wrote: > Well I've watched this thread for a couple of days and hoped someone > else would find the right answer (I didn't feel like digging). I knew > I had seen something about this on my local Linux user group list > several months ago. Unfortunately I couldn't find it in my mail > archives, bookmarks, general web searches or elsewhere. After asking > my local LUG for help and then some more searching, here is the link > to the uclinux-cisco project (uclinux is a project for running linux > on embedded system, uclinux-cisco is a port to the cisco platform, > 2500 series mostly) There is source (~56MG) and several percompiled > binaries. >http://www.mcvax.org/~koen/uClinux-cisco2500/ > Neat idea, and I do want to play with some of the precompiles kernels, > but I really have to ask myself, WHY? > > What is the problem being solved by running linux on such an expensive > (for what you get) platform? > > Any ideas, the web site seemed lacking in this kind of info. > > Oh well, some of the most enjoyable things are done just for the hell > of it. > > Matt Wehland > [EMAIL PROTECTED] > MCSE CCNA > Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: linux on a 2500 ? Was: Programming under IOS
Well I've watched this thread for a couple of days and hoped someone else would find the right answer (I didn't feel like digging). I knew I had seen something about this on my local Linux user group list several months ago. Unfortunately I couldn't find it in my mail archives, bookmarks, general web searches or elsewhere. After asking my local LUG for help and then some more searching, here is the link to the uclinux-cisco project (uclinux is a project for running linux on embedded system, uclinux-cisco is a port to the cisco platform, 2500 series mostly) There is source (~56MG) and several percompiled binaries. http://www.mcvax.org/~koen/uClinux-cisco2500/ Neat idea, and I do want to play with some of the precompiles kernels, but I really have to ask myself, WHY? What is the problem being solved by running linux on such an expensive (for what you get) platform? Any ideas, the web site seemed lacking in this kind of info. Oh well, some of the most enjoyable things are done just for the hell of it. Matt Wehland [EMAIL PROTECTED] MCSE CCNA _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: linux on a 2500 ? Was: Programming under IOS
netbsd is the most portable of the free nixes, thatd be the one to expect, if one could do it. Brian Whalen - Original Message - From: "Eric Waguespack" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 30, 2001 10:51 AM Subject: Re: linux on a 2500 ? Was: Programming under IOS > You can run Linux on a 2500? I searched the archive for more details.. didn't find any, anyone got a link? > > -Eric > > Karen E Young wrote: > > > Chee Leong, > > > > There really isn't a need to write an external interface method (such as sockets) when one already exists. > > > > Most, if not all, of what you're asking for is available via SNMP. If you really want to write a program to obtain this info all you need to do is write one to issue SNMP GETs for the info you want to obtain, collect the responses, parse the data, and format it into your chosen format. > > > > Perl is a pretty good choice for something like this and it seems to me that I ran across something in Visual Basic that would let you do it too. > > > > Hope this helps, > > > > Karen Young > > > > *** REPLY SEPARATOR *** > > > > On 3/30/2001 at 10:30 AM Ryan O'Connell wrote: > > > > >There is no porvision for running code other than the IOS itself on a Cisco > > >router. (Except you can run Linux on 2500s, but that's probably not what > > >you're after) > > > > > >On Fri, Mar 30, 2001 at 04:14:43PM -0800, Tan Chee Leong wrote: > > >> Hi, > > >> > > >> First, my apologies if the question makes no sense at all as I am just = > > >> evaluating it's possibility. I am also fairly new to CISCO stuff (only = > > >> got my CCNA a month ago) so your advise on this will be very helpful = > > >> although it is off-topic. > > >> > > >> I am thinking of writing some small programs within the IOS platform = > > >> such that it can communicate with an external host, using socket = > > >> programming if you like. I am interested in obtaining the following: > > >> > > >> 1.basic configuration. I know it's contained in the startup-config = > > >> and with snmp turned on, this information can be retrieved. However, = > > >> what if snmp is not turned on? Is it possible, without going to all the = > > >> routers to enable snmp, to still obtain this information from a host = > > >> using tcp? =20 > > >> 2.route table. Particularly I am interested in studying the dynamic = > > >> changes of the route table over some period of time. Hence if the = > > >> router can periodically send information to some internal host within = > > >> the network, a collection of route tables can be obtained. > > >> > > >> If in the end I have to do my own programming, it will lead on to = > > >> several other questions:=20 > > >> > > >> 1.is it feasible in the first place, given that CISCO IOS is = > > >> proprietory stuff? =20 > > >> 2.where can I get programming info? any recommendations? > > >> > > >> Really appreciate if you can help me on this. > > >> > > >> Cheers, > > >> Chee Leong [EMAIL PROTECTED] > > > > > >-- > > >Ryan O'Connell - <[EMAIL PROTECTED]> - http://www.complicity.co.uk > > > > > >I'm not losing my mind, no I'm not changing my lines, > > >I'm just learning new things with the passage of time _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: linux on a 2500 ? Was: Programming under IOS
I'd be curious to see such a thing. I just installed Zebra on my linux server so I can give people IOS-like access to a BGP router. telnet://r2.artoo.net:2605 with a password of 'bgp'. The interface is very close to IOS and has nearly all the BGP-related commands. I just wish it had traceroute and show ip route (of course, I think I could do it with the main Zebra daemon, but I don't feel like messing with it just now). Zebra is a free routing daemon (bgp, ospf, rip, all with ipv6 support as well): http://www.zebra.org/ -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ "Eric Waguespack" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > You can run Linux on a 2500? I searched the archive for more details.. didn't find any, anyone got a link? > > -Eric > > Karen E Young wrote: > > > Chee Leong, > > > > There really isn't a need to write an external interface method (such as sockets) when one already exists. > > > > Most, if not all, of what you're asking for is available via SNMP. If you really want to write a program to obtain this info all you need to do is write one to issue SNMP GETs for the info you want to obtain, collect the responses, parse the data, and format it into your chosen format. > > > > Perl is a pretty good choice for something like this and it seems to me that I ran across something in Visual Basic that would let you do it too. > > > > Hope this helps, > > > > Karen Young > > > > *** REPLY SEPARATOR *** > > > > On 3/30/2001 at 10:30 AM Ryan O'Connell wrote: > > > > >There is no porvision for running code other than the IOS itself on a Cisco > > >router. (Except you can run Linux on 2500s, but that's probably not what > > >you're after) > > > > > >On Fri, Mar 30, 2001 at 04:14:43PM -0800, Tan Chee Leong wrote: > > >> Hi, > > >> > > >> First, my apologies if the question makes no sense at all as I am just = > > >> evaluating it's possibility. I am also fairly new to CISCO stuff (only = > > >> got my CCNA a month ago) so your advise on this will be very helpful = > > >> although it is off-topic. > > >> > > >> I am thinking of writing some small programs within the IOS platform = > > >> such that it can communicate with an external host, using socket = > > >> programming if you like. I am interested in obtaining the following: > > >> > > >> 1.basic configuration. I know it's contained in the startup-config = > > >> and with snmp turned on, this information can be retrieved. However, = > > >> what if snmp is not turned on? Is it possible, without going to all the = > > >> routers to enable snmp, to still obtain this information from a host = > > >> using tcp? =20 > > >> 2.route table. Particularly I am interested in studying the dynamic = > > >> changes of the route table over some period of time. Hence if the = > > >> router can periodically send information to some internal host within = > > >> the network, a collection of route tables can be obtained. > > >> > > >> If in the end I have to do my own programming, it will lead on to = > > >> several other questions:=20 > > >> > > >> 1.is it feasible in the first place, given that CISCO IOS is = > > >> proprietory stuff? =20 > > >> 2.where can I get programming info? any recommendations? > > >> > > >> Really appreciate if you can help me on this. > > >> > > >> Cheers, > > >> Chee Leong [EMAIL PROTECTED] > > > > > >-- > > >Ryan O'Connell - <[EMAIL PROTECTED]> - http://www.complicity.co.uk > > > > > >I'm not losing my mind, no I'm not changing my lines, > > >I'm just learning new things with the passage of time _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: linux on a 2500 ? Was: Programming under IOS
You can run Linux on a 2500? I searched the archive for more details.. didn't find any, anyone got a link? -Eric Karen E Young wrote: > Chee Leong, > > There really isn't a need to write an external interface method (such as sockets) >when one already exists. > > Most, if not all, of what you're asking for is available via SNMP. If you really >want to write a program to obtain this info all you need to do is write one to issue >SNMP GETs for the info you want to obtain, collect the responses, parse the data, and >format it into your chosen format. > > Perl is a pretty good choice for something like this and it seems to me that I ran >across something in Visual Basic that would let you do it too. > > Hope this helps, > > Karen Young > > *** REPLY SEPARATOR *** > > On 3/30/2001 at 10:30 AM Ryan O'Connell wrote: > > >There is no porvision for running code other than the IOS itself on a Cisco > >router. (Except you can run Linux on 2500s, but that's probably not what > >you're after) > > > >On Fri, Mar 30, 2001 at 04:14:43PM -0800, Tan Chee Leong wrote: > >> Hi, > >> > >> First, my apologies if the question makes no sense at all as I am just = > >> evaluating it's possibility. I am also fairly new to CISCO stuff (only = > >> got my CCNA a month ago) so your advise on this will be very helpful = > >> although it is off-topic. > >> > >> I am thinking of writing some small programs within the IOS platform = > >> such that it can communicate with an external host, using socket = > >> programming if you like. I am interested in obtaining the following: > >> > >> 1.basic configuration. I know it's contained in the startup-config = > >> and with snmp turned on, this information can be retrieved. However, = > >> what if snmp is not turned on? Is it possible, without going to all the = > >> routers to enable snmp, to still obtain this information from a host = > >> using tcp? =20 > >> 2.route table. Particularly I am interested in studying the dynamic = > >> changes of the route table over some period of time. Hence if the = > >> router can periodically send information to some internal host within = > >> the network, a collection of route tables can be obtained. > >> > >> If in the end I have to do my own programming, it will lead on to = > >> several other questions:=20 > >> > >> 1.is it feasible in the first place, given that CISCO IOS is = > >> proprietory stuff? =20 > >> 2.where can I get programming info? any recommendations? > >> > >> Really appreciate if you can help me on this. > >> > >> Cheers, > >> Chee Leong > >> > >> > >> _ > >> FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html > >> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > >-- > >Ryan O'Connell - <[EMAIL PROTECTED]> - http://www.complicity.co.uk > > > >I'm not losing my mind, no I'm not changing my lines, > >I'm just learning new things with the passage of time > > > >_ > >FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
