Re: using hp proliant ml 330
Am Do, den 08.04.2004 schrieb Lucas Albers um 20:09: I got it work, but I was trying to make boot floppies so I could load the drivers from the install cd, so I could install direct on it. Could not find directions on this anywhere, or how to compile it statically in the kernel. As far as I can remember you couldn't compile the drive statically in the kernel - probably due to licensing issues. I should be possible to put into the '/boot' directory on a floppy and load it during the setup process (i.e. preload modules from floppy). The Controller used in the ProLiant ML330 series is an IDE-RAID and most of the logic is not done by the controller but by the driver itself. So performance will probably suck... My links refer to source to compile the drivers as a module. It's gpl released. I just took a look at the files I got from LSI (who now own AMI) and the driver is half GPL, half proprietary. Quoting megaide-shimdriver-readme.txt: LSI Logic's Shim driver has its raid intelligence as binary file megaide_lib.o and the rest of the driver is open. megaide_lib.o can be build with the open source to get driver image megaide.o. best regards, Markus -- Markus Oswald [EMAIL PROTECTED] \ Unix and Network Administration Graz, AUSTRIA \ High Availability / Cluster Mobile: +43 676 6485415\ System Consulting Fax:+43 316 428896 \ Web Development -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ..idea; ddos spam hosts off Internet?
On Fri, 9 Apr 2004 15:27:03 +1000, Russell wrote in message [EMAIL PROTECTED]: On Fri, 9 Apr 2004 09:51, Arnt Karlsen [EMAIL PROTECTED] wrote: ..another idea; DDOS'ing spam hosts _off_ the net, say by using other spam hosts as DOS relays? Spam headers contain the originating ip, and 2 such _can_ be set up to DOS each other. _Etc_. The problem is that such attacks are a crime, and you are probably easier for the authorities to catch then the spammer... ..most places, agreed. ..these spam hosts are commonly virus infected Wintendo's without the owner knowing, as such unsuspecting owners feel their box appears to work normally. ..these virus infected Wintendos should be taken off-line, anyway, and made secure. And isp's should have a policy on such abuse, and enforce it. http://www.netfilter.org/patch-o-matic/pom-base.html See the section on osf in the above URL for a better solution. Simply block Windows machines from accessing your port 25. ..if only all isp's did it... ..outside Internet, similar action is warranted in many jurisdictions, by laws governing emergencies, for example, breaking into your neighbors house to take his computer is a criminal offence, but may be warranted if his house is ablaze and you know the loss of his data will destroy his business. I doubt that any court would rule that a DDOS attack is lawful, particularly as the attack would mostly harm an innocent ISP that has a Windows luser as a customer (all ISPs have lame customers). ..argueably, yes, however in the case of the lame isp's, there's possibly an opening for such court rulings. ..Bill Gates' proposal of email-for-a-fee-to-Microsoft to solve this, is IMHO pure racism, as is Nigeria's 419 legislation, as it effectively denies all other Africans and many Asians the access to the free email that you and I enjoy. I don't want to send email to Microsoft anyway... ;) .. ;-) The Microsoft scheme is a M$ scheme, their idea is collect the M$ thru their passport service, AFAIUI. ..and, booo, you cc'ed me, spammer! ;-) -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ..idea; ddos spam hosts off Internet?
On Fri, 9 Apr 2004 21:32, Arnt Karlsen [EMAIL PROTECTED] wrote: On Fri, 9 Apr 2004 15:27:03 +1000, Russell wrote in message http://www.netfilter.org/patch-o-matic/pom-base.html See the section on osf in the above URL for a better solution. Simply block Windows machines from accessing your port 25. ..if only all isp's did it... Not all ISPs need to do it. Only your ISP and the ISPs that host mailing lists that you subscribe to. If you are interested in this then the best thing you can do is to build yourself a kernel with osf and try it out. If it works well create a Debian kernel-patch package for it so that other Debian users can conveniently use it. The more accessible you make this to Debian people the closer it comes to being installed on Debian list servers... -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ..idea; ddos spam hosts off Internet?
On Fri, 9 Apr 2004 22:53:15 +1000, Russell wrote in message [EMAIL PROTECTED]: On Fri, 9 Apr 2004 21:32, Arnt Karlsen [EMAIL PROTECTED] wrote: On Fri, 9 Apr 2004 15:27:03 +1000, Russell wrote in message http://www.netfilter.org/patch-o-matic/pom-base.html See the section on osf in the above URL for a better solution. Simply block Windows machines from accessing your port 25. ..if only all isp's did it... Not all ISPs need to do it. Only your ISP and the ISPs that host mailing lists that you subscribe to. ..true. And, it does nothing to stop Bill Gates' email-fee scheme. If you are interested in this then the best thing you can do is to build yourself a kernel with osf and try it out. If it works well create a Debian kernel-patch package for it so that other Debian users can conveniently use it. The more accessible you make this to Debian people the closer it comes to being installed on Debian list servers... ..I agree, but don't hold your breath, I'm still a fresh Red Hat convertee, and I first have to get apt-get or yum up and going on my client's boxes, ie; those RH-7.3 and RH-9'ers that I need to keep up 24/7, everything else is and becomes Woody and Sarge as soon as they blink. ;-) I'll honk the horn when my osf deb needs testing. -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Little BIG problem with Backbone
Hello, because I am in paning of a CyberCenter Network in Marocco the idea is exploding !!! Exactly, I need very much Backbone-Power which can not provided from the Maroc Telecom They offer me only E3 with 34 MBit !!! And 34 MBit for 450.000 DH/month (41.000 Euro/month) Only my Proxim Tsunami MP.11a (12 Access Points) support 216 MBit or effectiv 160 MBit and this only in one city !!! Now there are some enterprises in Marocco which had ask me, why not installing a second Internet-Network !!! Oh yes, ist is no problem !!! We need only a dual GigaBit Fiberoptic Sea-Cable from Espain to Marocco ! What a joke ! OK, crazy, but I have contacted CISCO for some routers ;-) and some other Manufacturs for Radio-Bridges (34 - 155 MBit and 1 GBit) Now my Question: Creating a Local GBit-Network in Marocco is generaly no Problem, it is not a big difference between it and my local network, exept I need a little bit more cable. BUT how does it work with the Connection to the Internet, exactly to the other Backbones ? Any Informations are Welcome... Greetings and nice Easter. Michelle -- Registered Linux-User #280138 with the Linux Counter, http://counter.li.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Little BIG problem with Backbone
Michelle Konzack wrote: Hello, because I am in paning of a CyberCenter Network in Marocco the idea is exploding !!! Exactly, I need very much Backbone-Power which can not provided from the Maroc Telecom Aren't there other providers? I remember many routes to Morocco using Seabone. You can find a contact at http://www.tisparkle.it/contacts.htm And I know also Sprint has a PoP available in Morocco. There should be more. What about France Telecom, Telenor and Telefonica? Of course you should plan your CyberCenter close to an important crossroads of telecom infrastructure since Maroc Telecom will probably charge a lot for leased lines with such high bandwidth while you actually need dark fiber. kind regards, Richard Zuidhof -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Little BIG problem with Backbone
Am Freitag 09 April 2004 16:03 schrieb Michelle Konzack: Hello, Hi :) [...] Now my Question: Creating a Local GBit-Network in Marocco is generaly no Problem, it is not a big difference between it and my local network, exept I need a little bit more cable. in theory this is correct, but you should think about good manageable switches, so that you can build vlans. Without vlans your security in your network is not so good, because every computer can arpspoof and so sniff in the traffic of the other ips/nets you have conntected to the switch. Even Man-in-the-middle attacks are possible, if you don't think about vlans. You can also bind only fixed MAC Addresses to the switch ports, so that nobody can spoof another MAC/ARP of others, but I would prefer vlans :) BUT how does it work with the Connection to the Internet, exactly to the other Backbones ? okay... in short: You need to contact the ripe and ask them for an AS Number and for an IP-Network for you. If you got you own AS Number, you can configure your cisco router (or every other router which is able to use BGP (routing-protocol)) to annouce this AS to the next AS (which normaly is the AS of your uplink (Maroc Telecom for example). The AS of your uplink will annouce your AS to his next AS and so on, until every AS in the world nows how to reach your AS. And you can announce over this AS Path your IPs (you got from the RIPE). After you made this, you should be reachable from all over the world... Any Informations are Welcome... I can only give you a short overview over the things you need... (bgp router, AS-Number, IP-Network). But you should inform yourself on other internet sites... just search for: bgp which stands for border gateway protocol or AS. Even the ripe site should be quite informative. In short: BGP is the protocol that makes the internet work, because all provider use this protocoll for their dynamic routing. With bgp you can also use multiple uplinks, even with the same network. So that you can send and recieve pakets for you network over two uplinks for example. This can be used for redundancy and for combining multiple uplinks (if you need a lot of bandwidth) Greetings and nice Easter. Michelle Hope I could help you a bit. -- Ralph -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Little BIG problem with Backbone
On Fri, 9 Apr 2004 16:03:06 +0200, Michelle wrote in message [EMAIL PROTECTED]: Hello, because I am in paning of a CyberCenter Network in Marocco the idea is exploding !!! Exactly, I need very much Backbone-Power which can not provided from the Maroc Telecom They offer me only E3 with 34 MBit !!! And 34 MBit for 450.000 DH/month (41.000 Euro/month) ..dude. For that kinda money, I could hang you a few relay drones over the Mediterranean. Only my Proxim Tsunami MP.11a (12 Access Points) support 216 MBit or effectiv 160 MBit and this only in one city !!! ..huh? These AP's are 54 Mbit, no? I can buy 12 of these side by side doing your 160 to 216MBit range, this fits the 30-50% bw performance I see everywhere else. Now there are some enterprises in Marocco which had ask me, why not installing a second Internet-Network !!! Oh yes, ist is no problem !!! We need only a dual GigaBit Fiberoptic Sea-Cable from Espain to Marocco ! What a joke ! ..you sound like I can charge you more, for fancier drones? ;-) Fuel cells, hydrogen power, Warbird re-enactment game servers, steam video stream servers? Realism suggests glider type looks, solar cells and batteries and electric loiter cruise power, and a fossil fired launch-n-climb vehicle to lift the relay drone to altitude. For heavier bridge gear, diesel power, and air-to-air refuelling once a day or twice a week up there? OK, crazy, but I have contacted CISCO for some routers ;-) and some other Manufacturs for Radio-Bridges (34 - 155 MBit and 1 GBit) ..sizes, weights, and power etc requirements? Now my Question: Creating a Local GBit-Network in Marocco is generaly no Problem, it is not a big difference between it and my local network, exept I need a little bit more cable. BUT how does it work with the Connection to the Internet, exactly to the other Backbones ? Any Informations are Welcome... ..well, if you reel out a fiber spool or buy my relay drones, I guess you'll still need at least one gateway isp, a full set of new isp servers, staff, and ofcourse at least one ip range, to set up your new Maroccan isp. ..fiber you know, relay drones loiter at altitude with line of sight to both ends, carrying bridges, so both ground startions point link antennas to that spot half way across the sea, say at 6ft, to stay out of the way of airliners etc. Can even use wifi gear. ..and over cities, access point server drones, with bandwidth throttling, loitering at anywhere from 1000 to 2ft? (Or 6ft, to stay clear of the airliner etc traffic.) -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Little BIG problem with Backbone
Am 2004-04-09 17:32:57, schrieb Richard Zuidhof: Michelle Konzack wrote: Hello, because I am in paning of a CyberCenter Network in Marocco the idea is exploding !!! Exactly, I need very much Backbone-Power which can not provided from the Maroc Telecom Aren't there other providers? I remember many routes to Morocco using Unfortunately NO. If you like to be ISP you need a Licence from the ANRT (Authorité Nationale de Reglementation des Telecommunications) I have ask them and there is no other Backbone-Provider as the Maroc Telecom. OK, there are SkyDirect.net (Satelit) but for one 50 MBit channel I can install many GigaBit cables... Seabone. You can find a contact at http://www.tisparkle.it/contacts.htm OK, visited but this where I am hanging (I have a CISCO router which supports 4 x OC-3): /home1/michelle/tmp/temp ___ / | BGP-4 Routing | Our network, which has autonomous system number AS6762, | supports BGP-4, in addition to static routing. | BGP-4 (Border Gateway Protocol version 4) provides loop-free | interdomain routing between Autonomous Systems; it allows | customers to be connected with multiple links to several | Internet Transit Providers (i.e. to be multi-homed). | The connection running BGP-4 must be carefully studied and | needs to meet the following prerequisites: | | * customer preferably has its own IP addresses space; | * customer is responsible for maintaining his routing; | * customer needs to have his routing policy filed at RIPE. \_ Many things to learn... And the the Office in Rabat/marocco: mailto:[EMAIL PROTECTED] IAM (Itisalat Al'Maghrib) is the Maroc Telecom and SeaBone has no own POP in Marocco. It is the Maroc Telecom. So this solution ist a little bit too expensive. And I know also Sprint has a PoP available in Morocco. There should be more. What about France Telecom, Telenor and Telefonica? NO, all Provider are using the Network of the Maroc Telecom and because there is no second Provider they can make the Price how they want. It is not good for Clients. See prices of ADSL: http://abonne.menara.ma/adsl.asp 1609 Dirham are 145 Euro !!! I pay in Strasbourg 14,90 Euro with unlimited Traffic. Of course you should plan your CyberCenter close to an important crossroads of telecom infrastructure since Maroc Telecom will probably charge a lot for leased lines with such high bandwidth while you actually need dark fiber. I know, I have all prices here. Even if I have my own Backbone to my NetworkCenter and need for example some E1, E2 or E3 to my CyberCenters and InternetCafes, LL'a are too expensive. Speed: E1 (1920kBit) E2 (8,4MBit)E3 (34MBit) Installation 4000 ¤ 13300 ¤ 17500 ¤ Local3000 ¤ 5600 ¤ 9700 ¤ = 35 km 3200 ¤ 6000 ¤ 11400 ¤ 35 - 100 km 3500 ¤ 7300 ¤ 16800 ¤ 100 - 200 km 4000 ¤ 9200 ¤ 24900 ¤ 200 km 5200 ¤ 14000 ¤ 45100 ¤ So Leasd Lines are too expensive ! A friend of me in South-Afrika use 34 MBit RadioBridges (max 30-40km) and use Lucent ORINOCO Outdoor Routers for the Last-Mile Access... Works quiet well. - No cable required. He told me, that the Cable was much more expensive as the 34 MBit RadioBridge and the Outdoor Router. kind regards, Richard Zuidhof Greetings Michelle -- Registered Linux-User #280138 with the Linux Counter, http://counter.li.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Little BIG problem with Backbone
Am 2004-04-09 17:49:42, schrieb Ralph Paßgang: Am Freitag 09 April 2004 16:03 schrieb Michelle Konzack: Hello, Hi :) Hello, in theory this is correct, but you should think about good manageable switches, so that you can build vlans. Without vlans your security in your network is not so good, because every computer can arpspoof and so sniff in the traffic of the other ips/nets you have conntected to the switch. Even Man-in-the-middle attacks are possible, if you don't think about vlans. You can also bind only fixed MAC Addresses to the switch ports, so that nobody can spoof another MAC/ARP of others, but I would prefer vlans :) This is what the CISCO-Support told me too. I have downloaded tons of PDF's... But I think, I need an Army to reed it all ! BUT how does it work with the Connection to the Internet, exactly to the other Backbones ? okay... in short: You need to contact the ripe and ask them for an AS Number and for an IP-Network for you. If you got you own AS Number, you can configure your cisco router (or every other router which is able to use BGP (routing-protocol)) to annouce this AS to the next AS (which normaly is the AS of your uplink (Maroc Telecom for example). The AS of your uplink will annouce your AS to his next AS and so on, until every AS in the world nows how to reach your AS. Ah OK, this was not clear enough. (I was on the Website of RIPE but does not understood all well) And you can announce over this AS Path your IPs (you got from the RIPE). After you made this, you should be reachable from all over the world... In theory ;-) easier as I was thinking... Any Informations are Welcome... I can only give you a short overview over the things you need... (bgp router, AS-Number, IP-Network). But you should inform yourself on other internet Yes I know... I had only a small CyberCenter-Network Project with some WaveLAN AccessPoints but now the Idea is exploding and now it overrun me... My brain is smoking (my ADSL-Rooter and mozilla too) because I am working curently 15-18 hours a day sites... just search for: bgp which stands for border gateway protocol or AS. Even the ripe site should be quite informative. OK, I know. Have gotten a used CISCO which support four OC-3 with BGP-4. In short: BGP is the protocol that makes the internet work, because all provider use this protocoll for their dynamic routing. With bgp you can also use multiple uplinks, even with the same network. So that you can send and recieve pakets for you network over two uplinks for example. This can be used for redundancy and for combining multiple uplinks (if you need a lot of bandwidth) 2 x 1 GBit ;-) Nice Price for router which do the Job redunant... :-/ Greetings and nice Easter. Michelle Hope I could help you a bit. Yes thanks, Now I know a little Bit more and can search more spcific. -- Ralph Greetings Michelle -- Registered Linux-User #280138 with the Linux Counter, http://counter.li.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Little BIG problem with Backbone
Hello Arnt, Am 2004-04-09 18:23:03, schrieb Arnt Karlsen: On Fri, 9 Apr 2004 16:03:06 +0200, Michelle wrote in message [EMAIL PROTECTED]: They offer me only E3 with 34 MBit !!! And 34 MBit for 450.000 DH/month (41.000 Euro/month) ..dude. For that kinda money, I could hang you a few relay drones over the Mediterranean. In germany I have payed for a Redunant E3 at UUnet around 10.000 Euro/month and then the traffic :-/ around 25.000 Euro/month. Oh yes, In Germany You get the Acces realy cheap, but you pay for the traffic ! Only my Proxim Tsunami MP.11a (12 Access Points) support 216 MBit or effectiv 160 MBit and this only in one city !!! ..huh? These AP's are 54 Mbit, no? I can buy 12 of these Yes, but you can only use 4 Channels paralel of the 19. side by side doing your 160 to 216MBit range, this fits the 30-50% bw performance I see everywhere else. The 54 MBit are only Theory ! Practical you can get around 40 MBit for each channel. So if I install for example 4 Channels in Casablance I have around 40% of all resources there ! But, if I calculate with 5-6 E3-Links and 42.000 Euro per Link, I will necer earn money with it ! Now there are some enterprises in Marocco which had ask me, why not installing a second Internet-Network !!! Oh yes, ist is no problem !!! We need only a dual GigaBit Fiberoptic Sea-Cable from Espain to Marocco ! What a joke ! ..you sound like I can charge you more, for fancier drones? ;-) ;-) I have friend in Marocco for more then 23 years, and I have done there very much, NOW the are thinkin, I can do ALL !!! Generaly right, but I need enough time for learning Curently I am preparing only a study about this project and its possibility. I think realy it can be done... Fuel cells, hydrogen power, Warbird re-enactment game servers, steam video stream servers? Realism suggests glider type looks, ^^ This will kill my WaveLAN ;-) solar cells and batteries and electric loiter cruise power, and ^^^ Regenerativ Energies are sibsidized (I was thinking to install the WaveLAN Relays with SolarPower) OK, crazy, but I have contacted CISCO for some routers ;-) and some other Manufacturs for Radio-Bridges (34 - 155 MBit and 1 GBit) ..sizes, weights, and power etc requirements? It depends, because 1) If I have only a NetworkCenter (4 x OC-3) for my CyberCenter project, I need only RadioBridges which supports E1, E2 and E3 and OC-3 2) If I support paralel to 1) commercial Users (End and ISP), I need a bigger Backbone like 2 x 1 GBit which mean, I need GBit RadioBridges maybe up to 1,8 GBit too. http://www.wirelesguys.com/ The price is realy heavy (around 27.000 US$ each ) and they support not more the 20km and you need many Briges... What I need is a study about installing wired ! Dont know the price for the special cable, the Repeaters, ... ..well, if you reel out a fiber spool or buy my relay drones, I guess you'll still need at least one gateway isp, a full set of new isp servers, staff, and ofcourse at least one ip range, to set up your new Maroccan isp. I was thinking about minimum two independant and 100% redunant ISP's. OK, I have already 26 Server prepared, but it is only for the CyberCenter and can support up to 100.000 customers . Bigger Backbone need bigger Servers... So 100 MBit FullDuplex will not enough. ..fiber you know, relay drones loiter at altitude with line of sight to You mean via Satelit ? I have read an Documentation that one Satelit Link can support up to 50 MBit. Is this right ? But there are already concurence: http://www.directsky.net/ both ends, carrying bridges, so both ground startions point link antennas to that spot half way across the sea, say at 6ft, to stay out of the way of airliners etc. Can even use wifi gear. OK, this is logicaly ..and over cities, access point server drones, with bandwidth throttling, loitering at anywhere from 1000 to 2ft? (Or 6ft, to stay clear of the airliner etc traffic.) I can use the Proxim Tsunami MP.11a which sopports with the Outdoor Router Software upgrade Traffic Shaping from 64 kBit to some MBit (do not know exactly) Greetings Michelle -- Registered Linux-User #280138 with the Linux Counter, http://counter.li.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Little BIG problem with Backbone
Hello! Before all this begins to get silly: You are playing with amount of money which I would not concern as pennyware. As from you mails before, it's clearly to recognize that you haven an idea, but no concept nor the skills you need. You will need probably consultants who help you to find a concept that works - in financial and technical concerns. Some technical questions: _ How will you do the accounting for wireless connections? Security? To shoot from the hip I would recommend Maxina (www.maxina.de) _ Did You know that Satellite Communictions has huge latencey ( 2 * 36000Km distance ... I guess you won't be able to get a ping below 500ms) _ Scalabilty? How many users can an accesspoint (Tsunami et al.) take? It's probably not an bandwidth concern ... _ Did you know that 100% ISPs are generally nothing else than 99,x% ISPs when it comes to reality? The only advantage is, that you give you some pence if they violate their SLA. _ Did you know that 54Mbit 802.11a doesn't really give you 54 Mbit in realiy? (huge overhead, all German readers: C'T benchmarked it) _ For reliable wireless LAN you need line of sight or very close distance _ 34Mbit and 155Mbit radio LAN Connection Equipment is far better than 802.x but very expensive and maybe shitty to when it comes to noise concerns. LaserLinks are more reliable but don't work in foggy environments. What you try to build up is an ISP + Carrier + Datacenter. Whooo much stuff. There specialists out that only do one of there three things and all have much to do with olny one area But that does not mean that you project is impossible, but what you need to know can't be learned in 8 weeks IMHO you will need Moroc Telecom in one way or the other. At all for your connecivity. It's pretty similar in all countries. Rgds, Andreas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
which scsi raid adapter?
hi, I used to use Mylex acceleraid cards (DAC960) which are in bf24 and in the standard 2.4.* kernels. Now they are phased out by the new owners of Mylex, LSI. so, what's a good scsi raid card that is in any of the woody kernel install flavours and supported in standard (debian) kernels? tinus. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
OSF for an ISP (was Re: ..idea; ddos spam hosts off Internet?)
To kind of get back to the ISP world a little bit, has anyone used this in the way that's being recommended? (Using the OS Fingerprint Netfilter patch to block Windows machines sending to port 25). We're currently getting slammed by Windows viruses and have thought about doing exactly that, but it seemed to us that there are enough people using Exchange or Sendmail.com's windows sendmail (let alone ftgate, etc, etc.) that doing this would block legitimate mail almost instantly. We've just been blocking hosts manually after the first virus. I'm thinking about writing a little script to: 1. Get the offending IP address from amavis's logfile 2. Check against a whitelist (like our own backup mx's) 3. Do something like tcpping to the IP to see if it is a valid mx host 4. If it doesn't pass checks 2 or 3, block the IP in netfilter for 72 hours Other than the 72 hour checks it's pretty straightforward and seems (at least to me) very unlikely to stop legitimate mail, while cutting those guys who send 40-50 viruses a day down to 1 every three. Does anyone see any problems with the above? The major issue is bandwidth, some of our customers host their mail servers on 32K links with 200+ users. Sorry, it's not really about the spam issue discussed before, but it's strange the synchronicity (os fingerprinting anyway) between my work and this list sometimes. Pulu Afe.to ANTS POB 1478 Nuku'alofa, Tonga Ph: Country code 676 - 27946 or 878-1332 http://www.afe.to http://svcs.affero.net/rm.php?r=pulu Quoting Russell Coker [EMAIL PROTECTED]: On Fri, 9 Apr 2004 21:32, Arnt Karlsen [EMAIL PROTECTED] wrote: On Fri, 9 Apr 2004 15:27:03 +1000, Russell wrote in message http://www.netfilter.org/patch-o-matic/pom-base.html See the section on osf in the above URL for a better solution. Simply block Windows machines from accessing your port 25. ..if only all isp's did it... Not all ISPs need to do it. Only your ISP and the ISPs that host mailing lists that you subscribe to. If you are interested in this then the best thing you can do is to build yourself a kernel with osf and try it out. If it works well create a Debian kernel-patch package for it so that other Debian users can conveniently use it. The more accessible you make this to Debian people the closer it comes to being installed on Debian list servers... -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - This mail sent from Tonga's Premiere Internet Cafe Visit us online at http://www.cafe.afe.to discussions @ http://www.nomoa.com/index.php generic info @ http://www.tongatapu.net.to -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: which scsi raid adapter?
On Sa, Apr 10, 2004 at 12:43:55 +0200, Tinus Nijmeijers [EMAIL PROTECTED] wrote: hi, I used to use Mylex acceleraid cards (DAC960) which are in bf24 and in the standard 2.4.* kernels. Now they are phased out by the new owners of Mylex, LSI. Mylex sucks. so, what's a good scsi raid card that is in any of the woody kernel install flavours and supported in standard (debian) kernels? ICP Vortex: http://www.vortex.de/ Unfortunately, the GDT driver is not part of the woody distributiuon kernel. I recently replaced all Mylex 960 Adapters by GTD controllers. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OSF for an ISP (was Re: ..idea; ddos spam hosts off Internet?)
If I remember right (and someone correct me if I'm wrong) a mail server doesn't have to have an MX record. If no MX record exists then the sending server drops back to normal host records and this is perfectly legitimate. So the MX record checking may not work so well Pulu 'Anau wrote: To kind of get back to the ISP world a little bit, has anyone used this in the way that's being recommended? (Using the OS Fingerprint Netfilter patch to block Windows machines sending to port 25). We're currently getting slammed by Windows viruses and have thought about doing exactly that, but it seemed to us that there are enough people using Exchange or Sendmail.com's windows sendmail (let alone ftgate, etc, etc.) that doing this would block legitimate mail almost instantly. We've just been blocking hosts manually after the first virus. I'm thinking about writing a little script to: 1. Get the offending IP address from amavis's logfile 2. Check against a whitelist (like our own backup mx's) 3. Do something like tcpping to the IP to see if it is a valid mx host 4. If it doesn't pass checks 2 or 3, block the IP in netfilter for 72 hours Other than the 72 hour checks it's pretty straightforward and seems (at least to me) very unlikely to stop legitimate mail, while cutting those guys who send 40-50 viruses a day down to 1 every three. Does anyone see any problems with the above? The major issue is bandwidth, some of our customers host their mail servers on 32K links with 200+ users. Sorry, it's not really about the spam issue discussed before, but it's strange the synchronicity (os fingerprinting anyway) between my work and this list sometimes. Pulu Afe.to ANTS POB 1478 Nuku'alofa, Tonga Ph: Country code 676 - 27946 or 878-1332 http://www.afe.to http://svcs.affero.net/rm.php?r=pulu Quoting Russell Coker [EMAIL PROTECTED]: On Fri, 9 Apr 2004 21:32, Arnt Karlsen [EMAIL PROTECTED] wrote: On Fri, 9 Apr 2004 15:27:03 +1000, Russell wrote in message http://www.netfilter.org/patch-o-matic/pom-base.html See the section on osf in the above URL for a better solution. Simply block Windows machines from accessing your port 25. ..if only all isp's did it... Not all ISPs need to do it. Only your ISP and the ISPs that host mailing lists that you subscribe to. If you are interested in this then the best thing you can do is to build yourself a kernel with osf and try it out. If it works well create a Debian kernel-patch package for it so that other Debian users can conveniently use it. The more accessible you make this to Debian people the closer it comes to being installed on Debian list servers... -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - This mail sent from Tonga's Premiere Internet Cafe Visit us online at http://www.cafe.afe.to discussions @ http://www.nomoa.com/index.php generic info @ http://www.tongatapu.net.to -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OSF for an ISP (was Re: ..idea; ddos spam hosts off Internet?)
Hi! Dave Watkins wrote: If I remember right (and someone correct me if I'm wrong) a mail server doesn't have to have an MX record. If no MX record exists then the sending server drops back to normal host records and this is perfectly legitimate. So the MX record checking may not work so well Dave, your theory is right, you don't have to have an MX record in your DNS zone in order to receive mail, but Pulu wants to tcpping, so his idea is to check if there is an open port 25, i.e. check if the sending server is an mailserver. This would not be the case with infected outlooks ;) but also not for hosts behind NAT FW. @Pulu: Is that your idea? The problem is more that a sending host has not neccessarily to be an receiver. (remindes me on goatse.cx ;-)) nor that is has to be smtp (submission et al?) In Germany several large scale ISPs began to block all mail comming directly from an dialup ip, so I think it would be an accepted way to try what Pulu wants to do. Rgds, j. -- Andreas John net-lab GmbH Luisenstrasse 30b 63067 Offenbach Tel: +49 69 85700331 http://www.net-lab.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: which scsi raid adapter?
On Sat, 2004-04-10 at 00:51, Franz Georg Köhler wrote: On Sa, Apr 10, 2004 at 12:43:55 +0200, Tinus Nijmeijers [EMAIL PROTECTED] wrote: hi, I used to use Mylex acceleraid cards (DAC960) which are in bf24 and in the standard 2.4.* kernels. Now they are phased out by the new owners of Mylex, LSI. Mylex sucks. huh? why? so, what's a good scsi raid card that is in any of the woody kernel install flavours and supported in standard (debian) kernels? ICP Vortex: http://www.vortex.de/ Unfortunately, the GDT driver is not part of the woody distributiuon kernel. how do you install a fresh machine with an ICP (not HOW but YOU :-) create boot-flops on an already installed machine? I recently replaced all Mylex 960 Adapters by GTD controllers. what happened to to Mylexen? dying in droves? (I've never seen a problem with them) thanks, tinus -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: which scsi raid adapter?
On Sat, 2004-04-10 at 00:51, Franz Georg Köhler wrote: On Sa, Apr 10, 2004 at 12:43:55 +0200, Tinus Nijmeijers [EMAIL PROTECTED] wrote: hi, I used to use Mylex acceleraid cards (DAC960) which are in bf24 and in the standard 2.4.* kernels. Now they are phased out by the new owners of Mylex, LSI. Mylex sucks. huh? why? so, what's a good scsi raid card that is in any of the woody kernel install flavours and supported in standard (debian) kernels? ICP Vortex: http://www.vortex.de/ Unfortunately, the GDT driver is not part of the woody distributiuon kernel. how do you install a fresh machine with an ICP (not HOW but YOU :-) create boot-flops on an already installed machine? I recently replaced all Mylex 960 Adapters by GTD controllers. what happened to to Mylexen? dying in droves? (I've never seen a problem with them) thanks, tinus -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: which scsi raid adapter?
On Sa, Apr 10, 2004 at 01:54:59 +0200, Tinus Nijmeijers [EMAIL PROTECTED] wrote: On Sat, 2004-04-10 at 00:51, Franz Georg Khler wrote: On Sa, Apr 10, 2004 at 12:43:55 +0200, Tinus Nijmeijers [EMAIL PROTECTED] wrote: I used to use Mylex acceleraid cards (DAC960) which are in bf24 and in the standard 2.4.* kernels. Now they are phased out by the new owners of Mylex, LSI. Mylex sucks. huh? why? Firstly, performance sucks. My 960 had 128 Mbyte of RAM and still couldn't compete with GTD or IFT RAID. Secondly, the LINUX driver is kind of special. While GDT controllers are recognised as scsi adapters, the Mylex driver has it's own device naming scheme (this is, why it doesn't appear in the SCSI submenu: it is not a scsi driver). ICP offers a utility named icpcon, which is avaiable for linux and enables full access to the GTD features/firmware (add/remove physical/logical drives, etc while the os is running). The MyLex driver offers a incomplete interface via the proc system, if I remember this correctly. Finally, for the benefit of Mylex, I have to say that mylex supported the linux developer(s?) by donating/borrowing hardware. so, what's a good scsi raid card that is in any of the woody kernel install flavours and supported in standard (debian) kernels? ICP Vortex: http://www.vortex.de/ Unfortunately, the GDT driver is not part of the woody distributiuon kernel. how do you install a fresh machine with an ICP (not HOW but YOU :-) create boot-flops on an already installed machine? The current sarge installer has full support for GTD adapters. Beside that, you could recompile the debian kernel an copy it onto disk/CD or preload GDT modules from floppy during installation. I recently replaced all Mylex 960 Adapters by GTD controllers. what happened to to Mylexen? dying in droves? (I've never seen a problem with them) My Mylex Controller currupted the entire RAID as it was actually supposed to rebuild it...(RAID-5 with SPARE, 9 discs). The disc outage itself was handled fine, though (and this is finally the reason why I replaced the hardware. I didn't care that much about performance but stability). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Little BIG problem with Backbone
Am 2004-04-09 23:20:47, schrieb Andreas John: Hello! Before all this begins to get silly: You are playing with amount of money which I would not concern as pennyware. As from you mails before, it's clearly to recognize that you I had a talk with the Ministry of Communicatin in Rabat and he ask me about the costs. I have answerd some hundred million Dirham. A littlebit silence and than he ask me How many hundred million ? OK, between 8 and 12. He was meaning, thats a real chiffre. haven an idea, but no concept nor the skills you need. You will need probably consultants who help you to find a concept that works - in financial and technical concerns. Right, and as I have written, I do only the study for this project. Then I will present this Project som people from the Maroc Gov. and some Finanicial/Technical Specialists to get a summary... Some technical questions: _ How will you do the accounting for wireless connections? Security? To shoot from the hip I would recommend Maxina (www.maxina.de) Oll Users have a fixed IP-Address and security is VPN/pptp (Included since Win98) and downlodable for Win95. Maxina I do not know and I will check it out. _ Did You know that Satellite Communictions has huge latencey ( 2 * 36000Km distance ... I guess you won't be able to get a ping below 500ms) Yes I know. Not funny for gamers... _ Scalabilty? How many users can an accesspoint (Tsunami et al.) take? It's probably not an bandwidth concern ... I offer only 64, 128 and 256 kBit. because my Experience with the Lucent ORINOCO maybe 2500 Clients with 64 kBit on one 54 MBit Channel. _ Did you know that 100% ISPs are generally nothing else than 99,x% ISPs when it comes to reality? The only advantage is, that you give you some pence if they violate their SLA. YES. _ Did you know that 54Mbit 802.11a doesn't really give you 54 Mbit in realiy? (huge overhead, all German readers: C'T benchmarked it) But they have only Benchmarked the SOHO-Systems not HighEnd. You can not compare a Lucent ORINOCO or a Proxim Tsunami with Netgear, Dlink or Linksys. For example:The cheap 11 MBit WaveLAN cards like Linksys or Dlink hav only 10-15 mWatt. The Lucent ORINOCO SilverCard 35 mWatt (required for the AccessPoints) and the GoldCard 50 mWatt. Between two Netgear Cards you can have not more then 100 Meters with 3-4 MBytes/Sec and than you have a fallback to 5,5 MBit Between two Lucent ORINOCO GoldCards you can have more then 600 Meters with 7 MBytes/Sec. For the cheap Cards you pay 22-40 Euro but for the Lucent ORINOCO GoldCard 109 Euro _ For reliable wireless LAN you need line of sight or very close distance The Lucent ORINOCO is tested in Kehl/Allemagne with up to 1300 Meters between the COR (OmniWave 10dBi) and ROR (YAGI 14 dBi) and between ROR (OmniWave) and Client without External Antenna up to 500 Meters. The Proxim Tsunami MP.11a is Tested in Strasbourg (Center) and do the job between the COR (SectorAntenne 120° 12dBi) and ROR (YAGI 16dBi) in a distance of up to 8000 Meters (I was not able to get bigger distances). Between ROR (OmniWave 10 dBi) and the Clients I have gotten more then 1000 Meters with 256 kBit and it does not make a fallback to 48 MBit. _ 34Mbit and 155Mbit radio LAN Connection Equipment is far better than 802.x but very expensive and maybe shitty to when it comes to noise concerns. LaserLinks are more reliable but don't work in foggy environments. 8.000 km of FiberOptic cable ? I do not like to dream about the price... But RadioBridges with 34 MBit do maximum 30 km and with 155 MBit around 20 km. So I need many of them. One of the Enterprises that I have contacted was http://www.itm-group.com/ and the Suggestion: 34 MBit Systems:Sagem, Witcom, Ericsson 155 MBit Systems: Ceragon, Ericsson Also he told me, that I need between 7 and 10 RadioBridges for a distance of 300 km because the turn of the Earth. What you try to build up is an ISP + Carrier + Datacenter. Whooo much stuff. There specialists out that only do one of there three things and all have much to do with olny one area ;-) My OWN Project was the Creation of a CyberCenter which contains: 1) InternetCafeBased on Debian GNU/Linux 2) Education Center for women Informatic/Linux/Office 3) WaveLAN-ISP Only Localy. For this it is enough, if I have two E3 (34MBit), a 3Com NETBuilder II (8-Slot), one Proxim Tsunami MP.11a and the possibility of Serverhosting. Because Internet is realy expensive in Maroc and my Enterprise is non-lucrativ I like to drop down the price under the ADSL. But NOW:450.000 DH (41.000 Euro) for ONE E3. Two times more expensive as in France and fife time more
Re: ..idea; ddos spam hosts off Internet?, was: ...please
On Fri, 9 Apr 2004 09:51, Arnt Karlsen [EMAIL PROTECTED] wrote: ..another idea; DDOS'ing spam hosts _off_ the net, say by using other spam hosts as DOS relays? Spam headers contain the originating ip, and 2 such _can_ be set up to DOS each other. _Etc_. The problem is that such attacks are a crime, and you are probably easier for the authorities to catch then the spammer... ..these spam hosts are commonly virus infected Wintendo's without the owner knowing, as such unsuspecting owners feel their box appears to work normally. ..these virus infected Wintendos should be taken off-line, anyway, and made secure. And isp's should have a policy on such abuse, and enforce it. http://www.netfilter.org/patch-o-matic/pom-base.html See the section on osf in the above URL for a better solution. Simply block Windows machines from accessing your port 25. ..outside Internet, similar action is warranted in many jurisdictions, by laws governing emergencies, for example, breaking into your neighbors house to take his computer is a criminal offence, but may be warranted if his house is ablaze and you know the loss of his data will destroy his business. I doubt that any court would rule that a DDOS attack is lawful, particularly as the attack would mostly harm an innocent ISP that has a Windows luser as a customer (all ISPs have lame customers). ..Bill Gates' proposal of email-for-a-fee-to-Microsoft to solve this, is IMHO pure racism, as is Nigeria's 419 legislation, as it effectively denies all other Africans and many Asians the access to the free email that you and I enjoy. I don't want to send email to Microsoft anyway... ;) -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
! 19 - : . : 1.(). , ;, , , ; . . 2. . . . 3. . , , . 4.. . 5. . : , ; , ; ,; ( ; ,; , );. 6. , 2004 . 7. , . 8. , . 3900 , .. .( ). : , -, . -(. ). - 10 - 17.30 - 18.00. . 14 5%. - . . 2600 . (095) 207-26-21 (095) 789-81-90. �
Re: using hp proliant ml 330
Am Do, den 08.04.2004 schrieb Lucas Albers um 20:09: I got it work, but I was trying to make boot floppies so I could load the drivers from the install cd, so I could install direct on it. Could not find directions on this anywhere, or how to compile it statically in the kernel. As far as I can remember you couldn't compile the drive statically in the kernel - probably due to licensing issues. I should be possible to put into the '/boot' directory on a floppy and load it during the setup process (i.e. preload modules from floppy). The Controller used in the ProLiant ML330 series is an IDE-RAID and most of the logic is not done by the controller but by the driver itself. So performance will probably suck... My links refer to source to compile the drivers as a module. It's gpl released. I just took a look at the files I got from LSI (who now own AMI) and the driver is half GPL, half proprietary. Quoting megaide-shimdriver-readme.txt: LSI Logic's Shim driver has its raid intelligence as binary file megaide_lib.o and the rest of the driver is open. megaide_lib.o can be build with the open source to get driver image megaide.o. best regards, Markus -- Markus Oswald [EMAIL PROTECTED] \ Unix and Network Administration Graz, AUSTRIA \ High Availability / Cluster Mobile: +43 676 6485415\ System Consulting Fax:+43 316 428896 \ Web Development
Re: ..idea; ddos spam hosts off Internet?
On Fri, 9 Apr 2004 15:27:03 +1000, Russell wrote in message [EMAIL PROTECTED]: On Fri, 9 Apr 2004 09:51, Arnt Karlsen [EMAIL PROTECTED] wrote: ..another idea; DDOS'ing spam hosts _off_ the net, say by using other spam hosts as DOS relays? Spam headers contain the originating ip, and 2 such _can_ be set up to DOS each other. _Etc_. The problem is that such attacks are a crime, and you are probably easier for the authorities to catch then the spammer... ..most places, agreed. ..these spam hosts are commonly virus infected Wintendo's without the owner knowing, as such unsuspecting owners feel their box appears to work normally. ..these virus infected Wintendos should be taken off-line, anyway, and made secure. And isp's should have a policy on such abuse, and enforce it. http://www.netfilter.org/patch-o-matic/pom-base.html See the section on osf in the above URL for a better solution. Simply block Windows machines from accessing your port 25. ..if only all isp's did it... ..outside Internet, similar action is warranted in many jurisdictions, by laws governing emergencies, for example, breaking into your neighbors house to take his computer is a criminal offence, but may be warranted if his house is ablaze and you know the loss of his data will destroy his business. I doubt that any court would rule that a DDOS attack is lawful, particularly as the attack would mostly harm an innocent ISP that has a Windows luser as a customer (all ISPs have lame customers). ..argueably, yes, however in the case of the lame isp's, there's possibly an opening for such court rulings. ..Bill Gates' proposal of email-for-a-fee-to-Microsoft to solve this, is IMHO pure racism, as is Nigeria's 419 legislation, as it effectively denies all other Africans and many Asians the access to the free email that you and I enjoy. I don't want to send email to Microsoft anyway... ;) .. ;-) The Microsoft scheme is a M$ scheme, their idea is collect the M$ thru their passport service, AFAIUI. ..and, booo, you cc'ed me, spammer! ;-) -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case.
Re: ..idea; ddos spam hosts off Internet?
On Fri, 9 Apr 2004 22:53:15 +1000, Russell wrote in message [EMAIL PROTECTED]: On Fri, 9 Apr 2004 21:32, Arnt Karlsen [EMAIL PROTECTED] wrote: On Fri, 9 Apr 2004 15:27:03 +1000, Russell wrote in message http://www.netfilter.org/patch-o-matic/pom-base.html See the section on osf in the above URL for a better solution. Simply block Windows machines from accessing your port 25. ..if only all isp's did it... Not all ISPs need to do it. Only your ISP and the ISPs that host mailing lists that you subscribe to. ..true. And, it does nothing to stop Bill Gates' email-fee scheme. If you are interested in this then the best thing you can do is to build yourself a kernel with osf and try it out. If it works well create a Debian kernel-patch package for it so that other Debian users can conveniently use it. The more accessible you make this to Debian people the closer it comes to being installed on Debian list servers... ..I agree, but don't hold your breath, I'm still a fresh Red Hat convertee, and I first have to get apt-get or yum up and going on my client's boxes, ie; those RH-7.3 and RH-9'ers that I need to keep up 24/7, everything else is and becomes Woody and Sarge as soon as they blink. ;-) I'll honk the horn when my osf deb needs testing. -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case.
Re: ..idea; ddos spam hosts off Internet?
On Fri, 9 Apr 2004 21:32, Arnt Karlsen [EMAIL PROTECTED] wrote: On Fri, 9 Apr 2004 15:27:03 +1000, Russell wrote in message http://www.netfilter.org/patch-o-matic/pom-base.html See the section on osf in the above URL for a better solution. Simply block Windows machines from accessing your port 25. ..if only all isp's did it... Not all ISPs need to do it. Only your ISP and the ISPs that host mailing lists that you subscribe to. If you are interested in this then the best thing you can do is to build yourself a kernel with osf and try it out. If it works well create a Debian kernel-patch package for it so that other Debian users can conveniently use it. The more accessible you make this to Debian people the closer it comes to being installed on Debian list servers... -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Little BIG problem with Backbone
Hello, because I am in paning of a CyberCenter Network in Marocco the idea is exploding !!! Exactly, I need very much Backbone-Power which can not provided from the Maroc Telecom They offer me only E3 with 34 MBit !!! And 34 MBit for 450.000 DH/month (41.000 Euro/month) Only my Proxim Tsunami MP.11a (12 Access Points) support 216 MBit or effectiv 160 MBit and this only in one city !!! Now there are some enterprises in Marocco which had ask me, why not installing a second Internet-Network !!! Oh yes, ist is no problem !!! We need only a dual GigaBit Fiberoptic Sea-Cable from Espain to Marocco ! What a joke ! OK, crazy, but I have contacted CISCO for some routers ;-) and some other Manufacturs for Radio-Bridges (34 - 155 MBit and 1 GBit) Now my Question: Creating a Local GBit-Network in Marocco is generaly no Problem, it is not a big difference between it and my local network, exept I need a little bit more cable. BUT how does it work with the Connection to the Internet, exactly to the other Backbones ? Any Informations are Welcome... Greetings and nice Easter. Michelle -- Registered Linux-User #280138 with the Linux Counter, http://counter.li.org/
Re: Little BIG problem with Backbone
Michelle Konzack wrote: Hello, because I am in paning of a CyberCenter Network in Marocco the idea is exploding !!! Exactly, I need very much Backbone-Power which can not provided from the Maroc Telecom Aren't there other providers? I remember many routes to Morocco using Seabone. You can find a contact at http://www.tisparkle.it/contacts.htm And I know also Sprint has a PoP available in Morocco. There should be more. What about France Telecom, Telenor and Telefonica? Of course you should plan your CyberCenter close to an important crossroads of telecom infrastructure since Maroc Telecom will probably charge a lot for leased lines with such high bandwidth while you actually need dark fiber. kind regards, Richard Zuidhof
Re: Little BIG problem with Backbone
Am Freitag 09 April 2004 16:03 schrieb Michelle Konzack: Hello, Hi :) [...] Now my Question: Creating a Local GBit-Network in Marocco is generaly no Problem, it is not a big difference between it and my local network, exept I need a little bit more cable. in theory this is correct, but you should think about good manageable switches, so that you can build vlans. Without vlans your security in your network is not so good, because every computer can arpspoof and so sniff in the traffic of the other ips/nets you have conntected to the switch. Even Man-in-the-middle attacks are possible, if you don't think about vlans. You can also bind only fixed MAC Addresses to the switch ports, so that nobody can spoof another MAC/ARP of others, but I would prefer vlans :) BUT how does it work with the Connection to the Internet, exactly to the other Backbones ? okay... in short: You need to contact the ripe and ask them for an AS Number and for an IP-Network for you. If you got you own AS Number, you can configure your cisco router (or every other router which is able to use BGP (routing-protocol)) to annouce this AS to the next AS (which normaly is the AS of your uplink (Maroc Telecom for example). The AS of your uplink will annouce your AS to his next AS and so on, until every AS in the world nows how to reach your AS. And you can announce over this AS Path your IPs (you got from the RIPE). After you made this, you should be reachable from all over the world... Any Informations are Welcome... I can only give you a short overview over the things you need... (bgp router, AS-Number, IP-Network). But you should inform yourself on other internet sites... just search for: bgp which stands for border gateway protocol or AS. Even the ripe site should be quite informative. In short: BGP is the protocol that makes the internet work, because all provider use this protocoll for their dynamic routing. With bgp you can also use multiple uplinks, even with the same network. So that you can send and recieve pakets for you network over two uplinks for example. This can be used for redundancy and for combining multiple uplinks (if you need a lot of bandwidth) Greetings and nice Easter. Michelle Hope I could help you a bit. -- Ralph
Re: Little BIG problem with Backbone
Am 2004-04-09 17:32:57, schrieb Richard Zuidhof: Michelle Konzack wrote: Hello, because I am in paning of a CyberCenter Network in Marocco the idea is exploding !!! Exactly, I need very much Backbone-Power which can not provided from the Maroc Telecom Aren't there other providers? I remember many routes to Morocco using Unfortunately NO. If you like to be ISP you need a Licence from the ANRT (Authorité Nationale de Reglementation des Telecommunications) I have ask them and there is no other Backbone-Provider as the Maroc Telecom. OK, there are SkyDirect.net (Satelit) but for one 50 MBit channel I can install many GigaBit cables... Seabone. You can find a contact at http://www.tisparkle.it/contacts.htm OK, visited but this where I am hanging (I have a CISCO router which supports 4 x OC-3): /home1/michelle/tmp/temp ___ / | BGP-4 Routing | Our network, which has autonomous system number AS6762, | supports BGP-4, in addition to static routing. | BGP-4 (Border Gateway Protocol version 4) provides loop-free | interdomain routing between Autonomous Systems; it allows | customers to be connected with multiple links to several | Internet Transit Providers (i.e. to be multi-homed). | The connection running BGP-4 must be carefully studied and | needs to meet the following prerequisites: | | * customer preferably has its own IP addresses space; | * customer is responsible for maintaining his routing; | * customer needs to have his routing policy filed at RIPE. \_ Many things to learn... And the the Office in Rabat/marocco: mailto:[EMAIL PROTECTED] IAM (Itisalat Al'Maghrib) is the Maroc Telecom and SeaBone has no own POP in Marocco. It is the Maroc Telecom. So this solution ist a little bit too expensive. And I know also Sprint has a PoP available in Morocco. There should be more. What about France Telecom, Telenor and Telefonica? NO, all Provider are using the Network of the Maroc Telecom and because there is no second Provider they can make the Price how they want. It is not good for Clients. See prices of ADSL: http://abonne.menara.ma/adsl.asp 1609 Dirham are 145 Euro !!! I pay in Strasbourg 14,90 Euro with unlimited Traffic. Of course you should plan your CyberCenter close to an important crossroads of telecom infrastructure since Maroc Telecom will probably charge a lot for leased lines with such high bandwidth while you actually need dark fiber. I know, I have all prices here. Even if I have my own Backbone to my NetworkCenter and need for example some E1, E2 or E3 to my CyberCenters and InternetCafes, LL'a are too expensive. Speed: E1 (1920kBit) E2 (8,4MBit)E3 (34MBit) Installation 4000 ¤ 13300 ¤ 17500 ¤ Local3000 ¤ 5600 ¤ 9700 ¤ = 35 km 3200 ¤ 6000 ¤ 11400 ¤ 35 - 100 km 3500 ¤ 7300 ¤ 16800 ¤ 100 - 200 km 4000 ¤ 9200 ¤ 24900 ¤ 200 km 5200 ¤ 14000 ¤ 45100 ¤ So Leasd Lines are too expensive ! A friend of me in South-Afrika use 34 MBit RadioBridges (max 30-40km) and use Lucent ORINOCO Outdoor Routers for the Last-Mile Access... Works quiet well. - No cable required. He told me, that the Cable was much more expensive as the 34 MBit RadioBridge and the Outdoor Router. kind regards, Richard Zuidhof Greetings Michelle -- Registered Linux-User #280138 with the Linux Counter, http://counter.li.org/
Re: Little BIG problem with Backbone
Am 2004-04-09 17:49:42, schrieb Ralph Paßgang: Am Freitag 09 April 2004 16:03 schrieb Michelle Konzack: Hello, Hi :) Hello, in theory this is correct, but you should think about good manageable switches, so that you can build vlans. Without vlans your security in your network is not so good, because every computer can arpspoof and so sniff in the traffic of the other ips/nets you have conntected to the switch. Even Man-in-the-middle attacks are possible, if you don't think about vlans. You can also bind only fixed MAC Addresses to the switch ports, so that nobody can spoof another MAC/ARP of others, but I would prefer vlans :) This is what the CISCO-Support told me too. I have downloaded tons of PDF's... But I think, I need an Army to reed it all ! BUT how does it work with the Connection to the Internet, exactly to the other Backbones ? okay... in short: You need to contact the ripe and ask them for an AS Number and for an IP-Network for you. If you got you own AS Number, you can configure your cisco router (or every other router which is able to use BGP (routing-protocol)) to annouce this AS to the next AS (which normaly is the AS of your uplink (Maroc Telecom for example). The AS of your uplink will annouce your AS to his next AS and so on, until every AS in the world nows how to reach your AS. Ah OK, this was not clear enough. (I was on the Website of RIPE but does not understood all well) And you can announce over this AS Path your IPs (you got from the RIPE). After you made this, you should be reachable from all over the world... In theory ;-) easier as I was thinking... Any Informations are Welcome... I can only give you a short overview over the things you need... (bgp router, AS-Number, IP-Network). But you should inform yourself on other internet Yes I know... I had only a small CyberCenter-Network Project with some WaveLAN AccessPoints but now the Idea is exploding and now it overrun me... My brain is smoking (my ADSL-Rooter and mozilla too) because I am working curently 15-18 hours a day sites... just search for: bgp which stands for border gateway protocol or AS. Even the ripe site should be quite informative. OK, I know. Have gotten a used CISCO which support four OC-3 with BGP-4. In short: BGP is the protocol that makes the internet work, because all provider use this protocoll for their dynamic routing. With bgp you can also use multiple uplinks, even with the same network. So that you can send and recieve pakets for you network over two uplinks for example. This can be used for redundancy and for combining multiple uplinks (if you need a lot of bandwidth) 2 x 1 GBit ;-) Nice Price for router which do the Job redunant... :-/ Greetings and nice Easter. Michelle Hope I could help you a bit. Yes thanks, Now I know a little Bit more and can search more spcific. -- Ralph Greetings Michelle -- Registered Linux-User #280138 with the Linux Counter, http://counter.li.org/
Re: Little BIG problem with Backbone
Hello Arnt, Am 2004-04-09 18:23:03, schrieb Arnt Karlsen: On Fri, 9 Apr 2004 16:03:06 +0200, Michelle wrote in message [EMAIL PROTECTED]: They offer me only E3 with 34 MBit !!! And 34 MBit for 450.000 DH/month (41.000 Euro/month) ..dude. For that kinda money, I could hang you a few relay drones over the Mediterranean. In germany I have payed for a Redunant E3 at UUnet around 10.000 Euro/month and then the traffic :-/ around 25.000 Euro/month. Oh yes, In Germany You get the Acces realy cheap, but you pay for the traffic ! Only my Proxim Tsunami MP.11a (12 Access Points) support 216 MBit or effectiv 160 MBit and this only in one city !!! ..huh? These AP's are 54 Mbit, no? I can buy 12 of these Yes, but you can only use 4 Channels paralel of the 19. side by side doing your 160 to 216MBit range, this fits the 30-50% bw performance I see everywhere else. The 54 MBit are only Theory ! Practical you can get around 40 MBit for each channel. So if I install for example 4 Channels in Casablance I have around 40% of all resources there ! But, if I calculate with 5-6 E3-Links and 42.000 Euro per Link, I will necer earn money with it ! Now there are some enterprises in Marocco which had ask me, why not installing a second Internet-Network !!! Oh yes, ist is no problem !!! We need only a dual GigaBit Fiberoptic Sea-Cable from Espain to Marocco ! What a joke ! ..you sound like I can charge you more, for fancier drones? ;-) ;-) I have friend in Marocco for more then 23 years, and I have done there very much, NOW the are thinkin, I can do ALL !!! Generaly right, but I need enough time for learning Curently I am preparing only a study about this project and its possibility. I think realy it can be done... Fuel cells, hydrogen power, Warbird re-enactment game servers, steam video stream servers? Realism suggests glider type looks, ^^ This will kill my WaveLAN ;-) solar cells and batteries and electric loiter cruise power, and ^^^ Regenerativ Energies are sibsidized (I was thinking to install the WaveLAN Relays with SolarPower) OK, crazy, but I have contacted CISCO for some routers ;-) and some other Manufacturs for Radio-Bridges (34 - 155 MBit and 1 GBit) ..sizes, weights, and power etc requirements? It depends, because 1) If I have only a NetworkCenter (4 x OC-3) for my CyberCenter project, I need only RadioBridges which supports E1, E2 and E3 and OC-3 2) If I support paralel to 1) commercial Users (End and ISP), I need a bigger Backbone like 2 x 1 GBit which mean, I need GBit RadioBridges maybe up to 1,8 GBit too. http://www.wirelesguys.com/ The price is realy heavy (around 27.000 US$ each ) and they support not more the 20km and you need many Briges... What I need is a study about installing wired ! Dont know the price for the special cable, the Repeaters, ... ..well, if you reel out a fiber spool or buy my relay drones, I guess you'll still need at least one gateway isp, a full set of new isp servers, staff, and ofcourse at least one ip range, to set up your new Maroccan isp. I was thinking about minimum two independant and 100% redunant ISP's. OK, I have already 26 Server prepared, but it is only for the CyberCenter and can support up to 100.000 customers . Bigger Backbone need bigger Servers... So 100 MBit FullDuplex will not enough. ..fiber you know, relay drones loiter at altitude with line of sight to You mean via Satelit ? I have read an Documentation that one Satelit Link can support up to 50 MBit. Is this right ? But there are already concurence: http://www.directsky.net/ both ends, carrying bridges, so both ground startions point link antennas to that spot half way across the sea, say at 6ft, to stay out of the way of airliners etc. Can even use wifi gear. OK, this is logicaly ..and over cities, access point server drones, with bandwidth throttling, loitering at anywhere from 1000 to 2ft? (Or 6ft, to stay clear of the airliner etc traffic.) I can use the Proxim Tsunami MP.11a which sopports with the Outdoor Router Software upgrade Traffic Shaping from 64 kBit to some MBit (do not know exactly) Greetings Michelle -- Registered Linux-User #280138 with the Linux Counter, http://counter.li.org/
Re: Little BIG problem with Backbone
Hello! Before all this begins to get silly: You are playing with amount of money which I would not concern as pennyware. As from you mails before, it's clearly to recognize that you haven an idea, but no concept nor the skills you need. You will need probably consultants who help you to find a concept that works - in financial and technical concerns. Some technical questions: _ How will you do the accounting for wireless connections? Security? To shoot from the hip I would recommend Maxina (www.maxina.de) _ Did You know that Satellite Communictions has huge latencey ( 2 * 36000Km distance ... I guess you won't be able to get a ping below 500ms) _ Scalabilty? How many users can an accesspoint (Tsunami et al.) take? It's probably not an bandwidth concern ... _ Did you know that 100% ISPs are generally nothing else than 99,x% ISPs when it comes to reality? The only advantage is, that you give you some pence if they violate their SLA. _ Did you know that 54Mbit 802.11a doesn't really give you 54 Mbit in realiy? (huge overhead, all German readers: C'T benchmarked it) _ For reliable wireless LAN you need line of sight or very close distance _ 34Mbit and 155Mbit radio LAN Connection Equipment is far better than 802.x but very expensive and maybe shitty to when it comes to noise concerns. LaserLinks are more reliable but don't work in foggy environments. What you try to build up is an ISP + Carrier + Datacenter. Whooo much stuff. There specialists out that only do one of there three things and all have much to do with olny one area But that does not mean that you project is impossible, but what you need to know can't be learned in 8 weeks IMHO you will need Moroc Telecom in one way or the other. At all for your connecivity. It's pretty similar in all countries. Rgds, Andreas
Re: which scsi raid adapter?
On Sa, Apr 10, 2004 at 12:43:55 +0200, Tinus Nijmeijers [EMAIL PROTECTED] wrote: hi, I used to use Mylex acceleraid cards (DAC960) which are in bf24 and in the standard 2.4.* kernels. Now they are phased out by the new owners of Mylex, LSI. Mylex sucks. so, what's a good scsi raid card that is in any of the woody kernel install flavours and supported in standard (debian) kernels? ICP Vortex: http://www.vortex.de/ Unfortunately, the GDT driver is not part of the woody distributiuon kernel. I recently replaced all Mylex 960 Adapters by GTD controllers.
Re: OSF for an ISP (was Re: ..idea; ddos spam hosts off Internet?)
If I remember right (and someone correct me if I'm wrong) a mail server doesn't have to have an MX record. If no MX record exists then the sending server drops back to normal host records and this is perfectly legitimate. So the MX record checking may not work so well Pulu 'Anau wrote: To kind of get back to the ISP world a little bit, has anyone used this in the way that's being recommended? (Using the OS Fingerprint Netfilter patch to block Windows machines sending to port 25). We're currently getting slammed by Windows viruses and have thought about doing exactly that, but it seemed to us that there are enough people using Exchange or Sendmail.com's windows sendmail (let alone ftgate, etc, etc.) that doing this would block legitimate mail almost instantly. We've just been blocking hosts manually after the first virus. I'm thinking about writing a little script to: 1. Get the offending IP address from amavis's logfile 2. Check against a whitelist (like our own backup mx's) 3. Do something like tcpping to the IP to see if it is a valid mx host 4. If it doesn't pass checks 2 or 3, block the IP in netfilter for 72 hours Other than the 72 hour checks it's pretty straightforward and seems (at least to me) very unlikely to stop legitimate mail, while cutting those guys who send 40-50 viruses a day down to 1 every three. Does anyone see any problems with the above? The major issue is bandwidth, some of our customers host their mail servers on 32K links with 200+ users. Sorry, it's not really about the spam issue discussed before, but it's strange the synchronicity (os fingerprinting anyway) between my work and this list sometimes. Pulu Afe.to ANTS POB 1478 Nuku'alofa, Tonga Ph: Country code 676 - 27946 or 878-1332 http://www.afe.to http://svcs.affero.net/rm.php?r=pulu Quoting Russell Coker [EMAIL PROTECTED]: On Fri, 9 Apr 2004 21:32, Arnt Karlsen [EMAIL PROTECTED] wrote: On Fri, 9 Apr 2004 15:27:03 +1000, Russell wrote in message http://www.netfilter.org/patch-o-matic/pom-base.html See the section on osf in the above URL for a better solution. Simply block Windows machines from accessing your port 25. ..if only all isp's did it... Not all ISPs need to do it. Only your ISP and the ISPs that host mailing lists that you subscribe to. If you are interested in this then the best thing you can do is to build yourself a kernel with osf and try it out. If it works well create a Debian kernel-patch package for it so that other Debian users can conveniently use it. The more accessible you make this to Debian people the closer it comes to being installed on Debian list servers... -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - This mail sent from Tonga's Premiere Internet Cafe Visit us online at http://www.cafe.afe.to discussions @ http://www.nomoa.com/index.php generic info @ http://www.tongatapu.net.to
Re: OSF for an ISP (was Re: ..idea; ddos spam hosts off Internet?)
Hi! Dave Watkins wrote: If I remember right (and someone correct me if I'm wrong) a mail server doesn't have to have an MX record. If no MX record exists then the sending server drops back to normal host records and this is perfectly legitimate. So the MX record checking may not work so well Dave, your theory is right, you don't have to have an MX record in your DNS zone in order to receive mail, but Pulu wants to tcpping, so his idea is to check if there is an open port 25, i.e. check if the sending server is an mailserver. This would not be the case with infected outlooks ;) but also not for hosts behind NAT FW. @Pulu: Is that your idea? The problem is more that a sending host has not neccessarily to be an receiver. (remindes me on goatse.cx ;-)) nor that is has to be smtp (submission et al?) In Germany several large scale ISPs began to block all mail comming directly from an dialup ip, so I think it would be an accepted way to try what Pulu wants to do. Rgds, j. -- Andreas John net-lab GmbH Luisenstrasse 30b 63067 Offenbach Tel: +49 69 85700331 http://www.net-lab.net
Re: which scsi raid adapter?
On Sat, 2004-04-10 at 00:51, Franz Georg Köhler wrote: On Sa, Apr 10, 2004 at 12:43:55 +0200, Tinus Nijmeijers [EMAIL PROTECTED] wrote: hi, I used to use Mylex acceleraid cards (DAC960) which are in bf24 and in the standard 2.4.* kernels. Now they are phased out by the new owners of Mylex, LSI. Mylex sucks. huh? why? so, what's a good scsi raid card that is in any of the woody kernel install flavours and supported in standard (debian) kernels? ICP Vortex: http://www.vortex.de/ Unfortunately, the GDT driver is not part of the woody distributiuon kernel. how do you install a fresh machine with an ICP (not HOW but YOU :-) create boot-flops on an already installed machine? I recently replaced all Mylex 960 Adapters by GTD controllers. what happened to to Mylexen? dying in droves? (I've never seen a problem with them) thanks, tinus
Re: which scsi raid adapter?
On Sat, 2004-04-10 at 00:51, Franz Georg Köhler wrote: On Sa, Apr 10, 2004 at 12:43:55 +0200, Tinus Nijmeijers [EMAIL PROTECTED] wrote: hi, I used to use Mylex acceleraid cards (DAC960) which are in bf24 and in the standard 2.4.* kernels. Now they are phased out by the new owners of Mylex, LSI. Mylex sucks. huh? why? so, what's a good scsi raid card that is in any of the woody kernel install flavours and supported in standard (debian) kernels? ICP Vortex: http://www.vortex.de/ Unfortunately, the GDT driver is not part of the woody distributiuon kernel. how do you install a fresh machine with an ICP (not HOW but YOU :-) create boot-flops on an already installed machine? I recently replaced all Mylex 960 Adapters by GTD controllers. what happened to to Mylexen? dying in droves? (I've never seen a problem with them) thanks, tinus
Re: which scsi raid adapter?
On Sa, Apr 10, 2004 at 01:54:59 +0200, Tinus Nijmeijers [EMAIL PROTECTED] wrote: On Sat, 2004-04-10 at 00:51, Franz Georg Khler wrote: On Sa, Apr 10, 2004 at 12:43:55 +0200, Tinus Nijmeijers [EMAIL PROTECTED] wrote: I used to use Mylex acceleraid cards (DAC960) which are in bf24 and in the standard 2.4.* kernels. Now they are phased out by the new owners of Mylex, LSI. Mylex sucks. huh? why? Firstly, performance sucks. My 960 had 128 Mbyte of RAM and still couldn't compete with GTD or IFT RAID. Secondly, the LINUX driver is kind of special. While GDT controllers are recognised as scsi adapters, the Mylex driver has it's own device naming scheme (this is, why it doesn't appear in the SCSI submenu: it is not a scsi driver). ICP offers a utility named icpcon, which is avaiable for linux and enables full access to the GTD features/firmware (add/remove physical/logical drives, etc while the os is running). The MyLex driver offers a incomplete interface via the proc system, if I remember this correctly. Finally, for the benefit of Mylex, I have to say that mylex supported the linux developer(s?) by donating/borrowing hardware. so, what's a good scsi raid card that is in any of the woody kernel install flavours and supported in standard (debian) kernels? ICP Vortex: http://www.vortex.de/ Unfortunately, the GDT driver is not part of the woody distributiuon kernel. how do you install a fresh machine with an ICP (not HOW but YOU :-) create boot-flops on an already installed machine? The current sarge installer has full support for GTD adapters. Beside that, you could recompile the debian kernel an copy it onto disk/CD or preload GDT modules from floppy during installation. I recently replaced all Mylex 960 Adapters by GTD controllers. what happened to to Mylexen? dying in droves? (I've never seen a problem with them) My Mylex Controller currupted the entire RAID as it was actually supposed to rebuild it...(RAID-5 with SPARE, 9 discs). The disc outage itself was handled fine, though (and this is finally the reason why I replaced the hardware. I didn't care that much about performance but stability).
Re: Little BIG problem with Backbone
Am 2004-04-09 23:20:47, schrieb Andreas John: Hello! Before all this begins to get silly: You are playing with amount of money which I would not concern as pennyware. As from you mails before, it's clearly to recognize that you I had a talk with the Ministry of Communicatin in Rabat and he ask me about the costs. I have answerd some hundred million Dirham. A littlebit silence and than he ask me How many hundred million ? OK, between 8 and 12. He was meaning, thats a real chiffre. haven an idea, but no concept nor the skills you need. You will need probably consultants who help you to find a concept that works - in financial and technical concerns. Right, and as I have written, I do only the study for this project. Then I will present this Project som people from the Maroc Gov. and some Finanicial/Technical Specialists to get a summary... Some technical questions: _ How will you do the accounting for wireless connections? Security? To shoot from the hip I would recommend Maxina (www.maxina.de) Oll Users have a fixed IP-Address and security is VPN/pptp (Included since Win98) and downlodable for Win95. Maxina I do not know and I will check it out. _ Did You know that Satellite Communictions has huge latencey ( 2 * 36000Km distance ... I guess you won't be able to get a ping below 500ms) Yes I know. Not funny for gamers... _ Scalabilty? How many users can an accesspoint (Tsunami et al.) take? It's probably not an bandwidth concern ... I offer only 64, 128 and 256 kBit. because my Experience with the Lucent ORINOCO maybe 2500 Clients with 64 kBit on one 54 MBit Channel. _ Did you know that 100% ISPs are generally nothing else than 99,x% ISPs when it comes to reality? The only advantage is, that you give you some pence if they violate their SLA. YES. _ Did you know that 54Mbit 802.11a doesn't really give you 54 Mbit in realiy? (huge overhead, all German readers: C'T benchmarked it) But they have only Benchmarked the SOHO-Systems not HighEnd. You can not compare a Lucent ORINOCO or a Proxim Tsunami with Netgear, Dlink or Linksys. For example:The cheap 11 MBit WaveLAN cards like Linksys or Dlink hav only 10-15 mWatt. The Lucent ORINOCO SilverCard 35 mWatt (required for the AccessPoints) and the GoldCard 50 mWatt. Between two Netgear Cards you can have not more then 100 Meters with 3-4 MBytes/Sec and than you have a fallback to 5,5 MBit Between two Lucent ORINOCO GoldCards you can have more then 600 Meters with 7 MBytes/Sec. For the cheap Cards you pay 22-40 Euro but for the Lucent ORINOCO GoldCard 109 Euro _ For reliable wireless LAN you need line of sight or very close distance The Lucent ORINOCO is tested in Kehl/Allemagne with up to 1300 Meters between the COR (OmniWave 10dBi) and ROR (YAGI 14 dBi) and between ROR (OmniWave) and Client without External Antenna up to 500 Meters. The Proxim Tsunami MP.11a is Tested in Strasbourg (Center) and do the job between the COR (SectorAntenne 120° 12dBi) and ROR (YAGI 16dBi) in a distance of up to 8000 Meters (I was not able to get bigger distances). Between ROR (OmniWave 10 dBi) and the Clients I have gotten more then 1000 Meters with 256 kBit and it does not make a fallback to 48 MBit. _ 34Mbit and 155Mbit radio LAN Connection Equipment is far better than 802.x but very expensive and maybe shitty to when it comes to noise concerns. LaserLinks are more reliable but don't work in foggy environments. 8.000 km of FiberOptic cable ? I do not like to dream about the price... But RadioBridges with 34 MBit do maximum 30 km and with 155 MBit around 20 km. So I need many of them. One of the Enterprises that I have contacted was http://www.itm-group.com/ and the Suggestion: 34 MBit Systems:Sagem, Witcom, Ericsson 155 MBit Systems: Ceragon, Ericsson Also he told me, that I need between 7 and 10 RadioBridges for a distance of 300 km because the turn of the Earth. What you try to build up is an ISP + Carrier + Datacenter. Whooo much stuff. There specialists out that only do one of there three things and all have much to do with olny one area ;-) My OWN Project was the Creation of a CyberCenter which contains: 1) InternetCafeBased on Debian GNU/Linux 2) Education Center for women Informatic/Linux/Office 3) WaveLAN-ISP Only Localy. For this it is enough, if I have two E3 (34MBit), a 3Com NETBuilder II (8-Slot), one Proxim Tsunami MP.11a and the possibility of Serverhosting. Because Internet is realy expensive in Maroc and my Enterprise is non-lucrativ I like to drop down the price under the ADSL. But NOW:450.000 DH (41.000 Euro) for ONE E3. Two times more expensive as in France and fife time more
