NAT monitoring
Hi, I'm currently working on a project to determine if it is possible to provide a cross-vendor NAT management/monitoring solution. I would like to know what your thoughts are regarding NAT management and ideally... 1. What hardware do you use with NAT and in what configuration? (just general info, not configs ;-) ) 2. What do you use to monitor/manage NAT? (opensource?) 3. What corners, if any, did you have to cut? 4. Are you aware of any vendor-specific MIBs solely for NAT? - I seem to remember a draft a while ago. Any other thoughts or comments would also be most useful. regards, Matt. _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com
Re: packet inspection and privacy
Steven M. Bellovin wrote: Mark Kent writes: I recently claimed that, in the USA, there is a law that prohibits an ISP from inspecting packets in a telecommunications network for anything other than traffic statistics or debugging. Was I correct? No. Or at least you weren't; the Patriot Act may have changed it. (I assume you're talking about U.S. law.) There was a quirk in the wording of the law -- what you say is correct for *telephone* companies, but not ISPs. You're referring to common carrier status, I think. This isn't exclusively restricted to phone companies, but that's the way it is right now. I think it may also apply to non-voice carriers that sell circuits. I'm pretty certain that it does not apply to ISPs. A common carrier is not allowed to monitor/filter traffic on customer circuits. They also can't be held responsible for the traffic on those circuits. -- David
Re: packet inspection and privacy
In message [EMAIL PROTECTED], David Charlap writes: Steven M. Bellovin wrote: Mark Kent writes: I recently claimed that, in the USA, there is a law that prohibits an ISP from inspecting packets in a telecommunications network for anything other than traffic statistics or debugging. Was I correct? No. Or at least you weren't; the Patriot Act may have changed it. (I assume you're talking about U.S. law.) There was a quirk in the wording of the law -- what you say is correct for *telephone* companies, but not ISPs. You're referring to common carrier status, I think. No, I'm referring to the wiretap act. And this is based on conversations with various Federal prosecutors. This isn't exclusively restricted to phone companies, but that's the way it is right now. I think it may also apply to non-voice carriers that sell circuits. I'm pretty certain that it does not apply to ISPs. A common carrier is not allowed to monitor/filter traffic on customer circuits. They also can't be held responsible for the traffic on those circuits. I'm referring to 18 USC 2510 and 2511, which you can find at http://www4.law.cornell.edu/uscode/18/2510.html and 2511.html. In particular, 18 USC 2511(2)(a)(i) says: It shall not be unlawful under this chapter for an operator of a switchboard, or an officer, employee, or agent of a provider of wire or electronic communication service, whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service, except that a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks. Note that the ban on random monitoring applies to a provider of wire service communication services. 2510(1) defines wire communication as aural transfer, i.e., voice. ISPs provide electronic communication services, as defined in 2510(12); ''electronic communication'' means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce, but does not include - (A) any wire or oral communication; (B) any communication made through a tone-only paging device; (C) any communication from a tracking device (as defined in section 3117 of this title); or (D) electronic funds transfer information stored by a financial institution in a communications system used for the electronic storage and transfer of funds; I'll let a real lawyer tell me what category VoIP or EFT over the Internet falls under... Btw, I referred to Eckenwiler's presentation. See http://www.nanog.org/mtg-0010/justice.html for the full thing; see especially slide 12, which discusses what system operators can do, and the part that says phone companies more restricted than ISPs. Eckenwiler is an attorney at DoJ. And yes, I was the one who suggested that he speak at NANOG, precisely to clear up some of these points. Oh yes -- since I have the statute in front of me, see 2511(2)(a)(ii)(B): No provider of wire or electronic communication service, officer, employee, or agent thereof, or landlord, custodian, or other specified person shall disclose the existence of any interception or surveillance or the device used to accomplish the interception or surveillance with respect to which the person has been furnished a court order or certification under this chapter, except as may otherwise be required by legal process and then only after prior notification to the Attorney General or to the principal prosecuting attorney of a State or any political subdivision of a State, as may be appropriate. Any such disclosure, shall render such person liable for the civil damages provided for in section 2520.
Re: Bet on with my boss
Martin Hannigan wrote: Regards, -- Martin Hannigan [EMAIL PROTECTED] Boston, MA http://www.fugawi.net On Fri, 21 Jun 2002, Vincent J. Bono wrote: We recently had a piece of equipment fail outside of Bronson, FL. This was in a regeneration hut, 50 miles from almost anywhere useful. There is no cellular service and no POTs in the HUT. The closest employee was a woman who although bright was not very familiar with the equipment installed. Because the management channel (IP) was still working to the site, an engineer here in Quincy, MA was able to step her through fixing the problem using nothing but IRC and two-way pager. It took her 35 minutes to correct the issue. Harder than with a phone? Yes. Impossible? No. Without that IP channel running? It would have taken closer to an hour and a half by my guess but still doable. Smoke signals or semaphore? I won't hazard a guess. -vb Regards, -- Martin Hannigan [EMAIL PROTECTED] Boston, MA http://www.fugawi.net On Fri, 21 Jun 2002, Vincent J. Bono wrote: Harder than with a phone? Yes. Impossible? No. Without that IP channel running? It would have taken closer to an hour and a half by my guess but still doable. Smoke signals or semaphore? I won't hazard a guess. That's it. I'm giving semaphore classes at the BBQ. :) BBQ? really? When? Where? Jane begin:vcard n:Pawlukiewicz;Jane tel;cell:703 517-2591 tel;fax:703 289-5814 tel;work:703 289-5307 x-mozilla-html:FALSE org:Booz Allen Hamilton;Visit us on the Internet: a href=http://boozallen.com;BoozOnline/a adr:;; version:2.1 email;internet:[EMAIL PROTECTED] title:Senior Consultant fn:Jane Pawlukiewicz end:vcard
How important is the PSTN
Hi all, Thanks so much for all the great answers. (Could everyone please stop telling me that im = instant messaging). I knew I should've never gotten out of bed this morning. Anyway, 75% of the respondents said the phone is critical. 25% said some form of IM is critical. Just in case anyone was curious. Is it me or is it very quiet in here today? Jane begin:vcard n:Pawlukiewicz;Jane tel;cell:703 517-2591 tel;fax:703 289-5814 tel;work:703 289-5307 x-mozilla-html:FALSE org:Booz Allen Hamilton;Visit us on the Internet: a href=http://boozallen.com;BoozOnline/a adr:;; version:2.1 email;internet:[EMAIL PROTECTED] title:Senior Consultant fn:Jane Pawlukiewicz end:vcard
How important is IM? was RE: How important is the PSTN
Jane, This brings up a good point about IM. IMHO, IM is a security risk and I am establishing a company standard where users behind the firewall are prohibited from using IM, IRC, and peer-to-peer file sharing programs. My opinion is that these types of programs contribute more to lack of productivity than to real problem solving. So my question for the group is, do chat programs (IM, IRC, yahoo) serve a substantial network support purpose or are they more of a distraction, allowing staff to communicate with friends, relatives, drifters, interlopers on company time? Regards, Christopher J. Wolff, VP CIO Broadband Laboratories http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Pawlukiewicz Jane Sent: Tuesday, June 25, 2002 12:06 PM To: [EMAIL PROTECTED] Subject: How important is the PSTN Hi all, Thanks so much for all the great answers. (Could everyone please stop telling me that im = instant messaging). I knew I should've never gotten out of bed this morning. Anyway, 75% of the respondents said the phone is critical. 25% said some form of IM is critical. Just in case anyone was curious. Is it me or is it very quiet in here today? Jane
RE: How important is the PSTN
-Original Message- From: Pawlukiewicz Jane Is it me or is it very quiet in here today? Everybody is off tyring to get openssh 3.3 compiled and installed. :) -Jim P.
Re: How important is IM? was RE: How important is the PSTN
On Tue, 25 Jun 2002, Christopher J. Wolff wrote: So my question for the group is, do chat programs (IM, IRC, yahoo) serve a substantial network support purpose or are they more of a distraction, allowing staff to communicate with friends, relatives, drifters, interlopers on company time? We find IRC and IM invaluable. Set up a private irc server behind the firewall, and use crypto-hard ICQ like licq. (if you use windoze you are probably out of luck though) -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
Re: How important is the PSTN
Is it me or is it very quiet in here today? Jane All the frequent posters have been banned for 6 months. ;)
Re: How important is IM? was RE: How important is the PSTN
So my question for the group is, do chat programs (IM, IRC, yahoo) serve a substantial network support purpose or are they more of a distraction, allowing staff to communicate with friends, relatives, drifters, interlopers on company time? I disagree. I have spent many hours in a noisy datacenter on IM, when the phone was right next to me. It is difficult to hear and the IM allows me to scroll back to see commands that have been sent. IM make collaboration so much easier. I have been in a chat room at 3am with developers, techs, VP's etc, and it was easier than a conference call. Instead of banning, you should be looking into a secure IM client. Several companies make secure clients that also link up to the major players via a gateway. IM isn't going away, I imagine you will see lots of backlash if you try to ban it. jas
Re: How important is IM? was RE: How important is the PSTN
On Tuesday 25 June 2002 12:16 pm, Christopher J. Wolff wrote: Jane, This brings up a good point about IM. IMHO, IM is a security risk and I am establishing a company standard where users behind the firewall are prohibited from using IM, IRC, and peer-to-peer file sharing programs. My opinion is that these types of programs contribute more to lack of productivity than to real problem solving. 99% agreed. I've seen more viruses float in via {insert PtP here) than I'd care to think about. So my question for the group is, do chat programs (IM, IRC, yahoo) serve a substantial network support purpose or are they more of a distraction, allowing staff to communicate with friends, relatives, drifters, interlopers on company time? We support a number of international clients who don't necessarily have the best English-speaking skills. In these cases we find ICQ/AIM/IRC/etc... to be a necessity. Trying to work with a customer to debug kernel compile errors via telephone from the relative un-comfort of a loud/windy datacenter in broken English does NOT work. Grant -- Grant A. Kirkwood - grant(at)tnarg.org Fingerprint = D337 48C4 4D00 232D 3444 1D5D 27F6 055A BF0C 4AED
Re: How important is IM? was RE: How important is the PSTN
PGP Corporate Desktop can help with ICQ if you are a Windows user. -ren, who prefers IRC At 12:24 PM 6/25/2002 -0700, Dan Hollis wrote: On Tue, 25 Jun 2002, Christopher J. Wolff wrote: So my question for the group is, do chat programs (IM, IRC, yahoo) serve a substantial network support purpose or are they more of a distraction, allowing staff to communicate with friends, relatives, drifters, interlopers on company time? We find IRC and IM invaluable. Set up a private irc server behind the firewall, and use crypto-hard ICQ like licq. (if you use windoze you are probably out of luck though) -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
RE: How important is IM? was RE: How important is the PSTN
Christopher, There are three questions here - are IM programs a security risk, is number one. The second is, how does IM come into the network support/communications equation. The third is, how much time gets wasted using IM or IRC? Peer to peer file sharing probably has no place in the business world. It's a leisure thing, and can open you up to liability. On the other hand, who wants to be the software police, more than is absolutely necessary? As far as IM and IRC - many folks find them vital to running and troubleshooting networks, communicating with customers, etc. They can be timewasters, but no more so than abuse of the telephone can be. It's not so much the tool, as the use of the tool that should be a matter of concern. IRC servers are significant security concerns. IRC Clients, coming from behind firewalls, less so. Some folks implement private IRC servers bound to localhost, behind firewalls, for internal use. This is much more secure. IM tends to be insecure, as it's in cleartext, although encryption extensions exist. Of course, most of your email is probably cleartext, too. A bigger concern is that the servers live on someone else's network, so an outage there may effect your operations. - Daniel Golding -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Christopher J. Wolff Sent: Tuesday, June 25, 2002 3:17 PM To: [EMAIL PROTECTED] Subject: How important is IM? was RE: How important is the PSTN Jane, This brings up a good point about IM. IMHO, IM is a security risk and I am establishing a company standard where users behind the firewall are prohibited from using IM, IRC, and peer-to-peer file sharing programs. My opinion is that these types of programs contribute more to lack of productivity than to real problem solving. So my question for the group is, do chat programs (IM, IRC, yahoo) serve a substantial network support purpose or are they more of a distraction, allowing staff to communicate with friends, relatives, drifters, interlopers on company time? Regards, Christopher J. Wolff, VP CIO Broadband Laboratories http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Pawlukiewicz Jane Sent: Tuesday, June 25, 2002 12:06 PM To: [EMAIL PROTECTED] Subject: How important is the PSTN Hi all, Thanks so much for all the great answers. (Could everyone please stop telling me that im = instant messaging). I knew I should've never gotten out of bed this morning. Anyway, 75% of the respondents said the phone is critical. 25% said some form of IM is critical. Just in case anyone was curious. Is it me or is it very quiet in here today? Jane
RE: How important is IM? was RE: How important is the PSTN
Title: RE: How important is IM? was RE: How important is the PSTN -Original Message- From: Christopher J. Wolff [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 25, 2002 3:17 PM To: [EMAIL PROTECTED] Subject: How important is IM? was RE: How important is the PSTN So my question for the group is, do chat programs (IM, IRC, yahoo) serve a substantial network support purpose or are they more of a distraction, allowing staff to communicate with friends, relatives, drifters, interlopers on company time? Regards, Christopher J. Wolff, VP CIO Broadband Laboratories http://www.bblabs.com It also allows other employees to ask/answer quick questions, have an impromptu engineering con-call (with hard copy!) without having to get someone to approve the cost, provide a support channel for customers (ever try to talk a dyslexic through a command line config? cut-paste is your friend...), and several other things that we find useful. In fact, every engineer in the company is told to get a hotmail account and load MSN Messenger when they come on board. IMHO, abuse of company resources should be handled in HR, not IT. Tools don't waste time, people waste time... James H. Smith II NNCDS NNCSE First Call Response Center Professional Services - Network Engineer The Presidio Corporation
Re: How important is IM? was RE: How important is the PSTN
On Tue, 25 Jun 2002, Dan Hollis wrote: On Tue, 25 Jun 2002, Christopher J. Wolff wrote: So my question for the group is, do chat programs (IM, IRC, yahoo) serve a substantial network support purpose or are they more of a distraction, allowing staff to communicate with friends, relatives, drifters, interlopers on company time? We find IRC and IM invaluable. Set up a private irc server behind the firewall, and use crypto-hard ICQ like licq. (if you use windoze you are probably out of luck though) I have to second the value of a private, staff-only IRC server. We use IRC to communicate with each other while on the phone with customers, clients, vendors, etc., and to communicate with offsite workers. We have 4 info-bots which provide up to the minute information about our dial-up capacity, new user accounts created, and as an interface with our check-up system to spew error messages to the channel, and as an interface to qpage for staff to alpha-page anyone. Then there is the benefit of pasting code snippets, config file snippet and error messages while discussing them in real time. Our staff is chastized for not paying attention to our staff channel. It's our primary form of office communication. I can't imagine life here without it. Deeann M.M. Mikula Director of Operations Telerama Public Access Internet http://www.telerama.com * 412.688.3200
RE: How important is IM? was RE: How important is the PSTN
-Original Message- From: Jason Lewis Instead of banning, you should be looking into a secure IM client. Several companies make secure clients that also link up to the major players via a gateway. Trillian is a combined (AIM, Y!, ICQ, IRC) client that supports secure direct P2P (peer to peer) connections. A Swiss Army Knife of communication! Btw, isn't it ass-backwards to state that you are establishing a corporate policy for banning IM, and then ask for feedback on whether or not IM serves a substantial network support purpose? Seems to me one would do discovery before creating policy ;) -Jim P.
RE: How important is IM? was RE: How important is the PSTN
Our NOC uses IM all the time to stay in touch with us regarding emergencies. Our field engineers use IM to stay in touch with us for scheduling and jobs. Engineers working from home use IM to stay in touch with us. A few of our engineers carry cell phones that are IM capable. Trader support techs at different branch offices use IM to convey outage information to us. Pretty important for us. As for people slacking off on IM, we are a project based team with strict deadlines. If you wanna stay on AIM and chat all day, and you miss the deadline, we'll soon find out why. So personal responsibility goes a long way. I'll tell you one thing, it sure helped a lot during Sept 11th. I'd never remove it, just for that reason here. Eventually it might go away due to increased security policies, and then we'll just find something a lot more secure. But it is very handy. I do agree, though, that it isn't the most secure chat product out there. Just so many people use it because of the large installed base. I've even seen AIM IDs on some business cards now. They seem to be more permanent than a cell phone number :-). -Original Message- From: Christopher J. Wolff [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 25, 2002 3:17 PM To: [EMAIL PROTECTED] Subject: How important is IM? was RE: How important is the PSTN Jane, This brings up a good point about IM. IMHO, IM is a security risk and I am establishing a company standard where users behind the firewall are prohibited from using IM, IRC, and peer-to-peer file sharing programs. My opinion is that these types of programs contribute more to lack of productivity than to real problem solving. So my question for the group is, do chat programs (IM, IRC, yahoo) serve a substantial network support purpose or are they more of a distraction, allowing staff to communicate with friends, relatives, drifters, interlopers on company time? Regards, Christopher J. Wolff, VP CIO Broadband Laboratories http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Pawlukiewicz Jane Sent: Tuesday, June 25, 2002 12:06 PM To: [EMAIL PROTECTED] Subject: How important is the PSTN Hi all, Thanks so much for all the great answers. (Could everyone please stop telling me that im = instant messaging). I knew I should've never gotten out of bed this morning. Anyway, 75% of the respondents said the phone is critical. 25% said some form of IM is critical. Just in case anyone was curious. Is it me or is it very quiet in here today? Jane
Re: How important is IM? was RE: How important is the PSTN
On Tue, 25 Jun 2002, ren wrote: : PGP Corporate Desktop can help with ICQ if you are a Windows user. : -ren, who prefers IRC Not for long... http://zdnet.com.com/2100-1107-851515.html A week ago, on Feb. 26, Network Associates (NAI) sent an e-mail to some of its customers announcing that it had killed the PGP Desktop Security product line. the products have now been put into maintenance mode, which means that existing support contracts will be honored until they run out, at which point they will not be renewed. New versions of PGP Desktop will not be released. scott : : At 12:24 PM 6/25/2002 -0700, Dan Hollis wrote: : : On Tue, 25 Jun 2002, Christopher J. Wolff wrote: : So my question for the group is, do chat programs (IM, IRC, yahoo) serve a : substantial network support purpose or are they more of a distraction, : allowing staff to communicate with friends, relatives, drifters, : interlopers : on company time? : : We find IRC and IM invaluable. Set up a private irc server behind the : firewall, and use crypto-hard ICQ like licq. (if you use windoze you are : probably out of luck though) : : -Dan : -- : [-] Omae no subete no kichi wa ore no mono da. [-] : : :
RE: How important is IM? was RE: How important is the PSTN
On Tue, 25 Jun 2002, Daniel Golding wrote: : : Christopher, : : There are three questions here - are IM programs a security risk, is number : one. The second is, how does IM come into the network support/communications : equation. The third is, how much time gets wasted using IM or IRC? : : Peer to peer file sharing probably has no place in the business world. It's : a leisure thing, and can open you up to liability. On the other hand, who : wants to be the software police, more than is absolutely necessary? Deloitte Touche doesn't seem to think so. They use NextPage's NXT 3 platform to enable its employees to access, exchange, and manage distributed content-including large documents and directories of accounting regulations and best practices-as if the content were all in a single location. Through a series of content servers linked to form a peer-to-peer content network, users can search, navigate, and categorize data more quickly, easily, and securely than before. They don't need to replicate or convert the data from its original format. http://networkmagazine.com/article/NMG20020429S0001 scott : : As far as IM and IRC - many folks find them vital to running and : troubleshooting networks, communicating with customers, etc. They can be : timewasters, but no more so than abuse of the telephone can be. It's not so : much the tool, as the use of the tool that should be a matter of concern. : : IRC servers are significant security concerns. IRC Clients, coming from : behind firewalls, less so. Some folks implement private IRC servers bound to : localhost, behind firewalls, for internal use. This is much more secure. IM : tends to be insecure, as it's in cleartext, although encryption extensions : exist. Of course, most of your email is probably cleartext, too. A bigger : concern is that the servers live on someone else's network, so an outage : there may effect your operations. : : - Daniel Golding : : -Original Message- : From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of : Christopher J. Wolff : Sent: Tuesday, June 25, 2002 3:17 PM : To: [EMAIL PROTECTED] : Subject: How important is IM? was RE: How important is the PSTN : : : : Jane, : : This brings up a good point about IM. IMHO, IM is a security : risk and I am : establishing a company standard where users behind the firewall are : prohibited from using IM, IRC, and peer-to-peer file sharing programs. My : opinion is that these types of programs contribute more to lack of : productivity than to real problem solving. : : So my question for the group is, do chat programs (IM, IRC, yahoo) serve a : substantial network support purpose or are they more of a distraction, : allowing staff to communicate with friends, relatives, drifters, : interlopers : on company time? : : Regards, : Christopher J. Wolff, VP CIO : Broadband Laboratories : http://www.bblabs.com : : -Original Message- : From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of : Pawlukiewicz Jane : Sent: Tuesday, June 25, 2002 12:06 PM : To: [EMAIL PROTECTED] : Subject: How important is the PSTN : : : Hi all, : : Thanks so much for all the great answers. (Could everyone please stop : telling me that im = instant messaging). I knew I should've never gotten : out of bed this morning. : : Anyway, 75% of the respondents said the phone is critical. 25% said some : form of IM is critical. : : Just in case anyone was curious. : : Is it me or is it very quiet in here today? : : Jane : : : :