Re: Vulnerbilities of Interconnection
On Thu, 5 Sep 2002 [EMAIL PROTECTED] wrote: very much like to avoid doing the research in a vaccuum. I was hoping a discussion on NANOG wold be a good first step. The project is quite hot with the politicos and I very much want to make sure to best recommendations are made. Formal industrsy cooperation is one side of this, but I think a lot of information can be gained from an informal approach as well. Any and all feedback is greatly appreciated http://www.infosecuritymag.com/2002/sep/2002survey/voices/verylarge.shtml On security reporting... Since Sept. 11, state, local and federal authorities have tried to get their arms around the potential threats to the nation's infrastructure--including the telecommunications infrastructure. They have asked us questions like, 'What are your 100 most vulnerable places in the network?' As much as we would like to help the government in its attempt to help us, we believe it would be counterproductive to share such information widely because if it were released, it would provide a terrorist with a roadmap to our key locations. Unless the government agrees that it can protect our information, we will continue to respectfully decline such blanket requests. Bill Smith CTO and President of Interconnection Services, BellSouth
Re: Vulnerbilities of Interconnection
Sean, I completely agree with statement. It is not a matter of wanting to know where the importants hubs are - we have a pretty good handle on that, but what the impacts would be of a hub loss from an operational stand point. Maybe this is a discussion that needs to be off-line. My goal is to provide some context and validation for the research that is being carried out. There have been some interesting discussion on this forum about multi- provider cooperation in case of emergencies/catastropes. Your suggestion of the creation of a directory for contacts across providers was an insightful addition. I believe more discussion along these lines would be of benefit. The desire is for something high level, not any network details that could prove compromising. Thanks, sean - Original Message - From: Sean Donelan [EMAIL PROTECTED] Date: Thursday, September 5, 2002 12:48 pm Subject: Re: Vulnerbilities of Interconnection On Thu, 5 Sep 2002 [EMAIL PROTECTED] wrote: very much like to avoid doing the research in a vaccuum. I was hoping a discussion on NANOG wold be a good first step. The project is quite hot with the politicos and I very much want to make sure to best recommendations are made. Formal industrsy cooperation is one side of this, but I think a lot of information can be gained from an informal approach as well. Any and all feedback is greatly appreciated http://www.infosecuritymag.com/2002/sep/2002survey/voices/verylarge.sht ml On security reporting... Since Sept. 11, state, local and federal authorities have tried to get their arms around the potential threats to the nation's infrastructure--including the telecommunications infrastructure. They have asked us questions like, 'What are your 100 most vulnerable places in the network?' As much as we would like to help the government in its attempt to helpus, we believe it would be counterproductive to share such informationwidely because if it were released, it would provide a terrorist with a roadmap to our key locations. Unless the government agrees that it can protect our information, we will continue to respectfully decline such blanket requests. Bill Smith CTO and President of Interconnection Services, BellSouth
IP address fee??
Title: Message Quick question, does there exist a practice of charging customer for IP address blocks used? My theory is that the first Class C is included with the service, but I'm wondering what happens when the customer wants 2,3,4 or more? Shane
RE: IP address fee??
Title: Message Shane, There is a practice on that (At least here.). Generally we provide a Class C to our customers at no additional charge, but we have been charging recently for the use of additional blocks. After all, we have to pay those charges to ARIN, and we do need to defer those costs down to the customer if they are going to use a chunk of the address space. At some point well need to get more, and that only increases are costs. Gone are the days when the carriers eat all the side costs. Derek -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Owens, Shane (EPIK.ORL) Sent: Thursday, September 05, 2002 1:36 PM To: [EMAIL PROTECTED] Subject: IP address fee?? Quick question, does there exist a practice of charging customer for IP address blocks used? My theory is that the first Class C is included with the service, but I'm wondering what happens when the customer wants 2,3,4 or more? Shane
RE: IP address fee??
Title: Message Shane, The best practice is to follow the ARIN guidelines. This will make it much easier for you to get your next block of address space. That means: - Slow start - issue folks what they can justify, not a /24. - Issue more space upon request, provided that justification is given - Multihomed customers require no justification for a /24 - Do not issue more than a /21 to a customer. At that point, they can do directly to the RIR. Charging is up to you - you are really just charging for your own services in administering the address space, and perhaps passing through the cost from ARIN. Most folks do not charge for IP space, and it's never something I've been personally comfortable with. - Daniel Golding -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Owens, Shane (EPIK.ORL)Sent: Thursday, September 05, 2002 1:36 PMTo: [EMAIL PROTECTED]Subject: IP address fee?? Quick question, does there exist a practice of charging customer for IP address blocks used? My theory is that the first Class C is included with the service, but I'm wondering what happens when the customer wants 2,3,4 or more? Shane
research request
NANOG Folks, I'm working on a research project to determine how network product end-users interact with the vendors to obtain technical support, software patches, tech notes, and configuration guidelines. If any of you have about 15-20 minutes to chat or fill out a short survey, please contact me off-list. Thanks, Irwin -- Irwin Lazar Practice Manager, Burton Group www.burtongroup.com [EMAIL PROTECTED] Office: 703-742-9659 Cell: 703-402-4119 DrivingNetworkEvolution
Re: IP address fee??
On Thu, Sep 05, 2002 at 01:36:27PM -0400, Derek Samford wrote: Shane, There is a practice on that (At least here.). Generally we provide a Class C to our customers at no additional charge, but we have Why in this day and age, 9 years after the invention of CIDR, are we still refering to class C's? -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
Apologies.
Just wanted to publicly apologize for posting HTML to the list. Thanks to Robert Seastrom for pointing it out to me. Still not sure why it posted as html. Derek
RE: IP address fee??
Haha. Mighty good question. No good answer. Derek -Original Message- From: Richard A Steenbergen [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 05, 2002 1:48 PM To: Derek Samford Cc: 'Owens, Shane (EPIK.ORL)'; [EMAIL PROTECTED] Subject: Re: IP address fee?? On Thu, Sep 05, 2002 at 01:36:27PM -0400, Derek Samford wrote: Shane, There is a practice on that (At least here.). Generally we provide a Class C to our customers at no additional charge, but we have Why in this day and age, 9 years after the invention of CIDR, are we still refering to class C's? -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
RE: IP address fee??
Forgive my use of the term Class C, we do assign CIDR blocks to customers and make them justify their addresses. I just finished a call with sales and a customer where the customer said they won't pay for additional addresses beyond a /24 and I was asked to see what other carriers are doing in these situations. Shane -Original Message- From: Richard A Steenbergen [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 05, 2002 1:48 PM To: Derek Samford Cc: 'Owens, Shane (EPIK.ORL)'; [EMAIL PROTECTED] Subject: Re: IP address fee?? On Thu, Sep 05, 2002 at 01:36:27PM -0400, Derek Samford wrote: Shane, There is a practice on that (At least here.). Generally we provide a Class C to our customers at no additional charge, but we have Why in this day and age, 9 years after the invention of CIDR, are we still refering to class C's? -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
Re: IP address fee??
Why in this day and age, 9 years after the invention of CIDR, are we still refering to class C's? Because we used up class Bs? Alex
Re: Vulnerbilities of Interconnection
As a side note the thanks for responses on Equinix were off list responses - was not meant to be sarcasm since there were not any on list responses. Back to the topic - the first question is the cost of protecting an asset less than the cost of loosing the asset. If the answer is yes then there is economic justification for protection. I believe the issue will not be one of the government deciding what assets are ciritcal, but more likely the insurace industry. At the end of the day the insurance industry has to come to terms with how to deal with network downage. The value they put on assets for insurance and reassurance will most likey be the trigger. Then you can start get an answer to your question of who is most critical - who has the most loose finacially from downage. From the examples you listed I'd say NASDAQ. The question becomes what infrastructure is that critical node or sector most dependent on. It is the interdependecies that causes the rub, who is responsible, who is left holdig the bag, who has the ability to pay etc. - Original Message - From: batz [EMAIL PROTECTED] Date: Thursday, September 5, 2002 4:36 pm Subject: Re: Vulnerbilities of Interconnection On Thu, 5 Sep 2002 [EMAIL PROTECTED] wrote: :I completely agree with statement. It is not a matter of wanting to :know where the importants hubs are - we have a pretty good handle on :that, but what the impacts would be of a hub loss from an operational :stand point. Maybe this is a discussion that needs to be off- line. :My goal is to provide some context and validation for the research :that is being carried out. The vulnerability is relative to the priority and value of the asset being protected. Without definition of those assets from the government, or whatever stakeholder needs to know, it is difficult to explain. Operationally, you can talk about various meet-me points, hubs, exchangesand routes as being critical, but the sites those links service will be the metric by which their importance is measured. Until our various political masters decide what sites they think are truely critical, any assessment will be relative to shifting prioritiesof participants in the discussion. Who is more critical; Nasdaq, Google, WCOM or the GSA? You can see how this becomes relative pretty quickly. -- batz
RE: Vulnerbilities of Interconnection
The crux of the issue are FOIA requests. The government won't make these types of vulnerability reports immmune to FOIA requests - thus a foreign terrorist or home-grown farmbelt fuhrer could simply order up a list of the most vulnerable sites, and select some to attack. Due to the distributed nature of the internet, and the routing protocols that regulate it's traffic flow, there is no single point of failure. However, we have seen how concerted attacks can be made at multiple locations, almost simultaneously. If the government could agree to allow this information to remain confidential, it would greatly expedite the process of hardening appropriate facilities, and identifying weaknesses. - Daniel Golding Sean Donelan Said... On Thu, 5 Sep 2002 [EMAIL PROTECTED] wrote: very much like to avoid doing the research in a vaccuum. I was hoping a discussion on NANOG wold be a good first step. The project is quite hot with the politicos and I very much want to make sure to best recommendations are made. Formal industrsy cooperation is one side of this, but I think a lot of information can be gained from an informal approach as well. Any and all feedback is greatly appreciated http://www.infosecuritymag.com/2002/sep/2002survey/voices/verylarge.shtml On security reporting... Since Sept. 11, state, local and federal authorities have tried to get their arms around the potential threats to the nation's infrastructure--including the telecommunications infrastructure. They have asked us questions like, 'What are your 100 most vulnerable places in the network?' As much as we would like to help the government in its attempt to help us, we believe it would be counterproductive to share such information widely because if it were released, it would provide a terrorist with a roadmap to our key locations. Unless the government agrees that it can protect our information, we will continue to respectfully decline such blanket requests. Bill Smith CTO and President of Interconnection Services, BellSouth
Re: IP address fee??
Possibly because that is what they are still teaching them as in school? Seriously... I'm not sure that the teachers I had for networking and systems admin had ever heard of CIDR. The textbooks hadn't. It was a nice bump in the learning curve when I hit the real world. *** REPLY SEPARATOR *** On 9/5/2002 at 1:48 PM Richard A Steenbergen wrote: On Thu, Sep 05, 2002 at 01:36:27PM -0400, Derek Samford wrote: Shane, There is a practice on that (At least here.). Generally we provide a Class C to our customers at no additional charge, but we have Why in this day and age, 9 years after the invention of CIDR, are we still refering to class C's? -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6) -- Jeff Shultz Network Support Technician Willamette Valley Internet 503-769-3331 (Stayton) 503-390-7000 (Salem) [EMAIL PROTECTED] ...most of us have as our claim to fame the ability to talk to inanimate objects and convince them they want to listen to us. -- Valdis Kletnieks in a.s.r
Re: Vulnerbilities of Interconnection
At 12:44 PM 9/5/2002 -0400, [EMAIL PROTECTED] wrote: One part that we are looking at are the vulnerbilites of interconnection facilites. A quick point...Several folks have postulated that the internal (non-physical) threat dwarfs that of the physical threat, due to the lack of visibility, the difficulty of tracking and coordinating a response, and the millions of vulnerable systems world-wide capable of launching an internal attack. A physical attack (a hole in a wall for example) can typically be detected and corrected in a matter of hours or days, while an effective internal attack could be varied in time and scope causing at least as much damage invisibly for a much longer period of time. That said, a few years back I wrote the Interconnection Strategies for ISPs white paper, which speaks to the economics of peering using exchange points vs. using pt-to-pt circuits. It documents a clear break even point where large capacity circuits (or dark fiber loops) into an IX with fiber cross connects within a building are a better fit (financially) than pt-to-pt circuits. A couple physical security considerations came out of that research: 1) Consider that man holes are not always secured, providing access to metro fiber runs, while there is generally greater security within colocation environments 2) It is faster to repair physical disruptions at fewer points, leveraging cutovers to alternative providers present in the collocation IX model, as opposed to the Direct Circuit model where provisioning additional capacities to many end points may take days or months. Finally, I have seen a balancing act between how much it costs to protect against a disruption versus the cost of the disruption. In today's economy (unlike say a few years ago) more folks seem to be focused on doing this mathematically calculation rather than just picking full mesh interconnect topologies. Bill --- William B. Norton [EMAIL PROTECTED] 650.315.8635 Co-Founder and Chief Technical Liaison Equinix, Inc. Yahoo Instant Messenger ID: WilliamBNorton
Re: IP address fee??
Thus spake Richard A Steenbergen [EMAIL PROTECTED] On Thu, Sep 05, 2002 at 01:36:27PM -0400, Derek Samford wrote: Shane, There is a practice on that (At least here.). Generally we provide a Class C to our customers at no additional charge, but we have Why in this day and age, 9 years after the invention of CIDR, are we still refering to class C's? Because Cee is easier to pronounce than slash twenty-four. Ease of use trumps open standards yet again :) S
Re: IP address fee??
On Thu, Sep 05, 2002 at 11:00:43AM -0700, Jeff Shultz wrote: Possibly because that is what they are still teaching them as in school? Seriously... I'm not sure that the teachers I had for networking and systems admin had ever heard of CIDR. The textbooks hadn't. It was a nice bump in the learning curve when I hit the real world. I've never seen a text book which had any relevance to modern networking which didn't cover CIDR. Perhaps if we all made a conscious effort to avoid using the term, new people who are learning from the examples they see around them would stop picking up on it as how things work. History is nice, but not knowing when to give up and move on is just sad. :) -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
Re: RE: Vulnerbilities of Interconnection
That is one of the reasons research is being done at universities, they are not answerable to FOIA's. While the university environment is not the Fort Knox of security for special projects a high level of security and confidentiality can be ensured. Trying to sort out publications is the headache. - Original Message - From: Daniel Golding [EMAIL PROTECTED] Date: Thursday, September 5, 2002 1:27 pm Subject: RE: Vulnerbilities of Interconnection The crux of the issue are FOIA requests. The government won't make thesetypes of vulnerability reports immmune to FOIA requests - thus a foreign terrorist or home-grown farmbelt fuhrer could simply order up a list of the most vulnerable sites, and select some to attack. Due to the distributed nature of the internet, and the routing protocolsthat regulate it's traffic flow, there is no single point of failure. However, we have seen how concerted attacks can be made at multiple locations, almost simultaneously. If the government could agree to allow this information to remain confidential, it would greatly expedite the process of hardening appropriatefacilities, and identifying weaknesses. - Daniel Golding Sean Donelan Said... On Thu, 5 Sep 2002 [EMAIL PROTECTED] wrote: very much like to avoid doing the research in a vaccuum. I was hoping a discussion on NANOG wold be a good first step. The project is quite hot with the politicos and I very much want to make sure to best recommendations are made. Formal industrsy cooperation is one side of this, but I think a lot of information can be gained from an informal approach as well. Any and all feedback is greatly appreciated http://www.infosecuritymag.com/2002/sep/2002survey/voices/verylarge.sht ml On security reporting... Since Sept. 11, state, local and federal authorities have tried to get their arms around the potential threats to the nation's infrastructure--including the telecommunications infrastructure. They have asked us questions like, 'What are your 100 most vulnerable places in the network?' As much as we would like to help the government in its attempt to help us, we believe it would be counterproductive to share such information widely because if it were released, it would provide a terrorist with a roadmap to our key locations. Unless the government agrees that it can protect our information, we will continue to respectfully decline such blanket requests. Bill Smith CTO and President of Interconnection Services, BellSouth
Re: IP address fee??
On Thu, 5 Sep 2002, Richard A Steenbergen wrote: On Thu, Sep 05, 2002 at 01:36:27PM -0400, Derek Samford wrote: Shane, There is a practice on that (At least here.). Generally we provide a Class C to our customers at no additional charge, but we have Why in this day and age, 9 years after the invention of CIDR, are we still refering to class C's? At least as importantly, why do 254 addresses get provided where the actual need might not warrant that quantity? Tony
Re: IP address fee??
Tony Tauber wrote: On Thu, 5 Sep 2002, Richard A Steenbergen wrote: On Thu, Sep 05, 2002 at 01:36:27PM -0400, Derek Samford wrote: Shane, There is a practice on that (At least here.). Generally we provide a Class C to our customers at no additional charge, but we have Why in this day and age, 9 years after the invention of CIDR, are we still refering to class C's? At least as importantly, why do 254 addresses get provided where the actual need might not warrant that quantity? Because it's easier to do the reverse DNS? Sorry to contribute to the general noise, but that answer's close to the truth. -- ...some sort of steganographic chaffing and winnowing scheme already exists in practice right here: I frequently find myself having to sort through large numbers of idiotic posts to find the good ones. -- Rufus Faloofus
Re: Vulnerbilities of Interconnection
That said, a few years back I wrote the Interconnection Strategies for ISPs white paper, which speaks to the economics of peering using exchange points vs. using pt-to-pt circuits. It documents a clear break even point where large capacity circuits (or dark fiber loops) into an IX with fiber cross connects within a building are a better fit (financially) than pt-to-pt circuits. This obviously would be a thesis of Equinix and other collo space providers, since this is exactly the service that they provide. It won't, hower, be a thesis of any major network that either already has a lot of infrastructure in place or has to be a network that is supposed to survive a physical attack. A couple physical security considerations came out of that research: 1) Consider that man holes are not always secured, providing access to metro fiber runs, while there is generally greater security within colocation environments This is all great, except that the same metro fiber runs are used to get carriers into the super-secure facility, and, since neither those who originate information, nor those who ultimately consume the information are located completely within facility, you still have the same problem. If we add to it that the diverse fibers tend to aggregate in the basement of the building that houses the facility, multiple carriers use the same manholes for their diverse fiber and so on. 2) It is faster to repair physical disruptions at fewer points, leveraging cutovers to alternative providers present in the collocation IX model, as opposed to the Direct Circuit model where provisioning additional capacities to many end points may take days or months. This again is great in theory, unless you are talking about someone who is planning on taking out the IX not accidently, but deliberately. To illustrate this, one just needs to recall the infamous fiber cut in McLean in 1999 when a backhoe not just cut Worldcom and Level(3) circuits, but somehow let a cement truck to pour cement into Verizon's manhole that was used by Level(3) and Worldcom. Alex
Re: IP address fee??
Date: Thu, 05 Sep 2002 11:00:43 -0700 From: Jeff Shultz [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: IP address fee?? Possibly because that is what they are still teaching them as in school? As much as I hate to interject this... CIDR is fairly new to me, but referring to a Class C address conveys some pretty specific information ... Similar to referring to 139.98/24. To *me*, Class C implies a specific address range (probably no longer needed) with specific masks, et al... Oh well, back to lurk mode... Regards, gregory Hicks Seriously... I'm not sure that the teachers I had for networking and systems admin had ever heard of CIDR. The textbooks hadn't. It was a nice bump in the learning curve when I hit the real world. *** REPLY SEPARATOR *** On 9/5/2002 at 1:48 PM Richard A Steenbergen wrote: On Thu, Sep 05, 2002 at 01:36:27PM -0400, Derek Samford wrote: Shane, There is a practice on that (At least here.). Generally we provide a Class C to our customers at no additional charge, but we have Why in this day and age, 9 years after the invention of CIDR, are we still refering to class C's? -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6) -- Jeff Shultz Network Support Technician Willamette Valley Internet 503-769-3331 (Stayton) 503-390-7000 (Salem) [EMAIL PROTECTED] ...most of us have as our claim to fame the ability to talk to inanimate objects and convince them they want to listen to us. -- Valdis Kletnieks in a.s.r --- Gregory Hicks| Principal Systems Engineer Cadence Design Systems | Direct: 408.576.3609 555 River Oaks Pkwy M/S 6B1 | Fax: 408.894.3400 San Jose, CA 95134 | Internet: [EMAIL PROTECTED] The trouble with doing anything right the first time is that nobody appreciates how difficult it was. When a team of dedicated individuals makes a commitment to act as one... the sky's the limit. There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff You can have it done good, fast, or cheap -- pick any two.
Re: Vulnerbilities of Interconnection
At 02:45 PM 9/5/2002 -0400, [EMAIL PROTECTED] wrote: This obviously would be a thesis of Equinix and other collo space providers, since this is exactly the service that they provide. It won't, hower, be a thesis of any major network that either already has a lot of infrastructure in place or has to be a network that is supposed to survive a physical attack. Actually, the underlying assumption of this paper is that major networks already have a large global backbone that need to interconnect in n-regions. The choice between Direct Circuits and Colo-based cross connects is discussed and documented with costs and tradeoffs. Surviving a major attack was not the focus of the paper...but... When I did this research I asked ISPs how many Exchange Points they felt were needed in a region. Many said one was sufficient, that they were resilient across multiple exchange points and transit relationships, and preferred to engineer their own diversity separate from regional exchanges. A bunch said that two was the right number, each with different operating procedures, geographic locations, providers of fiber, etc. , as different as possible. Folks seemed unanimous about there not being more than two IXes in a region, that to do so would splinter the peering population. Bill Woodcock was the exception to this last claim, positing (paraphrasing) that peering is an local routing optimization and that many inexpensive (relatively insecured) IXes are acceptable. The loss of any one simply removes the local routing optimization and that transit is always an alternative for that traffic. A couple physical security considerations came out of that research: 1) Consider that man holes are not always secured, providing access to metro fiber runs, while there is generally greater security within colocation environments This is all great, except that the same metro fiber runs are used to get carriers into the super-secure facility, and, since neither those who originate information, nor those who ultimately consume the information are located completely within facility, you still have the same problem. If we add to it that the diverse fibers tend to aggregate in the basement of the building that houses the facility, multiple carriers use the same manholes for their diverse fiber and so on. Fine - we both agree that no transport provider is entirely protected from physical tampering if its fiber travels through insecure passageways. Note that some transport capacity into an IX doesn't necessarily travel along the same path as the metro providers, particularly those IXes located outside a metro region. There are also a multitude of paths, proportional to the # of providers still around in the metro area, that provide alternative paths into the IX. Within an IX therefore is a concentration of alternative providers, and these alternative providers can be used as needed in the event of a path cut. 2) It is faster to repair physical disruptions at fewer points, leveraging cutovers to alternative providers present in the collocation IX model, as opposed to the Direct Circuit model where provisioning additional capacities to many end points may take days or months. This again is great in theory, unless you are talking about someone who is planning on taking out the IX not accidently, but deliberately. To illustrate this, one just needs to recall the infamous fiber cut in McLean in 1999 when a backhoe not just cut Worldcom and Level(3) circuits, but somehow let a cement truck to pour cement into Verizon's manhole that was used by Level(3) and Worldcom. Terrorists in cement trucks? Again, it seems more likely and more technically effective to attack internally than physically. Focus again here on the cost/benefit analysis from both the provider and disrupter perspective and you will see what I mean. Alex
Re: IP address fee??
On Thu, 5 Sep 2002, Etaoin Shrdlu wrote: Tony Tauber wrote: On Thu, 5 Sep 2002, Richard A Steenbergen wrote: On Thu, Sep 05, 2002 at 01:36:27PM -0400, Derek Samford wrote: Shane, There is a practice on that (At least here.). Generally we provide a Class C to our customers at no additional charge, but we have Why in this day and age, 9 years after the invention of CIDR, are we still refering to class C's? At least as importantly, why do 254 addresses get provided where the actual need might not warrant that quantity? Because it's easier to do the reverse DNS? Sorry to contribute to the general noise, but that answer's close to the truth. these days you can easily delegate reverse using CIDR with BIND ... http://www.faqs.org/rfcs/rfc2317.html -chris -- ...some sort of steganographic chaffing and winnowing scheme already exists in practice right here: I frequently find myself having to sort through large numbers of idiotic posts to find the good ones. -- Rufus Faloofus
Re: IP address fee??
At 11:39 AM 9/5/2002 -0700, Etaoin Shrdlu wrote: At least as importantly, why do 254 addresses get provided where the actual need might not warrant that quantity? Because it's easier to do the reverse DNS? Sorry to contribute to the general noise, but that answer's close to the truth. http://www.faqs.org/rfcs/rfc2317.html Easier maybe... But with classless delegation of IN-ADDR.ARPA this should not be an issue any longer. -- ...some sort of steganographic chaffing and winnowing scheme already exists in practice right here: I frequently find myself having to sort through large numbers of idiotic posts to find the good ones. -- Rufus Faloofus -- Christopher Schulte http://www.schulte.org/ Do not un-munge my nospam.schulte.org email address. This address is valid.
Re: IP address fee??
Thus spake Richard A Steenbergen [EMAIL PROTECTED] On Thu, Sep 05, 2002 at 11:00:43AM -0700, Jeff Shultz wrote: Possibly because that is what they are still teaching them as in school? Seriously... I'm not sure that the teachers I had for networking and systems admin had ever heard of CIDR. The textbooks hadn't. It was a nice bump in the learning curve when I hit the real world. I've never seen a text book which had any relevance to modern networking which didn't cover CIDR. Sadly, most texts I've read, and certainly all the current courseware I've looked at, still teach classful addressing and subnetting as the primary method with a sidebar on CIDR as the new method. Perhaps if we all made a conscious effort to avoid using the term, new people who are learning from the examples they see around them would stop picking up on it as how things work. History is nice, but not knowing when to give up and move on is just sad. The term class C sticks because it's so useful; you'll note that class [AB] aren't used much colloquially. This is how English evolves. S
Re: IP address fee??
Thus spake Tony Tauber [EMAIL PROTECTED] On Thu, 5 Sep 2002, Richard A Steenbergen wrote: On Thu, Sep 05, 2002 at 01:36:27PM -0400, Derek Samford wrote: Shane, There is a practice on that (At least here.). Generally we provide a Class C to our customers at no additional charge, but we have Why in this day and age, 9 years after the invention of CIDR, are we still refering to class C's? At least as importantly, why do 254 addresses get provided where the actual need might not warrant that quantity? Because ARIN doesn't verify end-users actually need all the addresses SWIPed to them, and the more addresses an ISP SWIPs, the lower the cost per address and the easier it is to get more. There is at least one provider which assigns a /23 to each customer circuit even if the customer has their own IP space. I was unable to get a reasonable explanation other than policy. S
Re: Vulnerbilities of Interconnection
The question is what if someone was gunning for your fiber. To date cuts have been unintentional. Obviously the risk level is much higher doing a phyisical attack, but the bad guys in this scenario are not teenage hackers in the parents basement. There is a good foundation of knowledge on the implications of cyber attacks, but the what-if of an intentional physical attack is an important question I believe. The context in this discussion has been very valuable and many thanks to everyone that has offered opinions. - Original Message - From: Dave Israel [EMAIL PROTECTED] Date: Thursday, September 5, 2002 3:50 pm Subject: Re: Vulnerbilities of Interconnection The thing is, the major cuts are not attacks; the backhoe operators aren't gunning for our fiber (no matter how much it seems like they are). If I wanted to disrupt traffic, intentionally and maliciously, I would not derail a train into a fiber path. Doing so would be very difficult, and the legal ramifications (murder, destruction of property, etc, etc) are quite clear and severe. However, if I ping-bomb you from a thousand 0wn3d PCs on cable modems, I never had to leave my parents' basement, I'm harder to trace by normal police methods, and the question of which laws that can be applied to me is less clear. -Dave On 9/5/2002 at 15:38:56 -0400, [EMAIL PROTECTED] said: Again, it seems more likely and more technically effective to attack internally than physically. Focus again here on the cost/benefit analysis from both the provider and disrupter perspective and you will see what I mean. Is there a general consensus that cyber/internal attacks are more effective/dangerous than physical attacks. Anecdotally it seems the largest Internet downages have been from physical cuts or failures. 2001 Baltimore train tunnel vs. code red worm (see keynote report) 1999 Mclean fiber cut - cement truck ATT cascading switch failure Utah fiber cut (date??) Not sure where the MAI mess up at MAE east falls Utah fiber cut (date??) Then again this is the biased perspetive of the facet I'm researching Secondly it seems that problems arise from physical cuts not because of a lack of redundant paths but a bottlneck in peering and transit - resulting in ripple effects seen with the Baltimore incident. - Original Message - From: William B. Norton [EMAIL PROTECTED] Date: Thursday, September 5, 2002 3:04 pm Subject: Re: Vulnerbilities of Interconnection At 02:45 PM 9/5/2002 -0400, [EMAIL PROTECTED] wrote: This obviously would be a thesis of Equinix and other collo space providers,since this is exactly the service that they provide. It won't, hower, be a thesis of any major network that either already has a lot of infrastructurein place or has to be a network that is supposed to survive a physical attack. Actually, the underlying assumption of this paper is that major networks already have a large global backbone that need to interconnect in n-regions. The choice between Direct Circuits and Colo-based cross connects is discussed and documented with costs and tradeoffs. Surviving a major attack was not the focus of the paper...but... When I did this research I asked ISPs how many Exchange Points they felt were needed in a region. Many said one was sufficient, that they were resilient across multiple exchange points and transit relationships, and preferred to engineer their own diversity separate from regional exchanges. A bunch said that two was the right number, each with different operating procedures, geographic locations, providers of fiber, etc. , as different as possible. Folks seemed unanimous about there not being more than two IXes in a region, that to do so would splinter the peering population. Bill Woodcock was the exception to this last claim, positing (paraphrasing) that peering is an local routing optimization and that many inexpensive (relatively insecured) IXes are acceptable. The loss of any one simply removes the local routing optimization and that transit is always an alternative for that traffic. A couple physical security considerations came out of that research: 1) Consider that man holes are not always secured, providing access to metro fiber runs, while there is generally greater security within colocation environments This is all great, except that the same metro fiber runs are used to get carriers into the super-secure facility, and, since neither those who originate information, nor those who ultimately consume the information are located completely within facility, you still have the same problem. If we add to it that the diverse fibers
Re: Vulnerbilities of Interconnection
The thing is, the major cuts are not attacks; the backhoe operators aren't gunning for our fiber (no matter how much it seems like they are). If I wanted to disrupt traffic, intentionally and maliciously, I would not derail a train into a fiber path. Doing so would be very difficult, and the legal ramifications (murder, destruction of property, etc, etc) are quite clear and severe. However, if I ping-bomb you from a thousand 0wn3d PCs on cable modems, I never had to leave my parents' basement, I'm harder to trace by normal police methods, and the question of which laws that can be applied to me is less clear. This fails to address how this affects someone who has no problem with legal ramfications - i.e. a terrorist. Alex
Re: Vulnerbilities of Interconnection
On Thu, 5 Sep 2002 [EMAIL PROTECTED] wrote: There is a good foundation of knowledge on the implications of cyber attacks, but the what-if of an intentional physical attack is an important question I believe. The context in this discussion has been very valuable and many thanks to everyone that has offered opinions. In our open western society a determined group of people can cause a lot of problems if they just want to. Most fiber and electrical connections are very easy to hit because either they are very visable (power lines) or they go along few stretches of way (usually along train rails or roads). Getting information where the infrastructure is located is not very hard, especially if you're in the industry already. I don't know about the US, but cutting Sweden in half power- and fiber-wise would involve 1-2 weeks of work for 2-3 people with explosives. This would cause huge problems, especially with telecommunications. I would guess that the situation is the same in the US, there aren't that many different east/west fiberstretches that you need to cut to generate a lot of problems for everybody. Imagine all the problems caused by backhoes and extrapolate this into something done by someone actually wanting to cause as much trouble as possible. It's not easy to do anything about this, our society is based on cooperation, law and order. If this starts to break down we're all very vulnerable. -- Mikael Abrahamssonemail: [EMAIL PROTECTED]
[Fwd: Re: IP address fee??]
---BeginMessage--- I base my allocations on the customers necessity not what they request. ARIN can get picky when you go back for address space and you allocate a /24 and the customer only uses a 30 ips.. Regards, Manolo On Thu, 2002-09-05 at 14:33, Tony Tauber wrote: On Thu, 5 Sep 2002, Richard A Steenbergen wrote: On Thu, Sep 05, 2002 at 01:36:27PM -0400, Derek Samford wrote: Shane, There is a practice on that (At least here.). Generally we provide a Class C to our customers at no additional charge, but we have Why in this day and age, 9 years after the invention of CIDR, are we still refering to class C's? At least as importantly, why do 254 addresses get provided where the actual need might not warrant that quantity? Tony -- Manolo Hernandez - Network Administrator Dialtone Internet - Extremely Fast Linux Web Servers phone://954-581-0097 fax://954-581-7629 mailto:[EMAIL PROTECTED] http://www.dialtone.com The only source of knowledge is experience. - A. Einstein ---End Message---
Re: IP address fee??
On Thu, 5 Sep 2002, Owens, Shane (EPIK.ORL) wrote: Quick question, does there exist a practice of charging customer for IP address blocks used? My theory is that the first Class C is included with the service, but I'm wondering what happens when the customer wants 2,3,4 or more? Shane: I think an important question would be what level of service are they buying. Including 255 address with a T3 would be very reasonable, less so with a T1, not very reasonable with DSL, and ridiculous with a dial-up account. There is generally a charge for additional IPs with DSL (or co-location) services because it is so cheap. You don't usually find this with T1 and above. But everyone's pricing is different. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Vulnerbilities of Interconnection
On 9/5/2002 at 16:01:02 -0400, [EMAIL PROTECTED] said: The thing is, the major cuts are not attacks; the backhoe operators aren't gunning for our fiber (no matter how much it seems like they are). If I wanted to disrupt traffic, intentionally and maliciously, I would not derail a train into a fiber path. Doing so would be very difficult, and the legal ramifications (murder, destruction of property, etc, etc) are quite clear and severe. However, if I ping-bomb you from a thousand 0wn3d PCs on cable modems, I never had to leave my parents' basement, I'm harder to trace by normal police methods, and the question of which laws that can be applied to me is less clear. This fails to address how this affects someone who has no problem with legal ramfications - i.e. a terrorist. Even a terrorist will tend towards things that allow him to continue to be a terrorist. If I can do X amount of damage, and get caught, or do X amount of damage, and not get caught, then he'll do the second. Even a terrorist that will die to kill will probably not die to inconvenience.
Re: Vulnerbilities of Interconnection
This fails to address how this affects someone who has no problem with legal ramfications - i.e. a terrorist. Even a terrorist will tend towards things that allow him to continue to be a terrorist. If I can do X amount of damage, and get caught, or do X amount of damage, and not get caught, then he'll do the second. Even a terrorist that will die to kill will probably not die to inconvenience. This presumes he subscribes to the western value system. It had been proven to be a fatally incorrect presumption. Alex
Re: Vulnerbilities of Interconnection
On Thu, 5 Sep 2002 [EMAIL PROTECTED] wrote: :The question is what if someone was gunning for your fiber. To date :cuts have been unintentional. Obviously the risk level is much higher :doing a phyisical attack, but the bad guys in this scenario are not :teenage hackers in the parents basement. This happened recently in Quebec where there is a labour dispute with Videotron and one of the unions representing its workers. The dispute has been exaserbated by the sabotage of the companies fiber lines. Now, while this may affect Videotrons bottom line, it only becomes a critical infrastructure issue when it becomes a Hydro Quebec issue, or it interferes with the provinces ability to deliver services. Honestly, if a few million people can't get their porn streams, the world isn't going to end. If 911 operators, or ambulance services can't direct emergency crews for 10 people, then you have a serious problem. :There is a good foundation of knowledge on the implications of cyber :attacks, but the what-if of an intentional physical attack is an :important question I believe. The context in this discussion has been :very valuable and many thanks to everyone that has offered opinions. The What-If questions have to be sorted from a particular view, and it will be the legislators view which will ultimately matter. You can bluesky, whiteboard, game and scheme all you like, but there are only a few opinions that matter when it comes to deciding what is of importance to national security, and until we hear from them, we can be as paranoid and imaginative as we want, and it won't help the infrastructure become more secure. So, as for Nasdaq, vs Google, vs the GSA vs Agriculture vs CNN, until we have the correct order in which to place these entities, we can't provide a useful or accurate model of how vulnerable the infrastructure is. You mentioned that you thought Nasdaq would be the most important asset to protect, but what happens if some Internet traders on AOL can't make their trades because of a fiber cut, vs not being able to get their infotainment from CNN, vs weather and crop data data not getting to farmers on time. It's a relative and ultimately political discussion. -- batz
RE: Vulnerbilities of Interconnection
To reinforce a dissenting opinion, And your explanation accounts for suicide bombers how? I would think a smoking hole in the ground containing a train or whatever, particularly if lose of life is involved, would be much more appealing to the motivations of most terrorists than a couple of computers with blue screens of death. I would think 9-11 would provide a compelling example of current terrorist practice. Just my 2ยข Best regards, _ Alan Rowland -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dave Israel Sent: Thursday, September 05, 2002 1:29 PM To: [EMAIL PROTECTED] Cc: Dave Israel; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Vulnerbilities of Interconnection On 9/5/2002 at 16:01:02 -0400, [EMAIL PROTECTED] said: The thing is, the major cuts are not attacks; the backhoe operators aren't gunning for our fiber (no matter how much it seems like they are). If I wanted to disrupt traffic, intentionally and maliciously, I would not derail a train into a fiber path. Doing so would be very difficult, and the legal ramifications (murder, destruction of property, etc, etc) are quite clear and severe. However, if I ping-bomb you from a thousand 0wn3d PCs on cable modems, I never had to leave my parents' basement, I'm harder to trace by normal police methods, and the question of which laws that can be applied to me is less clear. This fails to address how this affects someone who has no problem with legal ramfications - i.e. a terrorist. Even a terrorist will tend towards things that allow him to continue to be a terrorist. If I can do X amount of damage, and get caught, or do X amount of damage, and not get caught, then he'll do the second. Even a terrorist that will die to kill will probably not die to inconvenience.
RE: IP address fee??
I agree. It's my employers policy that a T1 customer recieve a /29 (up to a /28 if they can legitimize it based on the ARIN policy). A T3/DS3 customer is granted a /24 by default. I'm not exactly sure what the purchase price is for additional space, but I do know that whatever space they request must still adhere the ARIN usage and guidelines. (goes for DSL, Dial, etc requests as well) On Thu, 5 Sep 2002, Owens, Shane (EPIK.ORL) wrote: Quick question, does there exist a practice of charging customer for IP address blocks used? My theory is that the first Class C is included with the service, but I'm wondering what happens when the customer wants 2,3,4 or more? Shane: I think an important question would be what level of service are they buying. Including 255 address with a T3 would be very reasonable, less so with a T1, not very reasonable with DSL, and ridiculous with a dial-up account. There is generally a charge for additional IPs with DSL (or co-location) services because it is so cheap. You don't usually find this with T1 and above. But everyone's pricing is different.
Re: IP address fee??
On Thu, 5 Sep 2002 [EMAIL PROTECTED] wrote: I'm trying to figure out what you think IP space allocation has to do with bandwidth. IP space is not just another bullet point on the marketing slide that makes a particular service option that more attractive - if you can't use it, you can't have it. I have to believe Who said anything about NOT showing justification ? That thread had already been fairly well covered - but didn't address the question as I saw it. The question was about price and that's what I was addressing. You might request justification for any allocation over a single address -- but still not charge until they have 255, or 65,536, or whatever you might decide. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Vulnerbilities of Interconnection
Batz, I believe we are talking about two different perspectives here operational and end user. The concern I have is with the ability of sectors dependent on information infrastructure to operate if there are problems. What web-site is abvailable to the end user is not the value judgement but if NASDAQ can facilitate stock trades, if banks can clear settlements, etc. It does get a little fuzzy in what you consider Internet and what you consider private networks. From a physical perspective they all use a common fiber infrastructure - it all runs in the same trench - so in some terms it does not matter. There has been quite a bit of discussion about physical downage being an inconveniance, and if you limit yourself to just the Internet (web sites, email, porn, etc) this is a valid statement. Where this goes off track is that the Internet is only part of the equation - the operation of several critical infrastructures is dependent on fiber based communications. A cut is a cut - it does discriminate against private networks, security protocols, encryption or anything else. A leased line does not mean you get a special ditch. - Original Message - From: batz [EMAIL PROTECTED] Date: Thursday, September 5, 2002 7:41 pm Subject: Re: Vulnerbilities of Interconnection On Thu, 5 Sep 2002 [EMAIL PROTECTED] wrote: :The question is what if someone was gunning for your fiber. To date :cuts have been unintentional. Obviously the risk level is much higher :doing a phyisical attack, but the bad guys in this scenario are not :teenage hackers in the parents basement. This happened recently in Quebec where there is a labour dispute with Videotron and one of the unions representing its workers. The dispute has been exaserbated by the sabotage of the companies fiberlines. Now, while this may affect Videotrons bottom line, it only becomes a critical infrastructure issue when it becomes a Hydro Quebec issue, or it interferes with the provinces ability to deliver services. Honestly, if a few million people can't get their porn streams, the world isn't going to end. If 911 operators, or ambulance services can't direct emergency crews for 10 people, then you have a serious problem. :There is a good foundation of knowledge on the implications of cyber :attacks, but the what-if of an intentional physical attack is an :important question I believe. The context in this discussion has been :very valuable and many thanks to everyone that has offered opinions. The What-If questions have to be sorted from a particular view, and it will be the legislators view which will ultimately matter. You can bluesky, whiteboard, game and scheme all you like, but there are only a few opinions that matter when it comes to deciding what is of importance to national security, and until we hear from them, we can be as paranoid and imaginative as we want, and it won't help the infrastructure become more secure. So, as for Nasdaq, vs Google, vs the GSA vs Agriculture vs CNN, until we have the correct order in which to place these entities, we can't provide a useful or accurate model of how vulnerable the infrastructure is. You mentioned that you thought Nasdaq would be the most important asset to protect, but what happens if some Internet traders on AOL can't make their trades because of a fiber cut, vs not being able to get their infotainment from CNN, vs weather and crop data data not getting to farmers on time. It's a relative and ultimately political discussion. -- batz
RE: Vulnerbilities of Interconnection
Daniel Golding [EMAIL PROTECTED] wrote: The crux of the issue are FOIA requests. The government won't make these types of vulnerability reports immmune to FOIA requests - thus a foreign terrorist or home-grown farmbelt fuhrer could simply order up a list of the most vulnerable sites, and select some to attack. They already are exempt from FOIA requests. Namely, EXEMPTION 4, Trade Secrets, Commercial or Financial Information or possibly EXEMPTION 7(F) Physical Safety to Protect a wide Range of Individuals. IANAL. -- Crist J. Clark | [EMAIL PROTECTED] | [EMAIL PROTECTED] http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
Re: IP address fee??
On Thu, 5 Sep 2002 13:49:25 -0400 Derek Samford [EMAIL PROTECTED] wrote: Haha. Mighty good question. No good answer. From: Richard A Steenbergen [mailto:[EMAIL PROTECTED]] Why in this day and age, 9 years after the invention of CIDR, are we still refering to class C's? about 2 years ago, interviewing fresh graduates for jobs, i found that they were still being taught classful networking at many colleges. it was a fairly depresssing discovery. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re: Vulnerbilities of Interconnection
On Thu, 05 Sep 2002 12:04:16 -0700 William B. Norton [EMAIL PROTECTED] wrote: Terrorists in cement trucks? Again, it seems more likely and more technically effective to attack internally than physically. Focus again here on the cost/benefit analysis from both the provider and disrupter perspective and you will see what I mean. reflecting on my experiences in such facilities... usually all i've ever needed to do at the door is sign in after proving that i work for a company that has colo space. my boxes of equipment have never been inspected. therefore, to attack many colo facilities, it is sufficient to sign contracts that i never intend to honor and then carry boxes of stuff up that has nothing to do with colo. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Updated DNS monitoring, take 2
Hi, NANOGers. Rodney Joffe (thanks, Rodney!) correctly pointed out that my gTLD monitoring was only tracking the Verisign gTLD (com, net, org) name servers. I have now added the other TLDs to the mix. It can all be found in two places: http://www.cymru.com/DNS/ http://bgp.lcs.mit.edu/dnsmirror/ I will shortly have an additional web server on a much faster set of links, as well as another mirror. For the impatient, I recommend the MIT site. Don't forget to check the Lame Report while you're there. :) Comments and feedback are always welcome! Thanks, Rob. -- Rob Thomas http://www.cymru.com ASSERT(coffee != empty);
Re: Vulnerbilities of Interconnection
On Thu, 5 Sep 2002, Richard Welty wrote: usually all i've ever needed to do at the door is sign in after proving that i work for a company that has colo space. my boxes of equipment have never been inspected. How many banks know what their customers have put in the safe deposit boxes stored in the bank's vaults? Do you want guard rummaging through your equipment? Even if they opened the boxes how would a guard know what's inside a 12000 router? Rent the movie Infinity (1996) or read Richard Feynman's books describing the security around The Manhattan Project at Los Alamos.
Re: IP address fee??
I think an important question would be what level of service are they buying. Including 255 address with a T3 would be very reasonable, less so with a T1, not very reasonable with DSL, and ridiculous with a dial-up account. I must be missing something. Why would you expect need for IP addresses to correlate with bandwidth? I can see a company buying a DS3 for a single web/application server or load balancer. I can see an apartment building with 120 network jacks getting a T1. It may make business sense to bundle more 'free IPs' with packages that cost more money. But the actual allocation must be based upon demonstrated need. Read your agreement with ARIN. DS
Re: Vulnerbilities of Interconnection
Unnamed Administration sources reported that Daniel Golding said: The crux of the issue are FOIA requests. The government won't make these types of vulnerability reports immmune to FOIA requests - thus a foreign terrorist or home-grown farmbelt fuhrer could simply order up a list of the most vulnerable sites, and select some to attack. Suffice to say, there's another side to the story as well. There is already a FOIA exemption, but the current Administration is making a daily policy of denying virtually all FOIA requests. Judges are not always that submissive; hence the push for new legislation. You might look at epic.org and aclu.org for other views than than those of Clark the Ministry of Fatherlan^H^H^H Homeland Security. -- A host is a host from coast to [EMAIL PROTECTED] no one will talk to a host that's close[v].(301) 56-LINUX Unless the host (that isn't close).pob 1433 is busy, hung or dead20915-1433
Re: IP address fee??
On Thu, 5 Sep 2002, Richard Welty wrote: about 2 years ago, interviewing fresh graduates for jobs, i found that they were still being taught classful networking at many colleges. Current CCNA Exam Description: http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_exams/640-607.html --- Network Protocols * Describe the different classes of IP addresses (and subnetting). --- not to mention the tested routing protocols are RIPv1 and IGRP. Obviously all the Get your CCNA in 30 seconds books (and the official ones) mainly cover classful routing since that is what is tested. however you learn about Classless Routing in the CCNP.. Key routing information including classful and classless routing protocols ... -- Simon Lyall.| Newsmaster | Work: [EMAIL PROTECTED] Senior Network/System Admin | Postmaster | Home: [EMAIL PROTECTED] ihug, Auckland, NZ | Asst Doorman | Web: http://www.darkmere.gen.nz
Re: IP address fee??
On Thu, 5 Sep 2002, Richard A Steenbergen wrote: Why in this day and age, 9 years after the invention of CIDR, are we still refering to class C's? I submit that the comonly used definition of Class C has changed from An address in the class C range to a block of addresses aligned on a /24 boundary. My guess of the real underlying reason is that saying I need a full class C or I need a block of [4,8,16,32,64] addresses seems to be a lot easier to say in a clear fashion over the phone or in person than I need a slash-twentyfour. - Forrest W. Christian ([EMAIL PROTECTED]) AC7DE -- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/Helena, MT 59604 Home of PacketFlux Technologies and BackupDNS.com (406)-442-6648 -- Protect your personal freedoms - visit http://www.lp.org/