Weirder issues ... resolved

[J. Oquendo]

On Tue, 24 Aug 2004, Lane Patterson wrote:

> Yes, you have experienced what is known in the field as "air gap
> attenuation"--not something you want to depend on if you want a clean
> link!  A close relative is "knot-in-the-fiber attenuation".
>
> Your subject says "GigE Media converter" but you say you are deploying
> an OC12.  Which is it?

Apologies. An OC12 was layed down, and I was running the drops from
building to building. This is the exact deal of what happened (now that I
can sit down for moment and think on a level head):

I was setting up the fiber lines (multi mode already layed down) to
connect the media converters to my switches. There are altogether about 8
buildings but for clarity I'll focus on the three which the event
occurred...

Building A - Main point
Building B - about 1200 feet from Building A
Building C - about 600 feet from Building A

In Building A, I hooked up my media converter (Netgear) to Building B.
Light was on, I had a signal going out. Walked over to Building B to hook
up that media converter (Netgear) and this oddity occurred - link droppage
when SC connector was fully plugged.

Walked back over to Building A to replicate the incident, meaning I fully
plugged Building B and wanted to see if I slightly pulled out Building A's
SC if it would drop link. Sure enough it did.

Now back in Building A, I took off Building C's media converter (Netgear)
and swapped it with Building C which worked fine. Building C took Building
B's media converter and pushed light with no problem.

Now Building C is ALMOST twice as far as Building B is so if attenuation
was the case, when I swapped out the media converters it should have done
the same thing. Weirder was, everthing worked except I could not open the
browser interface for the switches. At first I thought it was a VLAN issue
so I walked back to the main building and added a port to have
connectivity to every VLAN on the switch. Didn't work.

So... One funky connection for a moment: Linked, pings out everywhere,
could ssh everywhere, could do anything BUT open a browser throughout the
entire Building B. Just bizarre.

> Definitely invest in a light meter that can do the usual flavors
> of single and multimode, connector types, and at least 850 and 1310nm
> wavelengths.  Then simply test strength of light on your receive port
> on each side, compare to specifications of your equipment, and add
> in-line attenuators as necessary.  You'll usually find a range something
> like -3 to -27 dBm, and we prefer -15 dBm as our ideal.  Also, make
> sure you've got the right type of fiber jumpers--mixing up single
> (yellow) and multi (orange) mode fiber can cause similar issues.

All in all it's up now. After playing switcharoonee with these silly
little Netgears, they seemed to bork themselves into working.

Thanks to all of the responses from everyone.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x51F9D78D
Fingerprint 2A48 BA18 1851 4C99

CA22 0619 DB63 F2F7 51F9 D78D
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D

sil @ politrix . orghttp://www.politrix.org
sil @ infiltrated . net http://www.infiltrated.net

"How can we account for our present situation unless we
believe that men high in this government are concerting
to deliver us to disaster?" Joseph McCarthy "America's
Retreat from Victory"

RFC3834 -

[Stephen Stuart]

For those who like to provide gentle reminders regarding mailing list
etiquette to subscribers whose auto-responders reply to mail sent to
lists (rather than only replying when the recipient is specifically
named), there is now a standards-track RFC that you can reference to
reinforce that such responses SHOULD NOT be issued:

RFC 3834
Recommendations for Automatic Responses to Electronic Mail

Get it from your favorite RFC repository, such as:

ftp://ftp.rfc-editor.org/in-notes/rfc3834.txt

Stephen

Re: Anybody at ATT.net email services?

[Thornton]

Our email to att.net has been going through w/o any problems and we
actually have a lot of emails going there.  It may be your IP's are
being flagged as passable for some reason and is causing the resend
action.  This is the first I have heard of they delaying any email like
this though.

You can try [EMAIL PROTECTED] but I think all that email gets ignored.


On Wed, 2004-08-25 at 17:10, Vish Yelsangikar wrote:
> We're having trouble with ATT delaying our email. They are using a
> "grey-listing" technique to filter spam. Their mail servers give a
> "deferred" message and ask you to resend your email two hours later.
> The mail is allowed through on the retry. This filters out most spam,
> because most spam engines ignore return codes and will not retry. This
> is causing problems, because our mail servers are getting all clogged up
> with email to att.net customers and slowing down.
>  
> Our difficulty has been in finding someone at AT&T to speak with about
> this. Can somebody from ATT.net help Netflix?
> 
> Thanks
> 
> Vish.
Thornton
Cierra Group
www.cierragroup.com
Efficient Licensing and Consulting

Re: Weird GigE Media Converter Behavior

[Mikael Abrahamsson]

On Wed, 25 Aug 2004, Lane Patterson wrote:

> the optical power readings.  Don't know if any of them can measure 
> reflection to get distance as well?

There are even some with simple OTDR functionality built into them, just
like there are some copper ethernet PHYs that also have this (CTDR).



-- 
Mikael Abrahamssonemail: [EMAIL PROTECTED]

Re: Weird GigE Media Converter Behavior

[Lane Patterson]

On Tue, Aug 24, 2004 at 10:45:22PM -0400, John R. Sosebee <[EMAIL PROTECTED]> wrote:

> 
> some flava's of the GSR will show/report this .. under show controller but 
> cisco says it's +_ 5 dbm ..
> they say ..  ' You want a router or a meter  ? "
> I have to agree .. would want not the expense of this added in.

Cool, upon further discussion with hardware guys, most of this functionality
is being built into the 3rd party optical components these days, so all the 
vendor has to do is augment the CLI to pass this data through.  If the
capability is there, why not use it?  I must say it would be cool to graph
dBm over months/years in Cricket, and see if you could spot fiber degradation.

However, as you point out, it is important for vendors to document the 
accuracy of the readings in their spec sheets.  +/-5 dBm sounds a bit lame.  
As I understand, these components split off about 2% of the light to take 
the optical power readings.  Don't know if any of them can measure 
reflection to get distance as well?

-Lane

> 
> 
> POS3/0
> SECTION
>LOF = 0  LOS= 0BIP(B1) = 0
> LINE
>AIS = 0  RDI= 0  FEBE = 0  BIP(B2) = 0
> PATH
>AIS = 5  RDI= 6  FEBE = 387BIP(B3) = 6389
>LOP = 5  NEWPTR = 0  PSE  = 0  NSE = 0
> 
> Framing: SONET
> APS
> 
> Optical Power Monitoring
>Rx optical power in mWs and dBms
>Port 0 =   0.02 mW, - 15.738 dBm
> 
>Tx laser diode forward bias current I(F) in milliamps
>Port 0 =  18.009 mA
> 
> 
>Clock source:  line
> 
> 

Anybody at ATT.net email services?

[Vish Yelsangikar]

We're having trouble with ATT delaying our email. They are using a
"grey-listing" technique to filter spam. Their mail servers give a
"deferred" message and ask you to resend your email two hours later.
The mail is allowed through on the retry. This filters out most spam,
because most spam engines ignore return codes and will not retry. This
is causing problems, because our mail servers are getting all clogged up
with email to att.net customers and slowing down.
 
Our difficulty has been in finding someone at AT&T to speak with about
this. Can somebody from ATT.net help Netflix?

Thanks

Vish.

Re: Mega DOS tomorrow?

[Mikael Abrahamsson]

On Wed, 25 Aug 2004 [EMAIL PROTECTED] wrote:

> Might be interesting to see how much of a traffic blip this causes.

Isn't Microsoft heavily Akamai:zed (or something equivalent)? I am usually 
able to download patches at 5+ megabyte/s if I am on an internet 
connection able to handle it, so some kind of caching scheme is used 
anyway.

-- 
Mikael Abrahamssonemail: [EMAIL PROTECTED]

Re: Mega DOS tomorrow?

[Jay Hennigan]

On Wed, 25 Aug 2004, Andy Dills wrote:

> So, slashdot is linking to some news sites that are reporting that
> Aleksandr Gostev from Kapersky Labs in Russia has predicted that a large
> chunk of the net will be shut down tomorrow.

FYI, Google returns 9,250 hits on the search string:

"imminent death of the net predicted film at 11"

--
Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED]
WestNet:  Connecting you to the planet.  805 884-6323  WB6RDV
NetLojix Communications, Inc.  -  http://www.netlojix.com/

Re: Mega DOS tomorrow?

[Jeff Shultz]

[EMAIL PROTECTED] wrote:
On Wed, 25 Aug 2004 14:53:44 EDT, Andy Dills said:
So, slashdot is linking to some news sites that are reporting that
Aleksandr Gostev from Kapersky Labs in Russia has predicted that a large
chunk of the net will be shut down tomorrow.

And here's the *real* reason why:
XP2 SP2 goes on AU tomorrow...
http://www.neowin.net/comments.php?id=23613&category=main
Might be interesting to see how much of a traffic blip this causes.
The Home Version has been up for a week or so now, hasn't it? It'll be 
more interesting to see how many businesses temporarily go out of 
business as they go around disabling the firewall on all of their XP Pro 
systems...

--
Jeff Shultz
Network Technician
Willamette Valley Internet

Re: Mega DOS tomorrow?

[Valdis . Kletnieks]

On Wed, 25 Aug 2004 14:53:44 EDT, Andy Dills said:
> So, slashdot is linking to some news sites that are reporting that
> Aleksandr Gostev from Kapersky Labs in Russia has predicted that a large
> chunk of the net will be shut down tomorrow.

And here's the *real* reason why:

XP2 SP2 goes on AU tomorrow...

http://www.neowin.net/comments.php?id=23613&category=main

Might be interesting to see how much of a traffic blip this causes.


pgppYYD7xKWb9.pgp
Description: PGP signature

Re: Mega DOS tomorrow?

[Elvedin Trnjanin]

>
>
> So, slashdot is linking to some news sites that are reporting that
> Aleksandr Gostev from Kapersky Labs in Russia has predicted that a large
> chunk of the net will be shut down tomorrow.
>
> I thought the ISC comment was pretty funny:
>
> http://isc.sans.org/diary.php
> --
> e-Jihad Begins Thursday, Internet Predicted to Melt Down by Mid-day
>
> You should probably starting backing up that gig of gmail to local
> storage. According to a Russian news site, Kaspersky Labs states that
> terrorists will launch attacks which will paralyze the Internet this
> Thursday. This tragically coincides with two weeks of script kiddie
> attacks (which were scheduled to begin this past Sunday) aimed at
> disrupting the Republican national convention. In addition, many college
> students are back on campus this week, which provides the e-terrorists and
> i-subversives with a veritable candyland of insecure boxes on big pipes.
> Faced with this triple threat, our beloved Internet will surely fall.
>
> The ISC would like to go out on a limb and predict that the Internet will
> not vaporize into a cloud of nothingness this Thursday, but if it does,
> it's been our pleasure to help stave off its inevitable annihilation this
> long.
> --
>
> Andy
>


Should have kept reading...

Reply by Handyman (97520) -
"Kaspersky labs says they were misquoted. Quoting from a mail from
kaspersky labs themselves (as found in a repost on the NTBugtraq mailing
list):

A handful of sites are stating that Eugene Kaspersky, founder of Kaspersky
Labs, believes that tomorrow will bring a massive terrorist attack on the
Internet. This is being quoted in a range of ways, ranging from factual
reporting to citing the story as an example of cyber hysteria.

However, Kaspersky is not predicting the end of the Internet tomorrow - or
even in the near future. The story stems from brief comments made
yesterday at a press conference which was dedicated to cybercrime and the
problems of spam.

At this press conference, Kaspersky commented that the possibility of
terrorists using the Internet as a tool to attack certain countries as a
reality. As an example, he cited the fact that a number of Arabic and
Hebrew language websites contained an announcement of an 'electronic
jihad' against Israel, to start on 26th August 2004.

In an interview today, Kaspersky stressed that such information was not
necessarily trustworthy. 'We don't know who is behind these statements.'
He went on to clarify: 'It's not the first time the term 'electronic
jihad' has been used. We've seen this before, with the focus being on
sending racist emails, and defacing and hacking Israeli web sites. But it
is the first time I have seen sites encouraging the use of Internet
attacks against one country as a form of terrorism.'

'As we've already stated many times in the past, it would be easy enough
to use a network of infected computers to launch such an attack. We saw
the impact that Sasser, Mydoom and Slammer had, on the Internet,
businesses and organisations. Just imagine if such an attack was directed
at one country or one critical point in the infrastructure of the
Internet. Computers are a tool - and just like any tool, they can be used
or misused.'

Kaspersky emphasised that the likelihood of a massive attack directed
against Israeli institutions tomorrow is low. However, he believes that
Pandora's box has now been opened. Hackers and virus writers can be
motivated by a range of factors: money, curiosity, or political
conviction. But whatever their motivation, the insecure nature of the
Internet and weak security precautions offer a wealth of opportunities.
'Maybe it won't be tomorrow, or the day after tomorrow - but sooner or
later, terrorists will be using the Internet as another weapon in their
arsenal.'"

-- 
- ODS.org Team

Elvedin Trnjanin
[EMAIL PROTECTED]
http://www.ods.org

Re: Mega DOS tomorrow?

[Jared Mauch]

On Wed, Aug 25, 2004 at 02:59:51PM -0400, Deepak Jain wrote:
> 
> >The ISC would like to go out on a limb and predict that the Internet will
> >not vaporize into a cloud of nothingness this Thursday, but if it does,
> >it's been our pleasure to help stave off its inevitable annihilation this
> >long.
> >--
> 
> I didn't want to be the first to bring it up today, but what I _love_ 
> about the MOSNEWS link quoting "Kaspersky" is how the "internet" network 
> of South Korea going down last week was used as an example how the 
> "whole" internet could be brought down.
> 
> I'm sorry if SK's network went down [I don't know, didn't hear about 
> it]. I have a problem believing it is a useful case study in the global 
> network.

Considering the dependence upon the internet in South Korea,
and the well connected nature, it's worthwhile to watch what happens there
for possible future trends here.  It's not unusual for at least the
US Domestic market to be behind Asia in a lot of ways..

I suspect the South Korea issue that was spoken of was
really about what happened in Korea during the ms-sql/slammer
event where it caused a lot of things to stop working due to
dependence upon networking.

if ms-sql slammer happened again this week, it would still
be a big deal.. i'd have to say, what have you done since then
to prepare yourselves for a large distributed source/dest attack
(which is what it actually looked like).

- jared

-- 
Jared Mauch  | pgp key available via finger from [EMAIL PROTECTED]
clue++;  | http://puck.nether.net/~jared/  My statements are only mine.

Re: Mega DOS tomorrow?

[Deepak Jain]

The ISC would like to go out on a limb and predict that the Internet will
not vaporize into a cloud of nothingness this Thursday, but if it does,
it's been our pleasure to help stave off its inevitable annihilation this
long.
--
I didn't want to be the first to bring it up today, but what I _love_ 
about the MOSNEWS link quoting "Kaspersky" is how the "internet" network 
of South Korea going down last week was used as an example how the 
"whole" internet could be brought down.

I'm sorry if SK's network went down [I don't know, didn't hear about 
it]. I have a problem believing it is a useful case study in the global 
network.

Deepak Jain
AiNET

Mega DOS tomorrow?

[Andy Dills]

So, slashdot is linking to some news sites that are reporting that
Aleksandr Gostev from Kapersky Labs in Russia has predicted that a large
chunk of the net will be shut down tomorrow.

I thought the ISC comment was pretty funny:

http://isc.sans.org/diary.php
--
e-Jihad Begins Thursday, Internet Predicted to Melt Down by Mid-day

You should probably starting backing up that gig of gmail to local
storage. According to a Russian news site, Kaspersky Labs states that
terrorists will launch attacks which will paralyze the Internet this
Thursday. This tragically coincides with two weeks of script kiddie
attacks (which were scheduled to begin this past Sunday) aimed at
disrupting the Republican national convention. In addition, many college
students are back on campus this week, which provides the e-terrorists and
i-subversives with a veritable candyland of insecure boxes on big pipes.
Faced with this triple threat, our beloved Internet will surely fall.

The ISC would like to go out on a limb and predict that the Internet will
not vaporize into a cloud of nothingness this Thursday, but if it does,
it's been our pleasure to help stave off its inevitable annihilation this
long.
--

Andy

---
Andy Dills
Xecunet, Inc.
www.xecu.net
301-682-9972
---

RE: Toplayer

[Hosman, Ross]

More specifically I'm looking for someone who used/uses attack mitigator IPS
5000 series equipment in a production environment (not in a test lab)

-Original Message-
From: [EMAIL PROTECTED] 
Sent: Wednesday, August 25, 2004 8:06 AM
To: '[EMAIL PROTECTED]'
Subject: Toplayer



Can someone that works with toplayer equipment please contact me off the
list.

Ross Hosman
HSD Administrator
[EMAIL PROTECTED]

Toplayer

[Hosman, Ross]

Can someone that works with toplayer equipment please contact me off the
list.

Ross Hosman
HSD Administrator
[EMAIL PROTECTED]

OT: Question for carriers about identity and access management

[Hank Nussbacher]

I am looking for some answers from carriers (not ISPs) in regards to 
identity and access management on telco equipment.  If anyone has 5 minutes 
- drop me an email and I'll send you the 4 questions.

Thanks,
Hank