Re: Traffic to our customer's address(126.0.0.0/8) seems blocked by pa cket filter
Mea culpa: I meant "a few /16's" as opposed to "2"... No flames, it's too late... - ferg -- "Fergie (Paul Ferguson)" <[EMAIL PROTECTED]> wrote: Philip, This sounds very much like a bully -- 2 /16's are a major problem, as opposed to a single /8? Where is the major heartburn in this particlualr case? I could understand if here were lots of farctured annnounced space (granted: I haven't checked this yet), but what's up with that? - ferg -- Philip Smith <[EMAIL PROTECTED]> wrote: [EMAIL PROTECTED] said the following on 4/8/05 12:03: FWIW, if you don't announce your aggregate, do not be surprised if you experience continued disconnectivity to many parts of the Internet. Some SPs notice that SoftbankBB have received 126/8, so will likely filter as such. Leaking sub-prefixes may be fine for traffic engineering, but this generally only works best if you include a covering aggregate. Try including your /8 announcement and see if this improves reachability for you. Out of curiosity, why pick on a /16 for traffic engineering? Most people tend to analyse traffic flows and pick the appropriate address space size as a subdivision. Or do you have 256 links to upstream ISPs and need that level of fine-tuning? best wishes, philip
Re: Traffic to our customer's address(126.0.0.0/8) seems blocked by pa cket filter
Philip, This sounds very much like a bully -- 2 /16's are a major problem, as opposed to a single /8? Where is the major heartburn in this particlualr case? I could understand if here were lots of farctured annnounced space (granted: I haven't checked this yet), but what's up with that? - ferg -- Philip Smith <[EMAIL PROTECTED]> wrote: [EMAIL PROTECTED] said the following on 4/8/05 12:03: FWIW, if you don't announce your aggregate, do not be surprised if you experience continued disconnectivity to many parts of the Internet. Some SPs notice that SoftbankBB have received 126/8, so will likely filter as such. Leaking sub-prefixes may be fine for traffic engineering, but this generally only works best if you include a covering aggregate. Try including your /8 announcement and see if this improves reachability for you. Out of curiosity, why pick on a /16 for traffic engineering? Most people tend to analyse traffic flows and pick the appropriate address space size as a subdivision. Or do you have 256 links to upstream ISPs and need that level of fine-tuning? best wishes, philip
Re: Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter
[EMAIL PROTECTED] said the following on 4/8/05 12:03: > > We aren't going to consolidate to a single /8 announcement. > We are going to continue to announce each individual /16 for incoming traffic > engineering. FWIW, if you don't announce your aggregate, do not be surprised if you experience continued disconnectivity to many parts of the Internet. Some SPs notice that SoftbankBB have received 126/8, so will likely filter as such. Leaking sub-prefixes may be fine for traffic engineering, but this generally only works best if you include a covering aggregate. Try including your /8 announcement and see if this improves reachability for you. Out of curiosity, why pick on a /16 for traffic engineering? Most people tend to analyse traffic flows and pick the appropriate address space size as a subdivision. Or do you have 256 links to upstream ISPs and need that level of fine-tuning? best wishes, philip --
Re: Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter
On Wed, Aug 03, 2005 at 08:52:55AM -1000, Randy Bush wrote: > > > You can ping to 126.66.0.30/8. > > and how does one ping a /8? > > randy %ping 126.255.255.255 works for some mutant stacks. plays old-hob w/ your arp cache tho. but i suspect that the /8 on the reference was either a typo from the original query or a vestigal remainder from the emacs buffer. pinging the indicated /32 gives me this: $ ping 126.66.0.30 PING 126.66.0.30 (126.66.0.30): 56 data bytes 64 bytes from 126.66.0.30: icmp_seq=0 ttl=235 time=311.999 ms 64 bytes from 126.66.0.30: icmp_seq=1 ttl=235 time=443.25 ms ^C --- 126.66.0.30 ping statistics --- 3 packets transmitted, 2 packets received, 33% packet loss round-trip min/avg/max = 311.999/377.624/443.25 ms from the IVTF conference hotel lobby. --bill
Re: an economics lesson for the FCC chairman Re: FCC delays meeting 't il Friday....
Gordon, You should know better -- the edge, economically, always wins. This is where the money is. And this _is_ a busines, no longer a science experiment. But this eventual discussion does not belong here... - ferg -- Gordon Cook <[EMAIL PROTECTED]> wrote: But John Seely Brown, ex ceo of xerox parc doesn't believe it. He and john Hagel have a new book saying that capabilities for wealth creation are found at the edge. (The title is The Only Sustainable Edge.) If these guys are right, and i think they are, then edge based community owned and operated networks are the only way forward. -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
RE: Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter
Hi, >Just out of curiosity... are you going to continue to announce each >individual /16 or will you consolidate to a single /8 announcement? We aren't going to consolidate to a single /8 announcement. We are going to continue to announce each individual /16 for incoming traffic engineering. Best regards & Thanks in advance, -- Makoto Kawano <[EMAIL PROTECTED]> SOFTBANK BB Corp. Yahoo!BB Network Operation Center -Original Message- From: John Payne [mailto:[EMAIL PROTECTED] Sent: Thursday, August 04, 2005 4:02 AM To: 河野 誠(ネットワーク運用本部) Cc: nanog@merit.edu; [EMAIL PROTECTED] Subject: Re: Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter On Aug 3, 2005, at 7:45 AM, <[EMAIL PROTECTED]> wrote: > > Hi > > Thank you for your reply. > >> Makoto san, can you provide an ip-address within your assigned range >> that people can ping to test? > You can ping to 126.66.0.30/8. Just out of curiosity... are you going to continue to announce each individual /16 or will you consolidate to a single /8 announcement? > > regards, > -- > Makoto Kawano <[EMAIL PROTECTED]> > SOFTBANK BB Corp. > Yahoo!BB Network Operation Center > > -Original Message- > From: Joel Jaeggli [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 03, 2005 8:22 PM > To: 河野 誠(ネットワーク運用本部) > Cc: nanog@merit.edu > Subject: Re: Traffic to our customer's address(126.0.0.0/8) seems > blocked by packet filter > > > On Wed, 3 Aug 2005, [EMAIL PROTECTED] wrote: > >> >> Dear Network Operators and whom it may concern >> >> I hope you are doing well, We are facing a difficult problem and we >> would like to ask your assistance! > > Makoto san, can you provide an ip-address within your assigned range > that people can ping to test? > > regards > joelja > >> The following address blocks were allocated from IANA to APNIC on the >> 27th of JAN of 2005. Please refer to the following link. >> http://www.cymru.com/Documents/bogon-list.html >> --- >> Changes in version 2.6 (27 JAN 2005) >> 124/8, 125/8 and 126/8 allocated to APNIC (JAN 2005). >> Removed from the bogon lists. >> --- >> >> Softbank BB (AS17676) was allocated 126/8 from APNIC, and Softbank BB >> (AS17676) immediately tried to use 126/8. >> However Softbank BB could not access the famous site using 126/8, It >> seems some of ISPs are blocking 126/8 due to outdated filter. >> >> Ladies and gentlemen, please check the following URL! >> http://www.cymru.com/Documents/bogon-list.html >> >> and if you find out you have outdated filter, please update the >> filter immediately. >> >> Please let me know if you have any problem, concern or doubt >> regarding opening a filter for 126/8, please let me know. >> >> Best regards & Thanks in advance, >> -- >> Makoto Kawano <[EMAIL PROTECTED]> SOFTBANK BB Corp. >> Yahoo!BB Network Operation Center >> > > -- > --- > --- > Joel Jaeggli Unix Consulting > [EMAIL PROTECTED] > GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F > 56B2 >
Re: NETGEAR in the core...
On Thu, 4 Aug 2005, Mohacsi Janos wrote: > > Correct. You can create an in-memory startup script to do tunnel > > configuration, as well, with something like this: > PPPE over IPv6 also supported? You mean that the other way round -- IPv6 over PPPoE natively, without tunnelling? I don't know if the pppoe implementation in the firmware does the necessary IPv6CP negotiation to transit IPv6 natively (as I don't have an uplink where that is possible). -- -- Todd Vierling <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
an economics lesson for the FCC chairman Re: FCC delays meeting 'til Friday....
Sigh. I have posted a longish essay on Center versus Edge that some here may enjoy dipping into. If you believe that new jobs new wealth and new opportunity can only be created inside vertical cable co and telco silos at the center, and that edge based ISPs are like fleas on the elephants back then the duopoly is just what we need. But John Seely Brown, ex ceo of xerox parc doesn't believe it. He and john Hagel have a new book saying that capabilities for wealth creation are found at the edge. (The title is The Only Sustainable Edge.) If these guys are right, and i think they are, then edge based community owned and operated networks are the only way forward. My headline is Where is New Wealth Created? Center or Edge? If in the Center, then the Duopoly Makes Sense - If at the Edge, We Better Understand How to Build Edge Based and Owned Infrastructure Why is the US Betting on the Center and the Rest of the World Choosing the Edge? for my essay go to http://cookreport.com/14.07.shtml = The COOK Report on Internet Protocol, 431 Greenway Ave, Ewing, NJ 08618 USA 609 882-2572 (PSTN) 415 651-4147 (Lingo) [EMAIL PROTECTED] Subscription info: http://cookreport.com/subscriptions.shtml New report: Where is New Wealth Created? Center or Edge? at: http://cookreport.com/14.07.shtml = On Aug 3, 2005, at 11:43 PM, Fergie (Paul Ferguson) wrote: [snip] The Federal Communications Commission delayed its monthly meeting as its chairman worked Wednesday to build support for relaxing rules governing high-speed Internet services offered by phone companies. The meeting, scheduled for Thursday, was pushed back to Friday. [snip] http://news.yahoo.com/news?tmpl=story&u=/ap/20050803/ap_on_go_ot/ fcc_broadband - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
FCC delays meeting 'til Friday....
[snip] The Federal Communications Commission delayed its monthly meeting as its chairman worked Wednesday to build support for relaxing rules governing high-speed Internet services offered by phone companies. The meeting, scheduled for Thursday, was pushed back to Friday. [snip] http://news.yahoo.com/news?tmpl=story&u=/ap/20050803/ap_on_go_ot/fcc_broadband - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter
On Wed, 3 Aug 2005, Suresh Ramasubramanian wrote: On 03/08/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Softbank BB (AS17676) was allocated 126/8 from APNIC, and Softbank BB (AS17676) immediately tried to use 126/8. Jon, could you tell Kawano san just how many sites are still blocking 69/8? :) Number of IP's currently known to have 69/8 filter issues: 299 Number of /24 networks's currently known to have 69/8 filter issues: 261 And it's probably actually not that bad anymore. It seems a bunch of the IPs that were reachable from our old ARIN space but not 69/8 aren't reachable at all anymore. Back in late 2002 and early 2003 (when we got ours), 69/8 was much worse. Looking through the archives, it seems that first number was initially about 1000 when we got our 69 space, and when I announced http://69box.atlantic.net/ we had: Number of IP's currently known to have 69/8 filter issues: 683 Number of /24 networks's currently known to have 69/8 filter issues: 511 So the half life of outdated bogon filters appears to be about 2.5 years, but if you really bug people like I did initially, you can make much better progress. I basically picked the largest, most important looking networks and contacted them manually via email and phone. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: "Cisco gate" and "Meet the Fed" at Defcon....
On Wed, 3 Aug 2005, Joseph S D Yao wrote: > > > If you feel like keeping 2500s in service, rather than replacing them with > > > something that holds NM-32As, the flash problem is easily resolved for less > > > than US$50: > > > http://www.memorydealers.com/8mbcisthirpa.html > > to be fair... 2500s are quite useful for things other than what their original > > purpose intended, but that usefulness diminishes with memory upgrades that are > > comparable in price to the value of the router > $US 24??? Where can you get a router for that? [I'm surprised you can > get 8 Mb Cisco RAM for that! ;-)] http://search.ebay.com/cisco-2501 2501s seem to mostly cost between $10-$30. -Bill
Re: DDoS attacks, spoofed source addresses and adjusted TTLs
On Wed, 3 Aug 2005, Mike Tancsa wrote: > At 04:55 PM 03/08/2005, Christopher L. Morrow wrote: > > > hops away, the TTL of the packet when it got to me was 56). Yes, I know > > > those could be adjusted in theory to mask multiple sources, but in > > > practice > > > has anyone seen that ? > > > >what exactly was the question? > > You answered it mostly-- what do people see in the real world-- plain jane oh phew :) > dropped before they leave my network). Have that many networks implemented > RPF as to make spoofed addresses moot ? probably not :( reference the MIT spoofer project: paper -> http://www.mit.edu/~rbeverly/papers/spoofer-sruit05.html nanog preso -> http://www.nanog.org/mtg-0505/beverly.html project-homepage: http://spoofer.csail.mit.edu. probably simpler to just get bots than spoof.
Re: OT: Cisco.com password reset.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris Adams wrote: > Odd that lots of people are trying to download new IOS images and then > CCO locks them out. I really really like to give people the benefit of the doubt, but I am having a hard time with this one. Where are the security people at Cisco? If I was a "bad guy" my dream shot would be a vulnerable IOS release mixed with customers being unable to download the fixed release! Tell me that they didn't think this through... -Jeff - -- = Jeffrey I. Schiller MIT Network Manager Information Services and Technology Massachusetts Institute of Technology 77 Massachusetts Avenue Room W92-190 Cambridge, MA 02139-4307 617.253.0161 - Voice [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC8TVN8CBzV/QUlSsRAiB7AKDja0ue6BvU+1ChLF2MsJnh64/AxgCeOdq0 7T910b4dDaXeBOrTy7gA9Rg= =l5HF -END PGP SIGNATURE-
FW: CISCO - CCO Passwords
Title: Message Got this regarding the CCO password issue earlier today. Seeya, Dave -Original Message-From: Kim Christensen (kichrist) [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 03, 2005 11:58 AMSubject: CISCO - CCO Passwords Dear Cisco Partner, I’d like to bring your attention to an issue that may cause minor inconvenience for customers and partners. You may experience issues with your login to www.cisco.com You will be required to reset your password, please send an email to [EMAIL PROTECTED] from the same email address that is associated with your CCO userid. Within a few minutes you should receive a new working password back to that same email address. Please note that when you send an email to [EMAIL PROTECTED] - the only requirement is that the email is sent from the same email address associated with your userid to receive the return email with the new password. Once this is received you should be able to reset your password to one of your own choosing. It is possible that you are not impacted by this issue but I wanted to ensure you are aware of this in the event you have a problem logging into CCO today. Your Cisco Channel Team
Re: DDoS attacks, spoofed source addresses and adjusted TTLs
At 04:55 PM 03/08/2005, Christopher L. Morrow wrote: > hops away, the TTL of the packet when it got to me was 56). Yes, I know > those could be adjusted in theory to mask multiple sources, but in practice > has anyone seen that ? what exactly was the question? You answered it mostly-- what do people see in the real world-- plain jane unadulterated packets, or spoofed / manipulated ones. Of all the attacks I have suffered through, they all seemed to be from legit IP addresses save one and that was some time ago. However, except for 2 people in about 4 years, I have never gotten a response from various NOC/Abuse desks as to whether or not the attacking IPs I identified were in fact part of the attack or were spoofed. However, in the cases where I had customer PCs participating in attacks, there seems to be a higher percentage of random source addresses (which get dropped before they leave my network). Have that many networks implemented RPF as to make spoofed addresses moot ? ---Mike
Re: OT: Cisco.com password reset.
Today at 16:07 (+0200), Elmar K. Bins wrote: > Date: Wed, 3 Aug 2005 16:07:55 +0200 > From: Elmar K. Bins <[EMAIL PROTECTED]> > To: nanog@merit.edu > Subject: Re: OT: Cisco.com password reset. > > > [EMAIL PROTECTED] (Scott Stursa) wrote: > > > > When I tried to access my CCO account this morning I got a page with > > > instructions to email [EMAIL PROTECTED] to get a new password. I did > > > this from the email address registered to me on CCO and promptly received > > > a new password to my email address which worked properly after that. > > > > Yeah, I tried that. Didn't work in my case. > > Neither did it in mine (multiple accounts hooked on one email address > is what cco-locksmith complained about). I have sent the appropriate > email to cco-team, but heaven knows when they will process it. I had the same response after mailing the locksmith. I, too, mailed the requisite info to cco-team, and have been expecting to wait. Someone suggested trying again (might have even been this list), and I did so just a short while ago and voilà! I sent a followup note to cco-team, so hopefully they don't RE-change my password and disable my account now that I've successfully gained access. ;-) - Christopher == > > I give them a day before escalating; I'm pretty sure they're currently > pushing staff into the cco-team so the requests can be served. > > What bothers me is that some people got notifications while others got > none - any idea on why (I didn't get any)? > > Yours, > Elmar. > > -- > > "Begehe nur nicht den Fehler, Meinung durch Sachverstand zu substituieren." > (PLemken, <[EMAIL PROTECTED]>) > > --[ ELMI-RIPE ]--- >
Re: DDoS attacks, spoofed source addresses and adjusted TTLs
On Wed, 3 Aug 2005, Mike Tancsa wrote: > > > I had a DDoS this morning (~ 130Mb) against one of my hosts. Packets were > coming in all 3 of my transit links from a handful of source IP addresses > that sort of make sense in terms of the path they would take to get to > me. They were all large UDP packets of the form in reality almost no udp floods are spoofed, save dns-smurf attacks... so you probably saw legit hosts sending bad packets. > The TTLs all kind of make sense and are consistent (e.g. if the host is 8 > hops away, the TTL of the packet when it got to me was 56). Yes, I know > those could be adjusted in theory to mask multiple sources, but in practice > has anyone seen that ? I seem to recall reading the majority of DDoS > attacks do not come from spoofed source IP addresses. depends on the protocol, attacker and tools at their disposal most likely. I can say we see more non-spoofed than spoofed these days. (go botland go!) what exactly was the question?
Re: Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter
On Wed, 3 Aug 2005, Joel Jaeggli wrote: > > > On Wed, 3 Aug 2005, [EMAIL PROTECTED] wrote: > > > > > Dear Network Operators and whom it may concern > > > > I hope you are doing well, We are facing a difficult problem and we > > would like to ask your assistance! > > Makoto san, can you provide an ip-address within your assigned range that > people can ping to test? > Someone already probably said this, but: route-views.oregon-ix.net>sho ip bgp 126.0.0.0/8 long | inc / * 126.0.0.0/16 206.24.210.26 0 3561 2914 17676 i * 126.1.0.0/16 206.24.210.26 0 3561 2914 17676 i * 126.2.0.0/16 206.24.210.26 0 3561 2914 17676 i * 126.3.0.0/16 206.24.210.26 0 3561 2914 17676 i * 126.20.0.0/16206.24.210.26 0 3561 2914 17676 i * 126.21.0.0/16206.24.210.26 0 3561 2914 17676 i * 126.64.0.0/16206.24.210.26 0 3561 2914 17676 i * 126.66.0.0/16206.24.210.26 0 3561 2914 17676 i * 126.68.0.0/16206.24.210.26 0 3561 2914 17676 i * 126.69.0.0/16206.24.210.26 0 3561 2914 17676 i * 126.70.0.0/16206.24.210.26 0 3561 2914 17676 i * 126.71.0.0/16206.24.210.26 0 3561 2914 17676 i > > Softbank BB (AS17676) was allocated 126/8 from APNIC, and Softbank BB > > (AS17676) immediately tried to use 126/8. However Softbank BB could > > not access the famous site using 126/8, It seems some of ISPs are > > blocking 126/8 due to outdated filter. So, routeviews doesn't see the /8 are you sending it out as a /8?
Re: Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter
On 3 Aug 2005, at 16:15, Roy Badami wrote: Marlon> just remember that not all networks use '126.255.255.255' Marlon> as a broadcast address. there are non-broadcast networks Marlon> where that address is a 'host' one. Surely the only networks on which this can be a host are: one using a /7 or shorter netmask a /31 (as per RFC3021) [EMAIL PROTECTED] ifconfig lo0 inet 126.255.255.255 netmask 255.255.255.255 alias [EMAIL PROTECTED] ping 126.255.255.255 PING 126.255.255.255 (126.255.255.255): 56 data bytes 64 bytes from 126.255.255.255: icmp_seq=0 ttl=64 time=0.088 ms 64 bytes from 126.255.255.255: icmp_seq=1 ttl=64 time=0.062 ms ^C --- 126.255.255.255 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.062/0.075/0.088/0.013 ms [EMAIL PROTECTED] Inserting the host route for 126.255.255.255/32 into an adjacent IGP is similarly straightforward. Joe
Re: Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter
Marlon> just remember that not all networks use '126.255.255.255' Marlon> as a broadcast address. there are non-broadcast networks Marlon> where that address is a 'host' one. Surely the only networks on which this can be a host are: one using a /7 or shorter netmask a /31 (as per RFC3021) -roy
Re: Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter
> just remember that not all networks use '126.255.255.255' as a broadcast > address. there are non-broadcast networks where that address is a 'host' > one. i suspect not in this one interesting case, as the following ip address is part of a very special block, 127/8. randy
Re: Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter
Em Qua, 2005-08-03 às 15:00 -0400, [EMAIL PROTECTED] escreveu: > On Wed, 03 Aug 2005 08:52:55 -1000, Randy Bush said: > > > > > You can ping to 126.66.0.30/8. > > > > and how does one ping a /8? > > Smurf. 'ping 126.255.255.255'. > > How quickly they forget. :) just remember that not all networks use '126.255.255.255' as a broadcast address. there are non-broadcast networks where that address is a 'host' one. []s, Marlon, CISSP.
Re: OT: Cisco.com password reset.
> I got an email that my CCO account's password was reset > last night. Not sure how widespread this issue was, but > I called my account contact and verified that this is > a valid email, and that my password needed to be reset. funny, i had a similar incident o could not log on to account o sent email to locksmith o no response o retried locksmith, same non-result o tried locksmith this (gmt-10) morning and it worked randy
Re: Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter
Randy Bush wrote: You can ping to 126.66.0.30/8. and how does one ping a /8? Most trojans for zombie networks provide this functionality. Connect to your favourite C&C server and issue; .advscan ping 42 2 64 126.X.X.X (this will ping the address space with 42 threads, using two second intervals for packets, the X's work as wildcards) After the scan has completed, issue .scanstats to view your results. If you need to stop the pinging in the interim, issue .scanstop to cease. Pete
Re: NETGEAR in the core...
On Wed, 3 Aug 2005, Sargon wrote: > Sveasoft's Talisman does. > > "Yes, support is in Talisman/basic. Current support is CLI-based up to > layer 3 and includes radvd. Web interface additions to configure IPv6 > options are planned. > > To enable support, do the following: > nvram set ipv6_enable=1 > nvram commit > reboot" Correct. You can create an in-memory startup script to do tunnel configuration, as well, with something like this: (make script as text file in /tmp; for example, I'll use /tmp/mystartup) $ nvram set rc_startup="$(cat /tmp/mystartup)" $ nvram commit As an in-use example, the contents of one such script I use is as follows. Note the explicit deletes, because the rc_startup can be run in a "warm boot" reset mode, where the interfaces are already up. I didn't bother masking any data from this list post, since anyone could look up my addresses via my Received: header, DNS, and traceroutes. (Though I don't use 6to4 locally, I do have an outbound 6to4 interface -- something I recommend for all tunnelling users, so that 6to4 clients can get packets originating from your network more reliably/quickly.) = #!/bin/sh # tunnel to tunnelbroker.net with /64 ip tunnel del sit1 ip tunnel add sit1 mode sit ttl 250 remote 64.71.128.82 local 66.156.66.24 ip link set dev sit1 up ip -6 addr add 2001:470:1F00:::1E5/127 dev sit1 ip -6 route add 2001:470:1F00:::1E4/127 dev sit1 metric 1 # assign local /64 address to router ip -6 addr del 2001:470:1F00:342::1/64 dev br0 ip -6 addr add 2001:470:1F00:342::1/64 dev br0 # 6to4 outbound-only tunnel ip tunnel del tun6to4 ip tunnel add tun6to4 mode sit ttl 250 remote any local 66.156.66.24 ip link set dev tun6to4 up ip -6 addr add 2002:429c:4218::1/16 dev tun6to4 # default v6 route through tunnelbroker.net tunnel ip -6 route del default via 2001:470:1F00:::1E4 dev sit1 ip -6 route add default via 2001:470:1F00:::1E4 dev sit1 metric 1 -- -- Todd Vierling <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Re: Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter
On Aug 3, 2005, at 7:45 AM, <[EMAIL PROTECTED]> wrote: Hi Thank you for your reply. Makoto san, can you provide an ip-address within your assigned range that people can ping to test? You can ping to 126.66.0.30/8. Just out of curiosity... are you going to continue to announce each individual /16 or will you consolidate to a single /8 announcement? regards, -- Makoto Kawano <[EMAIL PROTECTED]> SOFTBANK BB Corp. Yahoo!BB Network Operation Center -Original Message- From: Joel Jaeggli [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 03, 2005 8:22 PM To: 河野 誠(ネットワーク運用本部) Cc: nanog@merit.edu Subject: Re: Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter On Wed, 3 Aug 2005, [EMAIL PROTECTED] wrote: Dear Network Operators and whom it may concern I hope you are doing well, We are facing a difficult problem and we would like to ask your assistance! Makoto san, can you provide an ip-address within your assigned range that people can ping to test? regards joelja The following address blocks were allocated from IANA to APNIC on the 27th of JAN of 2005. Please refer to the following link. http://www.cymru.com/Documents/bogon-list.html --- Changes in version 2.6 (27 JAN 2005) 124/8, 125/8 and 126/8 allocated to APNIC (JAN 2005). Removed from the bogon lists. --- Softbank BB (AS17676) was allocated 126/8 from APNIC, and Softbank BB (AS17676) immediately tried to use 126/8. However Softbank BB could not access the famous site using 126/8, It seems some of ISPs are blocking 126/8 due to outdated filter. Ladies and gentlemen, please check the following URL! http://www.cymru.com/Documents/bogon-list.html and if you find out you have outdated filter, please update the filter immediately. Please let me know if you have any problem, concern or doubt regarding opening a filter for 126/8, please let me know. Best regards & Thanks in advance, -- Makoto Kawano <[EMAIL PROTECTED]> SOFTBANK BB Corp. Yahoo!BB Network Operation Center -- --- --- Joel Jaeggli Unix Consulting [EMAIL PROTECTED] GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
Re: Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter
On Wed, 03 Aug 2005 08:52:55 -1000, Randy Bush said: > > > You can ping to 126.66.0.30/8. > > and how does one ping a /8? Smurf. 'ping 126.255.255.255'. How quickly they forget. :) pgpxdJ3MrNwIQ.pgp Description: PGP signature
RE: Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter
> You can ping to 126.66.0.30/8. and how does one ping a /8? randy
Re: Problems at Microsoft?
I'm having similar results. First, a layer 4 trace to port 80 on download.microsoft.com Tracing ..?.?.?..| TTL LFT trace to 61.200.83.61:80/tcp 1 192.168.1.3 1.4ms 2 new-iserv-serial-69.iserv.net (205.217.75.69) 13.9ms ** [neglected] no reply packets received from TTLs 3 through 4 5 208.174.226.5 17.4/*ms ** [neglected] no reply packets received from TTLs 6 through 8 9 p16-1-1-3.r20.sttlwa01.us.bb.verio.net (129.250.2.6) 71.0/*ms ** [neglected] no reply packets received from TTL 10 11 xe-0-1-0.a20.osakjp01.jp.ra.verio.net (61.200.80.166) 192.0/*/*/*ms 12 [target] 61.200.83.61:80 645.3/*ms Now, a tracepath to download.microsoft.com tracepath download.microsoft.com.c.footprint.net 1: k30r229dsw01.kal.kalsec.com (172.24.0.2) 26.645ms 2: 192.168.1.3 (192.168.1.3)asymm 1 24.792ms 3: new-iserv-serial-69.iserv.net (205.217.75.69)asymm 2 25.044ms 4: ge-5-0-0-rsp8-gw1.iserv.net (208.224.0.251) asymm 3 26.945ms 5: g5-0-0.core2.grr.iserv.net (206.114.51.19) asymm 4 23.574ms 6: f6-0-0.core1.grr.iserv.net (206.114.51.18) asymm 4 19.471ms 7: POS2-2.GW2.DET5.ALTER.NET (63.84.101.165)asymm 5 27.042ms 8: 0.so-2-1-0.CL2.DET5.ALTER.NET (152.63.23.6) asymm 7 27.538ms 9: 0.so-6-0-0.XL2.CHI13.ALTER.NET (152.63.70.105) asymm 8 41.965ms 10: POS7-0.BR1.CHI13.ALTER.NET (152.63.73.22)asymm 8 34.624ms 11: 204.255.169.14 (204.255.169.14) asymm 8 48.171ms 12: so-2-1-0.bbr1.Chicago1.Level3.net (209.244.8.9) asymm 9 47.683ms 13: as-4-0.bbr2.NewYork1.Level3.net (64.159.0.238) asymm 12 52.929ms 14: ae-20-52.car2.NewYork1.Level3.net (4.68.97.53) asymm 10 51.997ms 15: no reply 16: no reply 17: no reply 18: no reply O.o Tim Rainier Larry Smith <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 08/03/2005 02:19 PM To "Fergie (Paul Ferguson)" <[EMAIL PROTECTED]>, nanog@merit.edu cc Subject Re: Problems at Microsoft? On Wednesday 03 August 2005 12:32, Fergie (Paul Ferguson) wrote: > Completely unrelated, but apparently Vonage is also > having some problems this morning: > > http://gigaom.com/2005/08/03/massive-vonage-outage/ > > - ferg > > > -- Richard A Steenbergen <[EMAIL PROTECTED]> wrote: > > On Wed, Aug 03, 2005 at 10:44:40AM -0400, Drew Weaver wrote: > > Hi there, we've had a few complaints about connectivity > > issues to Microsoft, is anyone else seeing a problem? Usually I get > > between 2-3MBps when I download from them, at the moment I get 8k/sec > > downloading > > http://download.microsoft.com/download/b/6/2/b624b535-644a-41e1-9727-812 > > dcd6bad87/E3SP1ENG.EXE (service pack 1 for exchange 03) from Both my > > network, and a monitoring server we have in chicago. > > > > Anyone else seen this? > > Seeing this from several locations. For all the locations I am looking > from, it appears that their CDN service (Savvis footprint.net) has gone > insane. > > From SBC on the west coast, it is going to what looks for all the > world to be a cable modem in Korea: > > 19 catv09634.usr.hananet.net (210.180.96.34) 292.576 ms 218.396 ms > 242.135 ms > > From a cable modem in Seattle behind broadwing, it is going to this, > behind SBC in southern California: > > 1662 ms 61ms 50 ms Savvis-CDN-IAF1075825.cust-rtr.pacbell.net > [69.108.147.58] > > From the northern VA area: > > 7 cdn-colo.Frankfurtfrx.savvis.net (208.174.60.2) 90.626 ms 90.722 ms > 90.661 ms > > Makes you wonder if they'll be switching back to Akamai soon. :) Hmmm, interesting. From here, I now show www.microsoft.com and download.microsoft.com as being served by Akamai (and get IP addresses of my local akamai cluster)... -- Larry Smith SysAd ECSIS.NET [EMAIL PROTECTED]
Re: OT: Cisco.com password reset.
I dont mean anything actually, i am really supporting this brave man, some so called hackers claim that they will hunt cisco down, its in the news that some people think they should revenge.On 8/3/05, Etaoin Shrdlu <[EMAIL PROTECTED]> wrote: Kim Onnel wrote:> On 8/3/05, Joe Blanchard < [EMAIL PROTECTED]> wrote:> > I got an email that my CCO account's password was reset> > last night...> People claim that accounts were compromised, thats why they are resetting > them all,>> looks like Lynn's friends have made their moves for revenge.You know, don't start down this road. I don't think this is the appropriateplace for that sort of statement, and I don't think you need to put Mr. Lynn in that group. I don't care what you think about his actions, but whatyou're implying is rude, and it implies things about him that (I don'tbelieve) are true.Please, keep it on track, or take it off line. --Shame on Cisco. Shame on ISS.
Re: Problems at Microsoft?
Richard, You're not lying when you say the resolvers are spitting out different results every minute, now the Cox uplink here goes from Dallas to San Jose to and endpoint in Tokyo. *Insert obligatory Microsoft expletive here* JWP On 8/3/05, Richard A Steenbergen <[EMAIL PROTECTED]> wrote: > On Wed, Aug 03, 2005 at 01:01:59PM -0500, Justin W. Pauler wrote: > > > > New Zeland and Australia? Me thinks someone goofed. And what's really > > strange is that Monday I ran this exact same traceroute for > > informational purposes and at or around hop #7 - cox dallas handed off > > to atlanta who handed off to msn.net directly. > > Seems like the problem has been confirmed to be Savvis. In some places > Akadns is returning real Akamai sites with correct routing: > > download.microsoft.com is an alias for main.dl.ms.akadns.net. > main.dl.ms.akadns.net is an alias for dom.dl.ms.akadns.net. > dom.dl.ms.akadns.net is an alias for dl.ms.d4p.net. > dl.ms.d4p.net is an alias for dl.ms.georedirector.akadns.net. > dl.ms.georedirector.akadns.net is an alias for a767.ms.akamai.net. > > In others it is returning download.microsoft.com.c.footprint.net: > > download.microsoft.com is an alias for main.dl.ms.akadns.net. > main.dl.ms.akadns.net is an alias for dom.dl.ms.akadns.net. > dom.dl.ms.akadns.net is an alias for > download.microsoft.com.c.footprint.net > > The footprint.net CDN appears to be updating every minute or so with new > data, each more broken than the last. So far this morning I've also seen > (from various places not near any of the final sites): > > cdn-colo.Frankfurtfrx.savvis.net 90.626 ms > ge-0-0-1.a20.taiptw01.tw.ra.verio.net 197.312 ms > so-2-0-1-0.par22.ip.tiscali.net 82.875 ms > iadvantage-1.gw2.hkg3.asianetcom.net 238.817 ms > xe-0-1-0.a20.osakjp01.jp.ra.verio.net 271.745 ms > bcr1-so-1-0-0.Londonlnx.savvis.net 167.918 ms > cpr2-pos-0-0.VirginiaEquinix.savvis.net 90.493 ms > ae-11-51.car1.Atlanta1.Level3.net 149.736 ms > > If you really want to download something from microsoft at faster than > crawl speeds, try moving your resolvers around to find a nameserver that > is getting real Akamai results. Otherwise, wait for Savvis and/or MS to > get their act together. :) > > -- > Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras > GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) >
RE: Problems at Microsoft?
> From a cable modem in Seattle behind broadwing, it is going to this, > behind SBC in southern California: > > 1662 ms 61ms 50 ms > Savvis-CDN-IAF1075825.cust-rtr.pacbell.net [69.108.147.58] > > Makes you wonder if they'll be switching back to Akamai soon. :) > >From Southern California off Level3, I get the akamai'd version: [EMAIL PROTECTED] jeff]$ traceroute download.microsoft.com traceroute to dom.dl.ms.akadns.net (207.46.253.62), 30 hops max, 38 byte packets 1 vps041118.2advanced.net (216.174.103.241) 0.081 ms 0.091 ms 0.054 ms 2 reverse.techspace.com (216.174.111.210) 0.682 ms 0.435 ms 0.444 ms 3 reverse.techspace.com (216.174.116.19) 0.816 ms 0.839 ms 0.664 ms 4 ge-6-1-108.hsa1.Tustin1.Level3.net (65.58.240.5) 1.646 ms 1.253 ms 1.061 ms 5 4.68.114.1 (4.68.114.1) 1.334 ms 1.690 ms 1.825 ms 6 as-0-0.mp1.Seattle1.Level3.net (209.247.10.137) 31.052 ms so-3-0-0.mp2.Seattle1.Level3.net (209.247.9.122) 30.559 ms 30.541 ms 7 ge-10-1.hsa1.Seattle1.Level3.net (4.68.105.70) 30.957 ms ge-11-1.hsa1.Seattle1.Level3.net (4.68.105.102) 30.896 ms ge-10-0.hsa1.Seattle1.Level3.net (4.68.105.6) 30.753 ms 8 unknown.Level3.net (63.211.220.82) 36.724 ms 34.164 ms 31.604 ms 9 ten8-3.wst-76cb-1a.ntwk.msn.net (207.46.35.105) 30.788 ms 30.521 ms 30.724 ms 10 pos1-0.iusnixcpxc1201.ntwk.msn.net (207.46.36.210) 30.931 ms 30.782 ms 30.626 ms 11 pos1-0.tke-12ix-2a.ntwk.msn.net (207.46.155.10) 32.050 ms 31.518 ms 31.479 ms 12 po10.tuk-65ns-mcs-1a.ntwk.msn.net (207.46.224.151) 31.212 ms 30.886 ms 31.020 ms [EMAIL PROTECTED] jeff]$ dig +trace download.microsoft.com soa ; <<>> DiG 9.2.2-P3 <<>> +trace download.microsoft.com soa [snip ] microsoft.com. 172800 IN NS ns1.msft.net. microsoft.com. 172800 IN NS ns2.msft.net. microsoft.com. 172800 IN NS ns3.msft.net. microsoft.com. 172800 IN NS ns4.msft.net. microsoft.com. 172800 IN NS ns5.msft.net. ;; Received 218 bytes from 192.5.6.30#53(A.GTLD-SERVERS.NET) in 72 ms download.microsoft.com. 3600IN CNAME main.dl.ms.akadns.net. ;; Received 75 bytes from 207.46.245.230#53(ns1.msft.net) in 31 ms - J -- Jeff Jirsa [EMAIL PROTECTED] Senior Network Engineer 2advanced.net: Precision Hosting Platform
Re: Problems at Microsoft?
On Wed, Aug 03, 2005 at 01:01:59PM -0500, Justin W. Pauler wrote: > > New Zeland and Australia? Me thinks someone goofed. And what's really > strange is that Monday I ran this exact same traceroute for > informational purposes and at or around hop #7 - cox dallas handed off > to atlanta who handed off to msn.net directly. Seems like the problem has been confirmed to be Savvis. In some places Akadns is returning real Akamai sites with correct routing: download.microsoft.com is an alias for main.dl.ms.akadns.net. main.dl.ms.akadns.net is an alias for dom.dl.ms.akadns.net. dom.dl.ms.akadns.net is an alias for dl.ms.d4p.net. dl.ms.d4p.net is an alias for dl.ms.georedirector.akadns.net. dl.ms.georedirector.akadns.net is an alias for a767.ms.akamai.net. In others it is returning download.microsoft.com.c.footprint.net: download.microsoft.com is an alias for main.dl.ms.akadns.net. main.dl.ms.akadns.net is an alias for dom.dl.ms.akadns.net. dom.dl.ms.akadns.net is an alias for download.microsoft.com.c.footprint.net The footprint.net CDN appears to be updating every minute or so with new data, each more broken than the last. So far this morning I've also seen (from various places not near any of the final sites): cdn-colo.Frankfurtfrx.savvis.net 90.626 ms ge-0-0-1.a20.taiptw01.tw.ra.verio.net 197.312 ms so-2-0-1-0.par22.ip.tiscali.net 82.875 ms iadvantage-1.gw2.hkg3.asianetcom.net 238.817 ms xe-0-1-0.a20.osakjp01.jp.ra.verio.net 271.745 ms bcr1-so-1-0-0.Londonlnx.savvis.net 167.918 ms cpr2-pos-0-0.VirginiaEquinix.savvis.net 90.493 ms ae-11-51.car1.Atlanta1.Level3.net 149.736 ms If you really want to download something from microsoft at faster than crawl speeds, try moving your resolvers around to find a nameserver that is getting real Akamai results. Otherwise, wait for Savvis and/or MS to get their act together. :) -- Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: Problems at Microsoft?
On Wednesday 03 August 2005 12:32, Fergie (Paul Ferguson) wrote: > Completely unrelated, but apparently Vonage is also > having some problems this morning: > > http://gigaom.com/2005/08/03/massive-vonage-outage/ > > - ferg > > > -- Richard A Steenbergen <[EMAIL PROTECTED]> wrote: > > On Wed, Aug 03, 2005 at 10:44:40AM -0400, Drew Weaver wrote: > > Hi there, we've had a few complaints about connectivity > > issues to Microsoft, is anyone else seeing a problem? Usually I get > > between 2-3MBps when I download from them, at the moment I get 8k/sec > > downloading > > http://download.microsoft.com/download/b/6/2/b624b535-644a-41e1-9727-812 > > dcd6bad87/E3SP1ENG.EXE (service pack 1 for exchange 03) from Both my > > network, and a monitoring server we have in chicago. > > > > Anyone else seen this? > > Seeing this from several locations. For all the locations I am looking > from, it appears that their CDN service (Savvis footprint.net) has gone > insane. > > From SBC on the west coast, it is going to what looks for all the > world to be a cable modem in Korea: > > 19 catv09634.usr.hananet.net (210.180.96.34) 292.576 ms 218.396 ms > 242.135 ms > > From a cable modem in Seattle behind broadwing, it is going to this, > behind SBC in southern California: > > 1662 ms 61ms 50 ms Savvis-CDN-IAF1075825.cust-rtr.pacbell.net > [69.108.147.58] > > From the northern VA area: > > 7 cdn-colo.Frankfurtfrx.savvis.net (208.174.60.2) 90.626 ms 90.722 ms > 90.661 ms > > Makes you wonder if they'll be switching back to Akamai soon. :) Hmmm, interesting. From here, I now show www.microsoft.com and download.microsoft.com as being served by Akamai (and get IP addresses of my local akamai cluster)... -- Larry Smith SysAd ECSIS.NET [EMAIL PROTECTED]
Re: Your router/switch may be less secure than you think
--On August 3, 2005 2:10:10 PM +0100 [EMAIL PROTECTED] wrote: <...> Contrary to what some may be worrying about, it it not the GSRs that are most at risk. It is those old 2500's that are connected to your customers. Imagine that one of those customer routers is exploited, the hacker installs a tunnel, and then proceeds to anonymously probe the customer's network. This is the real risk and it may very well be happening right now to one of your customers. While I hate to possibly give ideas to (real) black hats in a public form but no doubt some have thought of this anywayinjecting routes into BGP to steal traffic. A crafty enough person could move traffic back over a tunnel or series of tunnels to be snooped. Yes, theoretically, it'd be noticed fairly soon, but how quickly is soon enough for $xyz critical application? That worries me more, because it only takes one insecure unfiltered setup (or even partially unfiltered setup) to announce something they shouldn't. Hopefully it wouldn't be global-reaching, but, it could be. How much do you trust your peers? How much should you? How much do you have to? For customers, it's obvious, for transit peers, maybe less so. Just my two cents worth... <...>
Re: Problems at Microsoft?
Richard, Check this out... Tracing route to download.microsoft.com.c.footprint.net [210.8.118.62] over a maximum of 30 hops: 310 ms12 ms15 ms btnrsysc01-gex0405.br.br.cox.net 426 ms15 ms15 ms ip24-248-104-85.br.br.cox.net 512 ms17 ms 8 ms btnrbbrc01-pos0101.rd.br.cox.net 619 ms64 ms25 ms dllsbbrc02-pos0102.rd.dl.cox.net 726 ms25 ms17 ms dllsbbrc01-pos0003.rd.dl.cox.net 847 ms46 ms42 ms chndbbrc02-pos0300.rd.ph.cox.net 954 ms61 ms63 ms nwstbbrc01-pos0203.rd.lv.cox.net 1077 ms74 ms84 ms paltbbrj01-so100.r2.pt.cox.net 1177 ms73 ms79 ms f0-0.pabr1.netgate.net.nz 12 260 ms 254 ms 226 ms 210.55.202.193 13 224 ms 221 ms 223 ms p4-1.sybr3.global-gateway.net.nz 14 222 ms 226 ms 221 ms p6-0.sybr2.global-gateway.net.nz 15 225 ms 222 ms 224 ms 203.96.120.126 16 222 ms 225 ms 224 ms gigabitethernet0-2.cor6.hay.connect.com.au 17 254 ms 234 ms 277 ms 210.8.118.62 New Zeland and Australia? Me thinks someone goofed. And what's really strange is that Monday I ran this exact same traceroute for informational purposes and at or around hop #7 - cox dallas handed off to atlanta who handed off to msn.net directly. Odd. JWP On 8/3/05, Fergie (Paul Ferguson) <[EMAIL PROTECTED]> wrote: > > Completely unrelated, but apparently Vonage is also > having some problems this morning: > > http://gigaom.com/2005/08/03/massive-vonage-outage/ > > - ferg > > > -- Richard A Steenbergen <[EMAIL PROTECTED]> wrote: > > On Wed, Aug 03, 2005 at 10:44:40AM -0400, Drew Weaver wrote: > > Hi there, we've had a few complaints about connectivity > > issues to Microsoft, is anyone else seeing a problem? Usually I get > > between 2-3MBps when I download from them, at the moment I get 8k/sec > > downloading > > http://download.microsoft.com/download/b/6/2/b624b535-644a-41e1-9727-812 > > dcd6bad87/E3SP1ENG.EXE (service pack 1 for exchange 03) from Both my > > network, and a monitoring server we have in chicago. > > > > Anyone else seen this? > > Seeing this from several locations. For all the locations I am looking > from, it appears that their CDN service (Savvis footprint.net) has gone > insane. > > From SBC on the west coast, it is going to what looks for all the > world to be a cable modem in Korea: > > 19 catv09634.usr.hananet.net (210.180.96.34) 292.576 ms 218.396 ms > 242.135 ms > > From a cable modem in Seattle behind broadwing, it is going to this, > behind SBC in southern California: > > 1662 ms 61ms 50 ms Savvis-CDN-IAF1075825.cust-rtr.pacbell.net > [69.108.147.58] > > From the northern VA area: > > 7 cdn-colo.Frankfurtfrx.savvis.net (208.174.60.2) 90.626 ms 90.722 ms > 90.661 ms > > Makes you wonder if they'll be switching back to Akamai soon. :) > > -- > Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras > GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) > >
Re: Problems at Microsoft?
Completely unrelated, but apparently Vonage is also having some problems this morning: http://gigaom.com/2005/08/03/massive-vonage-outage/ - ferg -- Richard A Steenbergen <[EMAIL PROTECTED]> wrote: On Wed, Aug 03, 2005 at 10:44:40AM -0400, Drew Weaver wrote: > Hi there, we've had a few complaints about connectivity > issues to Microsoft, is anyone else seeing a problem? Usually I get > between 2-3MBps when I download from them, at the moment I get 8k/sec > downloading > http://download.microsoft.com/download/b/6/2/b624b535-644a-41e1-9727-812 > dcd6bad87/E3SP1ENG.EXE (service pack 1 for exchange 03) from Both my > network, and a monitoring server we have in chicago. > > Anyone else seen this? Seeing this from several locations. For all the locations I am looking from, it appears that their CDN service (Savvis footprint.net) has gone insane. >From SBC on the west coast, it is going to what looks for all the world to be a cable modem in Korea: 19 catv09634.usr.hananet.net (210.180.96.34) 292.576 ms 218.396 ms 242.135 ms >From a cable modem in Seattle behind broadwing, it is going to this, behind SBC in southern California: 1662 ms 61ms 50 ms Savvis-CDN-IAF1075825.cust-rtr.pacbell.net [69.108.147.58] >From the northern VA area: 7 cdn-colo.Frankfurtfrx.savvis.net (208.174.60.2) 90.626 ms 90.722 ms 90.661 ms Makes you wonder if they'll be switching back to Akamai soon. :) -- Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
FCC expected to officially propose DSL deregulation on Thursday
"United States Federal Communications Commission Chairman Kevin Martin is expected to officially propose the deregulation of DSL services from telecommunications carriers on Thursday." http://www.redherring.com/article.aspx?a=13022 - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Problems at Microsoft?
On Wed, Aug 03, 2005 at 10:44:40AM -0400, Drew Weaver wrote: > Hi there, we've had a few complaints about connectivity > issues to Microsoft, is anyone else seeing a problem? Usually I get > between 2-3MBps when I download from them, at the moment I get 8k/sec > downloading > http://download.microsoft.com/download/b/6/2/b624b535-644a-41e1-9727-812 > dcd6bad87/E3SP1ENG.EXE (service pack 1 for exchange 03) from Both my > network, and a monitoring server we have in chicago. > > Anyone else seen this? Seeing this from several locations. For all the locations I am looking from, it appears that their CDN service (Savvis footprint.net) has gone insane. From SBC on the west coast, it is going to what looks for all the world to be a cable modem in Korea: 19 catv09634.usr.hananet.net (210.180.96.34) 292.576 ms 218.396 ms 242.135 ms From a cable modem in Seattle behind broadwing, it is going to this, behind SBC in southern California: 1662 ms 61ms 50 ms Savvis-CDN-IAF1075825.cust-rtr.pacbell.net [69.108.147.58] From the northern VA area: 7 cdn-colo.Frankfurtfrx.savvis.net (208.174.60.2) 90.626 ms 90.722 ms 90.661 ms Makes you wonder if they'll be switching back to Akamai soon. :) -- Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
OMB details milestones to move to IPv6
Apparently, the OMB has release a memo outlining it's IPv6 migration plans. From an article in GCN.com: [snip] Agencies may have until June 30, 2008, to transition to Internet Protocol Version 6, but the planning starts now. The Office of Management and Budget has released a memo [.pdf] that gives agencies until Nov. 15 to assign an official to coordinate the move to the new protocol and complete an inventory of existing routers, switches and hardware firewalls. [snip] http://www.gcn.com/vol1_no1/daily-updates/36579-1.html The OMB memo: http://www.whitehouse.gov/omb/memoranda/fy2005/m05-22.pdf - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: OT: Cisco.com password reset.
On Wed, Aug 03, 2005 at 10:26:21AM -0400, Jared Mauch wrote: > > I've talked to "People" at cisco before about email handling > stuff, it takes them a lot of effort to make lists such as > 'cust-security-announce' deliver quickly. I've had some experience > tweaking large lists as well, it takes a significant amount > of effort to deliver to 2k users quickly. Cisco has a lot more than > that registered, and I suspect the delivery is a bit more complicated > with all the dns/resolver load going after all the possible customer > domains they have. > > To give you a rough idea (cisco-nsp for example is a list I host > and is delivered fairly quickly by most peoples standards..) > smtp to cisco-nsp for 2655 recips, completed in 341.639 seconds > > Now imagine if instead of 2655 users it was 1-1.5million, > that puts it at 53 hours in my rough guestimate. (assuming i know > what i'm talking about, and the higher number of 1.5m). Perhaps Cisco should hire some spammers to consult for them. Those folks certainly don't seem to have a ~7-8 mail/sec limitation. :) -- Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: "Cisco gate" and "Meet the Fed" at Defcon....
On Wed, Aug 03, 2005 at 10:49:38AM +0100, Stephen J. Wilcox wrote: > On Wed, 3 Aug 2005, Bill Woodcock wrote: ... > > If you feel like keeping 2500s in service, rather than replacing them with > > something that holds NM-32As, the flash problem is easily resolved for less > > than US$50: > > > > http://www.memorydealers.com/8mbcisthirpa.html > > to be fair... 2500s are quite useful for things other than what their > original > purpose intended, but that usefulness diminishes with memory upgrades that > are > comparable in price to the value of the router $US 24??? Where can you get a router for that? [I'm surprised you can get 8 Mb Cisco RAM for that! ;-)] -- Joe Yao --- This message is not an official statement of OSIS Center policies.
Re: Problems at Microsoft?
I started noticing this exact behavior yesterday afternoon, normally I am able to pull things from microsoft.com at 500-900KB/s, but I'm down in the 50-100KB range now. I've run some traceroutes from my Cox uplink (which appears to be peering with Microsoft), and nothing seems out of place or 'odd'. JWP On 8/3/05, Network Fortius <[EMAIL PROTECTED]> wrote: > > Perhaps they were /.-ed (http://slashdot.org/article.pl? > sid=05/08/03/0016223&tid=109&tid=189&tid=1) ?!? ;) ... sorry, > couldn't refrain ... > > On a more serious note: do you really mean 2-3 MB(ytes)ps, or 2-3 Mb > (its)ps? In any case - FYI - I am getting right now, with the link > you indicated below, roughly 120-150 Kbps > > Stef > Network Fortius, LLC > > On Aug 3, 2005, at 9:44 AM, Drew Weaver wrote: > > > Hi there, we've had a few complaints about connectivity > > issues to Microsoft, is anyone else seeing a problem? Usually I get > > between 2-3MBps when I download from them, at the moment I get 8k/ > > sec downloading http://download.microsoft.com/download/b/6/2/ > > b624b535-644a-41e1-9727-812dcd6bad87/E3SP1ENG.EXE (service pack 1 > > for exchange 03) from Both my network, and a monitoring server we > > have inchicago. > > > > > > > > Anyone else seen this? > > > > > > > > -Drew > > > > > >
Re: Problems at Microsoft?
Perhaps they were /.-ed (http://slashdot.org/article.pl? sid=05/08/03/0016223&tid=109&tid=189&tid=1) ?!? ;) ... sorry, couldn't refrain ... On a more serious note: do you really mean 2-3 MB(ytes)ps, or 2-3 Mb (its)ps? In any case - FYI - I am getting right now, with the link you indicated below, roughly 120-150 Kbps Stef Network Fortius, LLC On Aug 3, 2005, at 9:44 AM, Drew Weaver wrote: Hi there, we’ve had a few complaints about connectivity issues to Microsoft, is anyone else seeing a problem? Usually I get between 2-3MBps when I download from them, at the moment I get 8k/ sec downloading http://download.microsoft.com/download/b/6/2/ b624b535-644a-41e1-9727-812dcd6bad87/E3SP1ENG.EXE (service pack 1 for exchange 03) from Both my network, and a monitoring server we have inchicago. Anyone else seen this? -Drew
Re: VOIP provider
What security risk does TFTP pose that isn't also shared by HTTP? Not security of the protocol necessarily, but you will find that TFTP is filtered by a number of cable modem providers on the CPE side of the cable modem. Not arguing if filtering/not filtering it is better, just thats one roadblock any provider will come across in trying to use TFTP. sam
RE: OT: Cisco.com password reset.
> Now imagine if instead of 2655 users it was 1-1.5million, Sure, 1.5MM. That's a lot. Don't get owned in the first place. Todays CSCO market cap is 124.0B. This is not our problem. -M<
Re: Problems at Microsoft?
I am having very poor luck making a successful connection to download.microsoft.com sites as well. When I do, instead of the typical 10mbps, I'm seeing 5kb/sec just as you are. Ping times/traceroutes to them looks normal, so I don't immediately suspect an overloaded link, so I'm not quite sure what the issue is. --- Andy Drew Weaver wrote: Hi there, we’ve had a few complaints about connectivity issues to Microsoft, is anyone else seeing a problem? Usually I get between 2-3MBps when I download from them, at the moment I get 8k/sec downloading http://download.microsoft.com/download/b/6/2/b624b535-644a-41e1-9727-812dcd6bad87/E3SP1ENG.EXE (service pack 1 for exchange 03) from Both my network, and a monitoring server we have in chicago. Anyone else seen this? -Drew
Re: VOIP provider
On Wed, 3 Aug 2005 02:08:30 -0700 (PDT) Bill Woodcock <[EMAIL PROTECTED]> wrote: > What security risk does TFTP pose that isn't also shared by HTTP? I find it disappointing that the filtering police rarely stop to think about their decision about what and why protocols are a security risk. Looked at in one way, TFTP could more secure than many alternatives. A TFTP implementation (e.g. the code required) can be much simpler, which is typically an advantage from a security perspective. If file authenticity (or even encryption) is required, simple end system mechanisms can be applied before and after transmitting the file. For applications such as device bootstrapping that deploy some additional checks on the file transferred, TFTP is probably a perfectly reasonable option. If it weren't for the 2 byte block code limit, it might be even more widely used for this purpose. John
Re: OT: Cisco.com password reset.
Kim Onnel wrote: > On 8/3/05, Joe Blanchard <[EMAIL PROTECTED]> wrote: > > I got an email that my CCO account's password was reset > > last night... > People claim that accounts were compromised, thats why they are resetting > them all, > > looks like Lynn's friends have made their moves for revenge. You know, don't start down this road. I don't think this is the appropriate place for that sort of statement, and I don't think you need to put Mr. Lynn in that group. I don't care what you think about his actions, but what you're implying is rude, and it implies things about him that (I don't believe) are true. Please, keep it on track, or take it off line. -- Shame on Cisco. Shame on ISS.
Re: OT: Cisco.com password reset.
On (2005-08-03 09:02 -0500), Church, Chuck wrote: > I eventually got an email stating it couldn't associate my email address > with an active CCO ID. I'm guessing their system is getting backed up > because it's affecting lots of people. Next step: Send three times from mutt, and got same complainment about non-existing account, tried fourth time with mail and that worked, perhaps coincidence. Might be that the backend is just highly loaded, and the account poller script doesn't cope too well with error message or zero answer from backend. > "Please email [EMAIL PROTECTED] to have your correct email address > associated > with your User ID. To ensure you receive prompt attention, please > provide > all of the following details: > > 1 Maintenance contract or Account number you used in your registration > 2 The user ID your believe you have > 3 Full name > 4 Company name > " > > > Chuck Church > Lead Design Engineer > CCIE #8776, MCNE, MCSE > Netco Government Services - Design & Implementation > 1210 N. Parker Rd. > Greenville, SC 29609 > Home office: 864-335-9473 > Cell: 703-819-3495 > [EMAIL PROTECTED] > PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Mike Tancsa > Sent: Wednesday, August 03, 2005 9:52 AM > To: Dan Armstrong > Cc: nanog@merit.edu > Subject: Re: OT: Cisco.com password reset. > > > > Same here. I didnt get a notice that it was reset, but I cannot login > > ---Mike > > At 09:30 AM 03/08/2005, Dan Armstrong wrote: > > >My PW to CCO did not work this morning either. I am on hold with the > TAC > >right now > > > > > > > >Joe Blanchard wrote: > > > >>FYI > >>I got an email that my CCO account's password was reset > >>last night. Not sure how widespread this issue was, but > >>I called my account contact and verified that this is > >>a valid email, and that my password needed to be reset. > >> > >>Just a heads up. > >> > >>-Joe Blanchard > >> > >> > >> > -- ++ytti
RE: OT: Cisco.com password reset.
No, it means that the password scheme of whatever the web-site uses to allow access or not is not directly a Cisco product. It means it's something that could happen to anyone. One could have a great network of great products and all it takes is one small door to remain open someplace in a seemingly unrelated issue to bring down the house. Bummer on the IOS download part, but that would be crappy timing, not necessarily a correlation! Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Adams Sent: Wednesday, August 03, 2005 10:23 AM To: nanog@merit.edu Subject: Re: OT: Cisco.com password reset. Once upon a time, Jared Mauch <[EMAIL PROTECTED]> said: > From the Cisco website: > > IMPORTANT NOTICE: > * This incident does not appear to be due to a weakness in Cisco products or technologies. Does this mean that CCO is not a Cisco product or technology? Odd that lots of people are trying to download new IOS images and then CCO locks them out. -- Chris Adams <[EMAIL PROTECTED]> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: OT: Cisco.com password reset.
Another "me too" here. However, it appears that there is a hiccup with my account. According to the note, there's more than one CCO account associated with my email addy (which is strange since I only know of one) so now I'm on hold with Cisco Live to see if I can get it all worked out. What a mess. Scott Stursa wrote: On Wed, 3 Aug 2005, Joe Blanchard wrote: FYI I got an email that my CCO account's password was reset last night. Not sure how widespread this issue was, but I called my account contact and verified that this is a valid email, and that my password needed to be reset. Just a heads up. Happened to me as well. - SLS Scott L. Stursa 850/644-2591 Network Security Analyst [EMAIL PROTECTED] OTI Enterprise Security Group Florida State University - No good deed goes unpunished -
RE: OT: Cisco.com password reset.
Don't worry this will all get fixed. Just take it as a break from work for a few hours and enjoy the day. Personally I would like to do some downloading but will enjoy the fact I am forced not to work in such a hectic world. Kim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Adams Sent: Wednesday, August 03, 2005 10:23 AM To: nanog@merit.edu Subject: Re: OT: Cisco.com password reset. Once upon a time, Jared Mauch <[EMAIL PROTECTED]> said: > From the Cisco website: > > IMPORTANT NOTICE: > * This incident does not appear to be due to a weakness in Cisco products or technologies. Does this mean that CCO is not a Cisco product or technology? Odd that lots of people are trying to download new IOS images and then CCO locks them out. -- Chris Adams <[EMAIL PROTECTED]> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: OT: Cisco.com password reset.
http://software.silicon.com/security/0,39024655,39150991,00.htm On Aug 3, 2005, at 9:02 AM, Church, Chuck wrote: I eventually got an email stating it couldn't associate my email address with an active CCO ID. I'm guessing their system is getting backed up because it's affecting lots of people. Next step:
RE: Cisco.com password reset.
I think just about everyone's got reset. Internal and external folks from what I've heard. *shrug* On the other hand, people aren't usually good about resetting passwords, so that's one way to mitigate problems. :) Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Blanchard Sent: Wednesday, August 03, 2005 9:41 AM To: nanog@merit.edu Subject: OT: Cisco.com password reset. FYI I got an email that my CCO account's password was reset last night. Not sure how widespread this issue was, but I called my account contact and verified that this is a valid email, and that my password needed to be reset. Just a heads up. -Joe Blanchard
Re: OT: Cisco.com password reset.
On Wed, Aug 03, 2005 at 04:07:55PM +0200, Elmar K. Bins wrote: > > [EMAIL PROTECTED] (Scott Stursa) wrote: > > > > When I tried to access my CCO account this morning I got a page with > > > instructions to email [EMAIL PROTECTED] to get a new password. I did > > > this from the email address registered to me on CCO and promptly received > > > a new password to my email address which worked properly after that. > > > > Yeah, I tried that. Didn't work in my case. > > Neither did it in mine (multiple accounts hooked on one email address > is what cco-locksmith complained about). I have sent the appropriate > email to cco-team, but heaven knows when they will process it. > > I give them a day before escalating; I'm pretty sure they're currently > pushing staff into the cco-team so the requests can be served. > > What bothers me is that some people got notifications while others got > none - any idea on why (I didn't get any)? I've talked to "People" at cisco before about email handling stuff, it takes them a lot of effort to make lists such as 'cust-security-announce' deliver quickly. I've had some experience tweaking large lists as well, it takes a significant amount of effort to deliver to 2k users quickly. Cisco has a lot more than that registered, and I suspect the delivery is a bit more complicated with all the dns/resolver load going after all the possible customer domains they have. To give you a rough idea (cisco-nsp for example is a list I host and is delivered fairly quickly by most peoples standards..) smtp to cisco-nsp for 2655 recips, completed in 341.639 seconds Now imagine if instead of 2655 users it was 1-1.5million, that puts it at 53 hours in my rough guestimate. (assuming i know what i'm talking about, and the higher number of 1.5m). It took a fair amount of tweaking to get this down to something reasonable, including some customization to shift some of the heavy lifting. I'd expect Cisco to fix most of the accounts in the first 48 hours is my real guess, then the time will come down to 24. Probally due to the sheer volume of cases. Hopefully you already have your software you need for now... - jared -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: OT: Cisco.com password reset.
On Wed, 3 Aug 2005, Kim Onnel wrote: People claim that accounts were compromised, thats why they are resetting them all, looks like Lynn's friends have made their moves for revenge. demonstrate proof for your assertion please. On 8/3/05, Joe Blanchard <[EMAIL PROTECTED]> wrote: FYI I got an email that my CCO account's password was reset last night. Not sure how widespread this issue was, but I called my account contact and verified that this is a valid email, and that my password needed to be reset. Just a heads up. -Joe Blanchard -- -- Joel Jaeggli Unix Consulting [EMAIL PROTECTED] GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
DDoS attacks, spoofed source addresses and adjusted TTLs
I had a DDoS this morning (~ 130Mb) against one of my hosts. Packets were coming in all 3 of my transit links from a handful of source IP addresses that sort of make sense in terms of the path they would take to get to me. They were all large UDP packets of the form 09:08:58.981781 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 1514: 82.165.244.204 > ta.rg.et.IP: udp (frag 47080:[EMAIL PROTECTED]) (ttl 54, len 1 500) 0x0010 4242 4242 4242 4242 4242 4242 0x0020 4242 4242 4242 4242 4242 4242 4242 4242 0x0030 4242 4242 4242 4242 4242 4242 4242 4242 0x0040 4242 4242 4242 4242 4242 4242 4242 4242 0x0050 4242 4242 4242 4242 4242 4242 4242 4242 0x0060 4242 4242 4242 4242 4242 4242 4242 4242 The TTLs all kind of make sense and are consistent (e.g. if the host is 8 hops away, the TTL of the packet when it got to me was 56). Yes, I know those could be adjusted in theory to mask multiple sources, but in practice has anyone seen that ? I seem to recall reading the majority of DDoS attacks do not come from spoofed source IP addresses. Of the traffic snapshot I took, the break down seems to jive as well with the PTR records. i.e. PTR records that indicate a home broadband connection were less than PTR records suggesting a server in a datacentre somewhere. A few of the IPs involved capturing 1000 packets on one of my links at the time. 210 207.58.177.151 - server.creditprofits.com 287 65.39.230.20 - server4.xlservers.com 11 67.52.82.118 - rrcs-67-52-82-118.west.biz.rr.com 492 82.165.244.204 - u15178515.onlinehome-server.com It was pretty short lived as well -- about 8 min total. ---Mike Mike Tancsa, tel +1 519 651 3400 Sentex Communications,[EMAIL PROTECTED] Providing Internet since 1994www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike
Re: Your router/switch may be less secure than you think
> > We should all be looking to the security auditing work done by > > the OpenBSD team for an example of how systems can be > > cleaned up, fixed, and locked down if there is a will to do so. > > Beer, unsupported assertions, and lack of rigorous audit methodology > can be blended together to make one's code more secure? Perhaps you aren't aware of what the OpenBSD team accomplished? Their techniques may not be rigorously documented but they have been used in other projects: http://www1.cs.columbia.edu/~angelos/Papers/posse-chapter.pdf ABSTRACT This chapter reports on our experiences with POSSE, a project studying ?Portable Open Source Security Elements? as part of the larger DARPA effort on Composable High Assurance Trusted Systems. We describe the organization created to manage POSSE and the significant acceleration in producing widely used secure software that has resulted. ... The OpenBSD team provide a brief overview of their process here: http://www.openbsd.org/security.html And a security consulting company describes the lessons of OpenBSD here: http://www.openlysecure.org/openbsd/security/sec_lessons Their process has some parallels in the activities of groups like the Columbia Accident Inquiry Board and the 911 Commission. Openness, rigourous examination, attention to detail... --Michael Dillon
Re: OT: Cisco.com password reset.
We began having this problem yesterday for about 30+ accounts. Some passwords weren't changed, some were, and some users received a response that they weren't valid users.. This is the response I received from Cisco.. A third-party security research organization has brought to our attention an issue in a Cisco.com search tool that could expose passwords for registered users. Cisco.com registered users consists of employees, customers, partners, and other third-party users. In order to protect our registered Cisco.com users, we’re taking the proactive step of resetting Cisco.com passwords and instructing users to contact CCO-locksmith to receive a new password. Users who attempt to access the site in the meantime will receive a “failed log-in” message with instructions on how to reset their password. The password reset process will take place between midnight and close of business U.S. Pacific time on August 2. Once the reset process is finished, I’d ask that you reach out to your customers and partners and make sure they have visited the Cisco.com site and reset their passwords. We’re investigating the incident, and will work with outside agencies as appropriate. The incident does not appear to be due to a weakness in our security products and technologies or with our network infrastructure. Thanks in advance for proactively reaching out to our customers and partners and walking them through the minor inconvenience of resetting their Cisco.com passwords. Church, Chuck wrote: I eventually got an email stating it couldn't associate my email address with an active CCO ID. I'm guessing their system is getting backed up because it's affecting lots of people. Next step: "Please email [EMAIL PROTECTED] to have your correct email address associated with your User ID. To ensure you receive prompt attention, please provide all of the following details: 1 Maintenance contract or Account number you used in your registration 2 The user ID your believe you have 3 Full name 4 Company name " Chuck Church Lead Design Engineer CCIE #8776, MCNE, MCSE Netco Government Services - Design & Implementation 1210 N. Parker Rd. Greenville, SC 29609 Home office: 864-335-9473 Cell: 703-819-3495 [EMAIL PROTECTED] PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Tancsa Sent: Wednesday, August 03, 2005 9:52 AM To: Dan Armstrong Cc: nanog@merit.edu Subject: Re: OT: Cisco.com password reset. Same here. I didnt get a notice that it was reset, but I cannot login ---Mike At 09:30 AM 03/08/2005, Dan Armstrong wrote: My PW to CCO did not work this morning either. I am on hold with the TAC right now Joe Blanchard wrote: FYI I got an email that my CCO account's password was reset last night. Not sure how widespread this issue was, but I called my account contact and verified that this is a valid email, and that my password needed to be reset. Just a heads up. -Joe Blanchard -- -- Tom Sands Chief Network Engineer Rackspace Managed Hosting (210)447-4065 --
Re: Your router/switch may be less secure than you think
> From [EMAIL PROTECTED] Wed Aug 3 09:07:20 2005 > To: [EMAIL PROTECTED] > Cc: nanog@merit.edu > Subject: Re: Your router/switch may be less secure than you think > From: "Robert E.Seastrom" <[EMAIL PROTECTED]> > Date: Wed, 03 Aug 2005 09:58:53 -0400 > > > > [EMAIL PROTECTED] writes: > > > We should all be looking to the security auditing work done by > > the OpenBSD team for an example of how systems can be > > cleaned up, fixed, and locked down if there is a will to do so. > > Beer, unsupported assertions, and lack of rigorous audit methodology > can be blended together to make one's code more secure? That would seem to depend on the quality of the code _before_ the blending, no? As well as getting the proportions in the blend "just right". *grin* Seriously, _any_ approach "can" result in better/more secure code. It all depends on exactly _what_ is done. Some approaches for identifying and/or eliminating "problems" are more efficient and/or more effective than are alternative means. This does -not- mean that those are the "only" ways to get things done. Now, the _liklihood_ that any given approach "willresult in better/more secure code -- *that* is an entirely different question. :)
Problems at Microsoft?
Hi there, we’ve had a few complaints about connectivity issues to Microsoft, is anyone else seeing a problem? Usually I get between 2-3MBps when I download from them, at the moment I get 8k/sec downloading http://download.microsoft.com/download/b/6/2/b624b535-644a-41e1-9727-812dcd6bad87/E3SP1ENG.EXE (service pack 1 for exchange 03) from Both my network, and a monitoring server we have in chicago. Anyone else seen this? -Drew
Re: OT: Cisco.com password reset.
On Wed, 3 Aug 2005, Robert Hayden wrote: > Another "me too" here. However, it appears that there is a hiccup with > my account. According to the note, there's more than one CCO account > associated with my email addy (which is strange since I only know of > one) Yes, that's what it said in my case; likewise, it makes no sense. Obviously there's a problem; hopefully an explanation will soon be provided. Even better if it could be resolved without everyone having to re-register. - SLS (digging through his files to find the account number) Scott L. Stursa 850/644-2591 Network Security Analyst [EMAIL PROTECTED] OTI Enterprise Security Group Florida State University - No good deed goes unpunished -
Re: OT: Cisco.com password reset.
On Wed, 3 Aug 2005, Elmar K. Bins wrote: > What bothers me is that some people got notifications while others got > none - any idea on why (I didn't get any)? The notice I saw (purely on accident) - and the same that was quoted by Jared Mauch - is/was shown when you hit no/cancel on the HTTP auth window... My understanding from a cisco guy who's working with us on some issues, is that they were given prior notice - but as far as I can tell, non-cisco-internal people weren't. - d. -- Dominic J. Eidson "Baruk Khazad! Khazad ai-menu!" - Gimli --- http://www.the-infinite.org/
Re: OT: Cisco.com password reset.
No proof, just a sarcastic comment, dont get me jailed :) but really, everyone is claiming its a compromiseOn 8/3/05, Joel Jaeggli <[EMAIL PROTECTED] > wrote:On Wed, 3 Aug 2005, Kim Onnel wrote:> People claim that accounts were compromised, thats why they are resetting > them all,>> looks like Lynn's friends have made their moves for revenge.demonstrate proof for your assertion please.> On 8/3/05, Joe Blanchard < [EMAIL PROTECTED]> wrote:>> FYI I got an email that my CCO account's password was reset>> last night. Not sure how widespread this issue was, but >> I called my account contact and verified that this is>> a valid email, and that my password needed to be reset. Just a heads up. -Joe Blanchard>> >Joel Jaeggli Unix Consulting [EMAIL PROTECTED]GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
Re: OT: Cisco.com password reset.
Once upon a time, Jared Mauch <[EMAIL PROTECTED]> said: > From the Cisco website: > > IMPORTANT NOTICE: > * This incident does not appear to be due to a weakness in Cisco products > or technologies. Does this mean that CCO is not a Cisco product or technology? Odd that lots of people are trying to download new IOS images and then CCO locks them out. -- Chris Adams <[EMAIL PROTECTED]> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
RE: OT: Cisco.com password reset.
I eventually got an email stating it couldn't associate my email address with an active CCO ID. I'm guessing their system is getting backed up because it's affecting lots of people. Next step: "Please email [EMAIL PROTECTED] to have your correct email address associated with your User ID. To ensure you receive prompt attention, please provide all of the following details: 1 Maintenance contract or Account number you used in your registration 2 The user ID your believe you have 3 Full name 4 Company name " Chuck Church Lead Design Engineer CCIE #8776, MCNE, MCSE Netco Government Services - Design & Implementation 1210 N. Parker Rd. Greenville, SC 29609 Home office: 864-335-9473 Cell: 703-819-3495 [EMAIL PROTECTED] PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Tancsa Sent: Wednesday, August 03, 2005 9:52 AM To: Dan Armstrong Cc: nanog@merit.edu Subject: Re: OT: Cisco.com password reset. Same here. I didnt get a notice that it was reset, but I cannot login ---Mike At 09:30 AM 03/08/2005, Dan Armstrong wrote: >My PW to CCO did not work this morning either. I am on hold with the TAC >right now > > > >Joe Blanchard wrote: > >>FYI >>I got an email that my CCO account's password was reset >>last night. Not sure how widespread this issue was, but >>I called my account contact and verified that this is >>a valid email, and that my password needed to be reset. >> >>Just a heads up. >> >>-Joe Blanchard >> >> >>
Re: OT: Cisco.com password reset.
[EMAIL PROTECTED] (Scott Stursa) wrote: > > When I tried to access my CCO account this morning I got a page with > > instructions to email [EMAIL PROTECTED] to get a new password. I did > > this from the email address registered to me on CCO and promptly received > > a new password to my email address which worked properly after that. > > Yeah, I tried that. Didn't work in my case. Neither did it in mine (multiple accounts hooked on one email address is what cco-locksmith complained about). I have sent the appropriate email to cco-team, but heaven knows when they will process it. I give them a day before escalating; I'm pretty sure they're currently pushing staff into the cco-team so the requests can be served. What bothers me is that some people got notifications while others got none - any idea on why (I didn't get any)? Yours, Elmar. -- "Begehe nur nicht den Fehler, Meinung durch Sachverstand zu substituieren." (PLemken, <[EMAIL PROTECTED]>) --[ ELMI-RIPE ]---
Re: OT: Cisco.com password reset.
People claim that accounts were compromised, thats why they are resetting them all, looks like Lynn's friends have made their moves for revenge.On 8/3/05, Joe Blanchard <[EMAIL PROTECTED]> wrote: FYII got an email that my CCO account's password was resetlast night. Not sure how widespread this issue was, but I called my account contact and verified that this isa valid email, and that my password needed to be reset.Just a heads up.-Joe Blanchard
Re: Your router/switch may be less secure than you think
[EMAIL PROTECTED] writes: > We should all be looking to the security auditing work done by > the OpenBSD team for an example of how systems can be > cleaned up, fixed, and locked down if there is a will to do so. Beer, unsupported assertions, and lack of rigorous audit methodology can be blended together to make one's code more secure? ---Rob
Re: OT: Cisco.com password reset.
On Wed, 3 Aug 2005, Mikael Abrahamsson wrote: > > On Wed, 3 Aug 2005, Dan Armstrong wrote: > > > > My PW to CCO did not work this morning either. I am on hold with the TAC > > right now > > When I tried to access my CCO account this morning I got a page with > instructions to email [EMAIL PROTECTED] to get a new password. I did > this from the email address registered to me on CCO and promptly received > a new password to my email address which worked properly after that. Yeah, I tried that. Didn't work in my case. - SLS Scott L. Stursa 850/644-2591 Network Security Analyst [EMAIL PROTECTED] OTI Enterprise Security Group Florida State University - No good deed goes unpunished -
Re: OT: Cisco.com password reset.
On Wed, 3 Aug 2005, Joe Blanchard wrote: > FYI > > I got an email that my CCO account's password was reset > last night. Not sure how widespread this issue was, but > I called my account contact and verified that this is > a valid email, and that my password needed to be reset. > > Just a heads up. Happened to me as well. - SLS Scott L. Stursa 850/644-2591 Network Security Analyst [EMAIL PROTECTED] OTI Enterprise Security Group Florida State University - No good deed goes unpunished -
Re: OT: Cisco.com password reset.
Same here. I didnt get a notice that it was reset, but I cannot login ---Mike At 09:30 AM 03/08/2005, Dan Armstrong wrote: My PW to CCO did not work this morning either. I am on hold with the TAC right now Joe Blanchard wrote: FYI I got an email that my CCO account's password was reset last night. Not sure how widespread this issue was, but I called my account contact and verified that this is a valid email, and that my password needed to be reset. Just a heads up. -Joe Blanchard
Re: OT: Cisco.com password reset.
On Wed, Aug 03, 2005 at 09:30:58AM -0400, Dan Armstrong wrote: > > My PW to CCO did not work this morning either. I am on hold with the > TAC right now From the Cisco website: IMPORTANT NOTICE: * Cisco has determined that Cisco.com password protection has been compromised. * As a precautionary measure, Cisco has reset your password. To receive your new password, send a blank e-mail, from the account which you entered upon registration, to [EMAIL PROTECTED] Account details with a new random password will be e-mailed to you. * If you do not receive your new password within five minutes, please contact the Technical Support Center. * This incident does not appear to be due to a weakness in Cisco products or technologies. -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: OT: Cisco.com password reset.
On Wed, 3 Aug 2005, Dan Armstrong wrote: My PW to CCO did not work this morning either. I am on hold with the TAC right now When I tried to access my CCO account this morning I got a page with instructions to email [EMAIL PROTECTED] to get a new password. I did this from the email address registered to me on CCO and promptly received a new password to my email address which worked properly after that. -- Mikael Abrahamssonemail: [EMAIL PROTECTED]
Re: OT: Cisco.com password reset.
My PW to CCO did not work this morning either. I am on hold with the TAC right now Joe Blanchard wrote: FYI I got an email that my CCO account's password was reset last night. Not sure how widespread this issue was, but I called my account contact and verified that this is a valid email, and that my password needed to be reset. Just a heads up. -Joe Blanchard
Re: NETGEAR in the core...
On Sunday, 31-July-2005 18:33, Christopher L. Morrow wrote: > > After looking over the various WRT54G options, do any of them > support native ipv6? :) (not the tunneled v6 over v4... native v6) Sveasoft's Talisman does. "Yes, support is in Talisman/basic. Current support is CLI-based up to layer 3 and includes radvd. Web interface additions to configure IPv6 options are planned. To enable support, do the following: nvram set ipv6_enable=1 nvram commit reboot" http://www.sveasoft.com/modules/phpBB2/viewtopic.php?t=5812
OT: Cisco.com password reset.
FYI I got an email that my CCO account's password was reset last night. Not sure how widespread this issue was, but I called my account contact and verified that this is a valid email, and that my password needed to be reset. Just a heads up. -Joe Blanchard
Re: IOS new architechture will be more vulnerable?
On Wed, 03 Aug 2005 03:49:43 PDT, Aaron Glenn said: > ...here's what the junior kernel hacker in me doesn't quite understand > - doesn't software like ProPolice and it's brethren mitigate this type > of vulnerability specifically? What, precisely, prevents Cisco from > implementing such code in with their architecture? "mitigate vulnerability" != "prevent vulnerability". As long as it's a von Neumann architecture rather than a Harvard architecture, there's potential issues. Note that many mitigation strategies are basically attempts to make it more Harvard-like Whether mitigation is sufficient is a topic for another list.. pgpLaAwYNatc5.pgp Description: PGP signature
Your router/switch may be less secure than you think
Michael Lynn is not the only person out there reverse engineering routers, switches, printers and other embedded systems. Lynn's presentation gave far less info than other people have published. One person has published detailed instructions on how to exploit IOS including code to do the exploit and an example scenario of how to use it. Contrary to what some may be worrying about, it it not the GSRs that are most at risk. It is those old 2500's that are connected to your customers. Imagine that one of those customer routers is exploited, the hacker installs a tunnel, and then proceeds to anonymously probe the customer's network. This is the real risk and it may very well be happening right now to one of your customers. The following is one of the slides from a black hat presentation which is basically a primer on reverse engineering and exploiting embedded systems. 8X-- How to protect Cisco specific ! Have no overflows in IOS ! Keep your IOS up to date ! Do not run unneeded services (TFTP) ! Tell your IDS about it. Signature: \xFD\x01\x10\xDF\xAB\x12\x34\xCD ! debug sanity might stop less experienced attackers ! The hard way: config-register 0x00 ! Perform logging on a separate segment ! Protect your syslog host -8X--- Other slides in the presentation talk about exploits in networked HP printers and various other brands of switches and routers. I think this should serve as a wakeup call to the entire industry that current engineering practices are not good enough any more. We should all be looking to the security auditing work done by the OpenBSD team for an example of how systems can be cleaned up, fixed, and locked down if there is a will to do so. --Michael Dillon
RE: Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter
Hi Thank you for your reply. >Makoto san, can you provide an ip-address within your assigned range that >people can ping to test? You can ping to 126.66.0.30/8. regards, -- Makoto Kawano <[EMAIL PROTECTED]> SOFTBANK BB Corp. Yahoo!BB Network Operation Center -Original Message- From: Joel Jaeggli [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 03, 2005 8:22 PM To: 河野 誠(ネットワーク運用本部) Cc: nanog@merit.edu Subject: Re: Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter On Wed, 3 Aug 2005, [EMAIL PROTECTED] wrote: > > Dear Network Operators and whom it may concern > > I hope you are doing well, We are facing a difficult problem and we > would like to ask your assistance! Makoto san, can you provide an ip-address within your assigned range that people can ping to test? regards joelja > The following address blocks were allocated from IANA to APNIC on the 27th of > JAN of 2005. Please refer to the following link. > http://www.cymru.com/Documents/bogon-list.html > --- > Changes in version 2.6 (27 JAN 2005) > 124/8, 125/8 and 126/8 allocated to APNIC (JAN 2005). > Removed from the bogon lists. > --- > > Softbank BB (AS17676) was allocated 126/8 from APNIC, and Softbank BB > (AS17676) immediately tried to use 126/8. > However Softbank BB could not access the famous site using 126/8, It seems > some of ISPs are blocking 126/8 due to outdated filter. > > Ladies and gentlemen, please check the following URL! > http://www.cymru.com/Documents/bogon-list.html > > and if you find out you have outdated filter, please update the filter > immediately. > > Please let me know if you have any problem, concern or doubt regarding > opening a filter for 126/8, please let me know. > > Best regards & Thanks in advance, > -- > Makoto Kawano <[EMAIL PROTECTED]> SOFTBANK BB Corp. > Yahoo!BB Network Operation Center > -- -- Joel Jaeggli Unix Consulting [EMAIL PROTECTED] GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
Re: Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter
On Wed, 3 Aug 2005, Joel Jaeggli wrote: Makoto san, can you provide an ip-address within your assigned range that people can ping to test? $ ping 126.0.0.1 PING 126.0.0.1 (126.0.0.1) 56(84) bytes of data. 64 bytes from 126.0.0.1: icmp_seq=1 ttl=4 time=362 ms 64 bytes from 126.0.0.1: icmp_seq=2 ttl=4 time=362 ms 64 bytes from 126.0.0.1: icmp_seq=3 ttl=4 time=362 ms -- Mikael Abrahamssonemail: [EMAIL PROTECTED]
Re: Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter
On Wed, 3 Aug 2005, [EMAIL PROTECTED] wrote: Dear Network Operators and whom it may concern I hope you are doing well, We are facing a difficult problem and we would like to ask your assistance! Makoto san, can you provide an ip-address within your assigned range that people can ping to test? regards joelja The following address blocks were allocated from IANA to APNIC on the 27th of JAN of 2005. Please refer to the following link. http://www.cymru.com/Documents/bogon-list.html --- Changes in version 2.6 (27 JAN 2005) 124/8, 125/8 and 126/8 allocated to APNIC (JAN 2005). Removed from the bogon lists. --- Softbank BB (AS17676) was allocated 126/8 from APNIC, and Softbank BB (AS17676) immediately tried to use 126/8. However Softbank BB could not access the famous site using 126/8, It seems some of ISPs are blocking 126/8 due to outdated filter. Ladies and gentlemen, please check the following URL! http://www.cymru.com/Documents/bogon-list.html and if you find out you have outdated filter, please update the filter immediately. Please let me know if you have any problem, concern or doubt regarding opening a filter for 126/8, please let me know. Best regards & Thanks in advance, -- Makoto Kawano <[EMAIL PROTECTED]> SOFTBANK BB Corp. Yahoo!BB Network Operation Center -- -- Joel Jaeggli Unix Consulting [EMAIL PROTECTED] GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
Re: Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter
On 03/08/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Softbank BB (AS17676) was allocated 126/8 from APNIC, and Softbank > BB (AS17676) immediately tried to use 126/8. Jon, could you tell Kawano san just how many sites are still blocking 69/8? :)
Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter
Dear Network Operators and whom it may concern I hope you are doing well, We are facing a difficult problem and we would like to ask your assistance! The following address blocks were allocated from IANA to APNIC on the 27th of JAN of 2005. Please refer to the following link. http://www.cymru.com/Documents/bogon-list.html --- Changes in version 2.6 (27 JAN 2005) 124/8, 125/8 and 126/8 allocated to APNIC (JAN 2005). Removed from the bogon lists. --- Softbank BB (AS17676) was allocated 126/8 from APNIC, and Softbank BB (AS17676) immediately tried to use 126/8. However Softbank BB could not access the famous site using 126/8, It seems some of ISPs are blocking 126/8 due to outdated filter. Ladies and gentlemen, please check the following URL! http://www.cymru.com/Documents/bogon-list.html and if you find out you have outdated filter, please update the filter immediately. Please let me know if you have any problem, concern or doubt regarding opening a filter for 126/8, please let me know. Best regards & Thanks in advance, -- Makoto Kawano <[EMAIL PROTECTED]> SOFTBANK BB Corp. Yahoo!BB Network Operation Center
Re: IOS new architechture will be more vulnerable?
On 8/3/05, Saku Ytti <[EMAIL PROTECTED]> wrote: > You might want to read lynn-cisco.pdf. This means that today to > exploit heap overflows you need to know the offsets per release, supposedly > tomorrow the offsets will be static per releasese in new (in some terms > better) > architecture, which will make exploiting heap overflows much more feasible. without getting *too* off topic... ...here's what the junior kernel hacker in me doesn't quite understand - doesn't software like ProPolice and it's brethren mitigate this type of vulnerability specifically? What, precisely, prevents Cisco from implementing such code in with their architecture? aaron.glenn
Re: IOS new architechture will be more vulnerable?
On (2005-08-03 06:24 -0400), Joe Maimon wrote: > But at the same time, now that I think they already are, I will say it's > not as bad as you probably think it is. Not yet ... because the version > that makes this an unstoppable critical problem is not out yet. > >What exactly does this mean? You might want to read lynn-cisco.pdf. This means that today to exploit heap overflows you need to know the offsets per release, supposedly tomorrow the offsets will be static per releasese in new (in some terms better) architecture, which will make exploiting heap overflows much more feasible. -- ++ytti
IOS new architechture will be more vulnerable?
quotes from wired interview with Mike Lynn " WN: So this new version of the operating system that they're coming out with, that's in beta testing. Lynn: It's actually a better architecture ... but it will be less secure That's why I felt it was important to make the point now rather than sweep it under the rug. I think it's something that we can fix " " But at the same time, now that I think they already are, I will say it's not as bad as you probably think it is. Not yet ... because the version that makes this an unstoppable critical problem is not out yet. " What exactly does this mean?
Re: "Cisco gate" and "Meet the Fed" at Defcon....
On Wed, 3 Aug 2005, Bill Woodcock wrote: > > note image size of 11/12/16 mb... note that many (most?) 2500's don't > have > > 16M flash. > > If you feel like keeping 2500s in service, rather than replacing them with > something that holds NM-32As, the flash problem is easily resolved for less > than US$50: > > http://www.memorydealers.com/8mbcisthirpa.html to be fair... 2500s are quite useful for things other than what their original purpose intended, but that usefulness diminishes with memory upgrades that are comparable in price to the value of the router having said that, as they are often not used as public routers, a suitably placed acl/fw can keep them out of harms way and still run the old code Steve
Re: VOIP provider
On Wed, 3 Aug 2005, Bill Woodcock wrote: > > 3: What protocols should be used for firmware upgrades to ATA > > devices? We are thinking HTTPS or SFTP, or HTTP if those aren't > > available on selected devices. I am trying to stay away from TFTP > > for security reasons. > > What security risk does TFTP pose that isn't also shared by HTTP? beyond security reasons, there are some performance reasons as well to skip tftp. There was a decent article in 'network magazine' (editorial I suppose really) by Louis Mamakos about 6 months ago regarding the challenges of upgrading a few hundred thousand remote tftp-only devices :( (thanks to google for the link) http://tinyurl.com/9e5pd -Chris
Re: VOIP provider
On Tue, 2 Aug 2005, Shane Owens wrote: > 1: Does it make sense to scatter nodes around the globe to limit latency on intraregional calls? If so how many? We were > thinking about 7 placed at strategic points around the globe. The short answer is "yes". This is a VoIP peering issue, which is basically just like IP peering, but higher up the stack. There will actually be a VoIP Peering BoF here at the IETF later this afternoon, and it's been the subject of a lot of discussion. To give you a concrete example of why local gateways are needed, I have offices in San Francisco, and we tried a VoIP gateway provider, once, which located its _single_ gateway in Florida. So all of our "local" calls to PSTN numbers in California went to Florida across the Internet, before returning to California. The latency isn't that bad by itself, but combined with the carrier's mediocre bandwidth, it made for very serious voice quality problems. We wound up putting up our own PSTN gateway in San Francisco, and we divide calls between that (California calls) and two different VoIP carriers (everything outside California, based on price). If the VoIP carrier had had gateways on both the east coast and the west coast, they'd have all of our business right now, because we could hand traffic off to them at PAIX or 1 Wilshire or the SIX, and all would be good. But they ignored the underlying infrastructure, to their detriment. > 2: Is a softswitch architecture preferred to a proxy server/Media > Gateway (Vonage) only type architecture? You need both. > 3: What protocols should be used for firmware upgrades to ATA > devices? We are thinking HTTPS or SFTP, or HTTP if those aren't > available on selected devices. I am trying to stay away from TFTP > for security reasons. What security risk does TFTP pose that isn't also shared by HTTP? -Bill
Re: "Cisco gate" and "Meet the Fed" at Defcon....
> note image size of 11/12/16 mb... note that many (most?) 2500's don't have > 16M flash. If you feel like keeping 2500s in service, rather than replacing them with something that holds NM-32As, the flash problem is easily resolved for less than US$50: http://www.memorydealers.com/8mbcisthirpa.html -Bill
Re: "Cisco gate" - Payload Versus Vector
Randy Bush wrote: very helpful analysis. some questions: mrai stiffle that? could it be used to cascade to a neighbor? i suppose that diverting the just the right 15-30 seconds of traffic could be profitable. More recent hardware allows you to take copies of packets and push them down an IP tunnel. Pushing something like this into the configuration would make much more sense. Pete