dark fiber

[Vicky Røde]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I'm looking for pointers (forum) regarding purchasing dark fiber. At the
same time can anyone point me in the right direction regarding
purchasing dark fiber in Bombay, India.


tia,


- --
regards,
/virendra
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEHHiJpbZvCIJx1bcRAqlbAKCPxoGVYYgsMM/66bUjt4SOxpX5FACfaVVo
syGCgjjbfM+zZBwpaYD/wbw=
=+8U/
-END PGP SIGNATURE-

Re: Quarantine your infected users spreading malware

[Vicky Røde]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Bill Nash wrote:
 
 
 On Tue, 21 Feb 2006, [EMAIL PROTECTED] wrote:
 
 
Why not just bypass them and go direct to the unwashed
masses of end users? Offer them a free windows
infection blocker program that imposes the quarantine
itself locally on the user's machine. This program
 
 
 Offering them free software won't work to the levels you want. At first, 
 you'll get a response, because consumers always jump at free shiny things, 
 until something happens that makes them not like it anymore, and then 
 they'll dig in and never use it again. If you want to get this kind of 
 filtering into your core, you have a need to get this to a compulsory 
 level for access.
 
 I don't think there's any disagreement as to the roots of this problem:
 - Modern users are generally clueless.
 - Most don't have firewalls or even the most basic of protections.
 - Getting tools deployed where they need to be most is the hardest.
 
 With that said..
 
 If you're talking about a compulsory software solution, why not, as an 
 ISP, go back to authenticated activity? Distribute PPPOE clients mated 
 with common anti-spyware/anti-viral tools. Pull down and update signatures 
 *every time* the user logs in, and again periodically while the user is 
 logged in (for those that never log out). Require these safeguards to be 
 active before they can pass the smallest traffic.
 
 The change in traffic flow would necessitate some architecture kung fu, 
 maybe even AOL style, but you'd have the option of selectively picking out 
 reported malicious/infected users (*cough* ThreatNet *cough*) and routing 
 them through packet inspection frameworks on a case by case basis. Quite 
 possibly, you could even automate that and the users would never be the 
 wiser.
- -
- From my past discussion at nanog sessions, it appears this sink-hole
like process has been extremely helpful for AOL.

Maybe Vijay from AOL could chime in and enlighten us or folks could look
at the archives.



regards,
/virendra

 
 - billn
 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFD+4sWpbZvCIJx1bcRAq2oAJ4z9xmrBYwppdTpYTtLkNow+N17ZQCeJsnE
xr6y99lCbEAnO60SUEtv9Xk=
=av1X
-END PGP SIGNATURE-

Re: NANOG36-NOTES 2006.02.14 talk 2 Netflow Visualization Tools

[Vicky Røde]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

thanks for taking notes.

comments in-line:

Matthew Petach wrote:
 2006.02.14 talk 2 Netflow tools
 
 Bill Yurcik
 byurcik at ncsa.uiuc.edu
 
 NVisionIP and VisFlowConnect-IP
 
 probably a dozen tools out there, this is just
 two of them.  Concenses is there's something to
 this.
 
 They're an edge network, comes into ISP domain,
 their tools are used by entities with many
 subnet blocks.
 
 Overview
 Project Motifivation
 Netflows for Security
 Two visualization tools
  NVisionIP
  VisFlowConnect-IP
 Summary
 
 Internet Security:
 N-Dimensional Work Space
 
 large--already lots of data to process
 complex--combinatorics explode quickly
 time dynamics--things can change quickly!
 Visualizations can help!
  in near-realtime
  overview-browse-details on demand
 
 People are wired to do near-realtime processing
 of visual information, so that's a good way to
 present information for humans.
 HCI says use overview-browse-details paradigm.
 
 Netflows for security
 can identify connection-oriented stats to see
 things like attacks, DoS, DDoS, etc.
 Most people don't use the data portion of the
 flow field, the first 64 bytes, they just look
 at header info or aggregated flow records.
 
 Can spot how many users are on your system at
 a given time, to schedule upgrades.
 
 Who are your top talkers?
 
 How long do my users surf?  What are people using
 the network for?
 
 Where do users go?   Where did they come from?
 
 Are users following the security policy?
 
 What are the top N destination ports?
 Is there traffic to vulnerable hosts?
 
 Can you identify and block scanners/bad guys?
 
 This doesn't replace other systems like syslog, etc.;
 it integrates and works alongside them.
 
 architecture slide for NCSA.
 
 Can't really do sampled view for security, so probably
 need distributed flow collector farm to get all the
 raw data safely.
 
 Two visualization tools:
 NVisionIP, VisFlowConnect-IP
 
 focus on quick overview of tools
 security.ncsa.uiuc.edu/
 
 3 level hierarchical tool;
 galaxy view (small multiple view) ((machine view))
 
 Galaxy is overview of the whole network.
 color and shape of dots is each host in a network.
 settable parameters for each dot.
 
 Animated toolbar and clock show changes over time
 in the galaxy.
 Lets you get high-level content quickly and easily.
 
 Domain view lets you drill in a bit more; small
 multiple view looks at the traffic within the
 block.
 upper histogram is lower, well known ports; lower
 histogram is ports over 1024
 
 You can click on a given multiple view entry to
 delve into one machine.
 Many graphs for each machine in the most detailed
 view.
 
 well known ports first, then rest of ports (sorted)
 then source and destination traffic broken out.
 
 Designed for class Bs.
 
 http://security.ncsa.uiuc.edu/distribution/VisFlowConnectDownload.html
 
 3 vertical lines, comes from edge network perspective;
 middle line is edge network to manage.  You set range
 of networks you care about.  Outside lines are people
 sourcing or sinking traffic to you, from outside
 domains.
 
 There's a time axis, traffic only shown for the slice
 of time currently under consideration.
 Uses VCR-like controls to move time forward/backward
 
 Lets you see traffic/interactivity, drill into that
 domain, see host level connectivity flows.
 
 Shows MS Blaster virus traffic as an example.
 
 Example 2, a scan example.  Just because it looks
 like one IP hitting many others doesn't mean it's
 really a security incident, though; could be a
 cluster getting traffic.
 
 web crawlers hitting NCSA web servers make for
 a very charateristic pattern over time.
 
 Summary
 Netflows analysis is non-trivial,
 
 NVisionIP
 VisFlowConnect-IP
 
 lots of references listed in very fine blue font.
 
 http://security.ncsa.uiuc.edu/distribution/NVisionIPDownload
 
 Avi Freedman, Akamai, Argus was mentioned a lot; it
 lets you grab symmetric netflows, but also does TCP
 analysis, shows some performance data as well.  not
 sure if people are studying the impact of correlating
 argus data with flow data.
 
 Roland Douta? of Cisco; many people are using netflow
 to track security issues.  They now have ingress and
 egress flow data on many of their platforms.
 In reading paper describing it, there's data conversion
 that needs to happen into an internal format that
 nVision can understand.  It reads log files at the
 moment, takes about 5 minutes to process files.  Lets
 them take different file data sources, make the tool
 for visualization independent of the input format.
 They can read large files, but there is a performance
 hit when doing it.
 Are they planning on doing further work on the tool
 to collect TCP flags, for frags, drop traffic, etc?
 They've looked at it, but they leave it to IDS tools
 for flag activity.  Might be of interest to consider
 for future versions of the tools.
 
 Last question came up, echoed about argus.
 Question about 

Re: IRS goes IPv6!

[Vicky Røde]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Christopher L. Morrow wrote:
 
 On Tue, 14 Feb 2006, Jeroen Massar wrote:
 
 
I Ar Es,

At least they have received the 2610:30::/32 allocation from ARIN.
Lets see if they how taxing they find IPv6 ;)
 
 
 so.. this is surprising why? the us-gov mandate for ipv6 uptake will mean
 lots of us-gov folks will be spinning up justifications that they are a
 'service provider' and need a /32... cause they won't accept PA space (or
 I don't think they will accept PA space as a long term solution) ...
 
 or I might be smoking crack :) who knows.
- --
resistance is futile, you will be assimilated :-)





regards,
/virendra

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFD8sY0pbZvCIJx1bcRAu6vAJ0dlSiJvkDWkXtZ1oHIRZQrNRHqdACgscec
2GCg+nM2inuo62oBau4KEh0=
=bK4r
-END PGP SIGNATURE-

Re: net-op: traffic loads as the result of patching

[Vicky Røde]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

hmm..I thought (correct me if I wrong) wsus followed a mirror
(distributed) model say if a group of servers were pegged the update
process would provide remote clients access to the closet and min
latency host(s) in order to distribute the load prevent bandwidth
saturation.



regards,
/virendra


Elijah Savage wrote:
 Sean Donelan wrote:
 
So, maybe an operational question.

What are people seeing as far as network traffic loads due to WMF patching
activity, e.g. auto-update and manual downloads?  Microsoft has used
several CDNs in addition to its own servers to distribute the load
in the past.
 
 WSUS servers are being pounded right now. Usually 5 to 7% CPU now 72%
 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDvqLlpbZvCIJx1bcRAoF4AJ9pi/xlNkX8mSMT4ogZcVccrJ9ijACg854X
JhwaWYg6bEmVf4yHVmY6mQI=
=3oZt
-END PGP SIGNATURE-