Re: Can you see these AS links:)

[Patrick W. Gilmore]

On Mar 31, 2009, at 10:56 PM, Kai Chen wrote:

As part of a research project here at Northwestern, we have found  
quite a
few unexpected AS-level links that do not appear in public available  
BGP
tables. We really need your help in validating them; for anyone who  
knows
links associated with any AS, if you can assist us with this please  
contact

us off list.


That's an interesting request.  Most network operators know about AS  
adjacencies, since it is hard to be on the Internet without your AS  
having a link to at least one other.  Do you expect everyone to ping  
you back?


Also, what makes you think all adjacencies appear in "public available  
BGP tables"?  Most do not.  This is not surprising, it is expected.   
I'm interested to know why you think they would.


--
TTFN,
patrick

Can you see these AS links:)

[Kai Chen]

Hello folks,
As part of a research project here at Northwestern, we have found quite a
few unexpected AS-level links that do not appear in public available BGP
tables. We really need your help in validating them; for anyone who knows
links associated with any AS, if you can assist us with this please contact
us off list.

Thanks!
- Kai

Re: Google Over IPV6

[Matthew Moyle-Croft]

Everything is a tunnel...


Tube man.  Everything is a tube... and Al Gore invented tubes.

MMC





Nick






--
Matthew Moyle-Croft Internode/Agile Peering and Core Networks

Re: Google Over IPV6

[Joel Jaeggli]

Nick Hilliard wrote:
> On 27/03/2009 15:26, Leo Bicknell wrote:
>> AFAIK you have to have native peering with them to be part of the
>> pilot.  At least, you did when we signed up.  They may have relaxed
>> that since.
> 
> According to a Google IPv6 talk I attended yesterday, they don't intend
> to relax that rule.  Tunneling ipv6 connectivity over ipv4 is trash
> quality engineering and to be honest, its not a credible substitute for
> adequate ipv6 infrastructure.


Tunneling ipv4 over mpls is trash quality engineering and it's not a
credible substitute for adequate ipv4 infrastructure.


Everything is a tunnel...

> Nick
> 

Hotmail/MSN/Live help?

[Weier, Paul]

My mail server is currently being blocked by Windows/Live/Hotmail even
though I am (and have been for years) a member of Microsoft's JMRP and
SNDS services.
 
Not sure what changed after years of peaceful co-existence.
 
Could someone from Windows Live Hotmail please contact me off list?
 
TIA
 
--

Paul
Senior System Administrator
Internet Broadcasting
p...@ibsys.com 

Visit us at:  www.ibsys.com

This message may contain information that is privileged or confidential.
If you receive this transmission in error, please notify the sender by
reply email and delete the message and any attachment; and be advised
that disclosing, copying, distributing or taking any action in reliance
upon the content is prohibited.

--

Re: TWC outage

[John Schnizlein]

are you just a little early for April Fools?
:-)

On 2009Mar31, at 5:43 PM, Adam Greene wrote:

Based on a traceroute from a Webjogger customer, the loop was in  
Chicago.

Re: TWC outage

[Adam Greene]

Thanks for various replies off-list which helped to troubleshoot this issue 
and possibly accelerate resolution.


Time Warner attributed the issue to a routing loop on the Level 3 network 
caused by some work last night. Based on a traceroute from a Webjogger 
customer, the loop was in Chicago.


As of about 4:45pm EDT things seem back to normal.

Thanks!
Adam

--
Webjogger
(845) 757-4000
ASN 20208



- Original Message - 
From: Adam Greene

To: outa...@outages.org ; nanog@nanog.org
Sent: Tuesday, March 31, 2009 11:18 AM
Subject: [outages] TWC outage


Seems to be an outage with Time Warner Cable in the upstate New York area
...

As far as I can tell, it's on AS7843.

I'm awaiting callback from an engineer for details 

Adam

--
Webjogger
(845) 757-4000
ASN 20208

==

C:\>tracert www.authorize.net

Tracing route to www.authorize.net [64.94.118.77]
over a maximum of 30 hops:

 138 ms 1 ms 2 ms  10049.webjogger.net [204.8.80.49]
 2 6 ms 6 ms 7 ms  cpe-24-29-112-25.nyc.res.rr.com 
[24.29.112.25]
 3 8 ms 7 ms 6 ms  gig-12-2-nycmnyrdc-rtr1.nyc.rr.com 
[24.29.104.97]
 4 7 ms 7 ms 8 ms  gig1-0-0-nwrknjmd-rtr1.nyc.rr.com 
[24.29.130.182]

 5 7 ms 7 ms 6 ms  ae-4-0.cr0.nyc30.tbone.rr.com [66.109.6.78]
 6 9 ms 8 ms 8 ms  ae-1-0.pr0.nyc20.tbone.rr.com [66.109.6.163]
 7 8 ms 9 ms 8 ms  66.109.9.210
 8 *** Request timed out.
 9 *** Request timed out.
10 *** Request timed out.
11 *** Request timed out.
12 *** Request timed out.
13 *** Request timed out.
14 *** Request timed out.
15 *** Request timed out.
16 *** Request timed out.
17 *** Request timed out.
18 *** Request timed out.
19 *** Request timed out.
20 *** Request timed out.
21 *** Request timed out.
22 *** Request timed out.
23 *** Request timed out.
24 *** Request timed out.
25 *** Request timed out.
26 *** Request timed out.
27 *** Request timed out.
28 *** Request timed out.
29 *** Request timed out.
30 *** Request timed out.

Trace complete.




___
outages mailing list
outa...@outages.org
https://puck.nether.net/mailman/listinfo/outages 

Re: The Confiker Virus.

[Dominic J. Eidson]

See http://honeynet.org/node/388 for snort signatures for .a and .b 
variants.



 - d.

On Tue, 31 Mar 2009, Steven Fischer wrote:


Is anyone aware of any network-based signatures that could be used to
identify and tag IP traffic, for dropping at the ingress/egress points?

On Tue, Mar 31, 2009 at 9:41 AM, JoeSox  wrote:


I am uncertain also. I scan a subnet on my network with Axence
NetTools looking for 445 port and I receive some hits. I perform a
netstat -a some of those results but don't really see any 445
activity.  The SCS script doesn't find anything either.  The PCs are
patched and virusscan updated. One PC when I connected to it did not
navigate to Windowsupdate website. I scheduled a Full McAfee scan as
their documentation suggests
(
http://download.nai.com/products/mcafee-avert/documents/combating_w32_conficker_worm.pdf
),
and sometime through the scan I was able to reach windowsupdate. I
don't know if it was a coincidence or not that I was not able to reach
the website.  I haven't looked into the registry and any other places
for evidence of conficker. I will probably today but I am afraid it
maybe a waste of time since they are already patched and updated.
--
Joe



On Tue, Mar 31, 2009 at 5:48 AM, Eric Tykwinski 
wrote:
> Joe,


Here's the link for the Python Crypto toolkit:
http://www.amk.ca/python/code/crypto.html

I scanned our internal network and didn't find anything, so I can't

really

vouch for it's reliablity though.









--
Dominic J. Eidson
 "Baruk Khazad! Khazad ai-menu!" - Gimli

   http://www.dominiceidson.com/

Re: The Confiker Virus.

[Steven Fischer]

Is anyone aware of any network-based signatures that could be used to
identify and tag IP traffic, for dropping at the ingress/egress points?

On Tue, Mar 31, 2009 at 9:41 AM, JoeSox  wrote:

> I am uncertain also. I scan a subnet on my network with Axence
> NetTools looking for 445 port and I receive some hits. I perform a
> netstat -a some of those results but don't really see any 445
> activity.  The SCS script doesn't find anything either.  The PCs are
> patched and virusscan updated. One PC when I connected to it did not
> navigate to Windowsupdate website. I scheduled a Full McAfee scan as
> their documentation suggests
> (
> http://download.nai.com/products/mcafee-avert/documents/combating_w32_conficker_worm.pdf
> ),
> and sometime through the scan I was able to reach windowsupdate. I
> don't know if it was a coincidence or not that I was not able to reach
> the website.  I haven't looked into the registry and any other places
> for evidence of conficker. I will probably today but I am afraid it
> maybe a waste of time since they are already patched and updated.
> --
> Joe
>
>
>
> On Tue, Mar 31, 2009 at 5:48 AM, Eric Tykwinski 
> wrote:
>  > Joe,
> >
> > Here's the link for the Python Crypto toolkit:
> > http://www.amk.ca/python/code/crypto.html
> >
> > I scanned our internal network and didn't find anything, so I can't
> really
> > vouch for it's reliablity though.
>
>


-- 
To him who is able to keep you from falling and to present you before his
glorious presence without fault and with great joy

Re: Cacti Graphing

[Martin Hannigan]

Hi Joe,

I sent you some links offline as well, but make sure the polling host can
talk to the target:

IIRC, the Alcatel/Lucent device(s) default to snmp v2. IIRC, Cacti is
defaulted to v1. At the CLI of the [hopefully] nix device:

   snmpwalk -v 2c $community ip_addr 1.3.6

That should prove that you can talk to and walk the device. If that works
and the poller doesn't, investigate host poller settings or options for v2.
That and ACL's have been typical root causes of problems whenever I have had
issues with polling a target device.

Best,

Martin



On Tue, Mar 31, 2009 at 6:05 AM, Joseph Nzioka  wrote:

> Hi All,
>
> Has any one on this list graphed alcatel-lucent service routers succesfully
> using Cacti and if yes would you be kind enough to provide the base
> template
> or the how to.?
>
> --
> Kind Regards
> 
> Joseph Nzioka,
> Cell:+254 735 452050
> Cell:+254 711 968429
>



-- 
Martin Hannigan   mar...@theicelandguy.com
p: +16178216079
Power, Network, and Costs Consulting for Iceland Datacenters

RE: Earthlink help needed

[Ray Corbin]

Hey,

I'm also having an issue with mail delivery to earthlink. It seems some of the 
messages to earthlink are not reaching the inbox post the initial acceptance. 
Can an earthlink administrator confirm off-list if this is something the client 
can control? The few that I have examples of swear they never receive the 
message but our logs show it was accepted for delivery.

Thanks,

Raymond Corbin
443.866.6048


> -Original Message-
> From: Mike Lewinski [mailto:m...@rockynet.com]
> Sent: Monday, March 30, 2009 8:16 PM
> To: nanog@nanog.org
> Subject: Re: Earthlink help needed
> 
> Within an hour of making this post I received a call from a very helpful
> engineer at Earthlink. The problem has been identified and a resolution
> is in the works.
> 
> Mike
> 
> Mike Lewinski wrote:
> > One of our mail servers can't talk to any of the earthlink MX servers
> > and after two weeks of trying I've got a queue full of undeliverable
> > mail to their subs.
> >
> > Previous attempts at getting help via postmas...@earthlink.net are
> > unanswered. INOC-DBA has no directory entry for them. This old NANOG
> > post (http://www.merit.edu/mail.archives/nanog/msg01582.html) has a
> > valid phone number but invalid extension. So I hit 0 and got a tech
> > anyway. That tech instructed me to forward on my concerns to
> > blockedbyearthl...@abuse.earthlink.net which I did, but nothing more
> > than an auto-response has come back a week later now (and yes, I
> > followed the instructions in the auto-responder and re-submitted in the
> > requested format).
> >
> > Everything I've read indicates that if we are being blocked deliberately
> > I should be getting a 550 SMTP error back. We do not even get a SYN/ACK
> > back (nor ICMP unreachable/prohibited, nor RST) so no SMTP errors are
> > generated from their servers. The MX are all pingable and traceable, so
> > its not a routing problem AFAICT.
> >
> > The mailman server here has paranoid rDNS setup, does not appear on any
> > blacklists, and has never been the subject of any spam complaints. It
> > runs a listserv for a professional legal association which charges
> > members a fee before they are allowed to join the list, so the
> > possibility of unwanted third parties being subscribed is very near
> zero.
> >
> > TIA and sorry for the noise. We tried having an Earthlink subscriber
> > work this from the other angle. All she got was "Earthlink has been
> > blocking port 25 for years you should now this by now!"
> >
> > Mike Lewinski
> > --
> > m...@rockynet.com
> > POTS: 303-629-2860
> > INOC-DBA: 13345*mjl
> >
> 

Re: Cacti Graphing

[Raymond Macharia]

Hi Nzioka, the appropriate place for your request is
http://forums.cacti.net/. Or you can also check
http://sourceforge.net/mailarchive/forum.php?forum_name=cacti-user

Regards

Raymond Macharia


On Tue, Mar 31, 2009 at 1:05 PM, Joseph Nzioka  wrote:

> Hi All,
>
> Has any one on this list graphed alcatel-lucent service routers succesfully
> using Cacti and if yes would you be kind enough to provide the base
> template
> or the how to.?
>
> --
> Kind Regards
> 
> Joseph Nzioka,
> Cell:+254 735 452050
> Cell:+254 711 968429
>

Spoofer project update

[Robert Beverly]

Hi, as many of you are acutely aware, IP source spoofing is still a
common attack vector.  The ANA spoofer project:
  http://spoofer.csail.mit.edu

first began quantifying the extent of source verification in 2005.
We've amassed several years worth of data -- data that has become
particularly interesting in light of recent attacks.  However, our
data raised as many questions as it answered.  Hence, we have
developed a new version of the tester designed to answer these
questions and improve our Internet-wide inferences.

What's New:
  In addition to new tests, we've hooked into CAIDA's Ark
  infrastructure which allows us to perform multiple
  path-based measurements.  This information is presented to
  the client now in visual form; see the screenshots for an
  example report:
 http://spoofer.csail.mit.edu/example/example.php

How you can help:
  Simple -- take a few minutes to download and run the
  tester.  The more points you can run the tester from, the
  better.

Comments/Flames:
  Welcome, and we appreciate all feedback.  Be sure to read
  the FAQ:  http://spoofer.csail.mit.edu/faq.php

Many thanks,

rob


pgpPepMpUgLes.pgp
Description: PGP signature

TWC outage

[Adam Greene]

Seems to be an outage with Time Warner Cable in the upstate New York area 
...

As far as I can tell, it's on AS7843.

I'm awaiting callback from an engineer for details 

Adam

--
Webjogger
(845) 757-4000
ASN 20208

==

C:\>tracert www.authorize.net

Tracing route to www.authorize.net [64.94.118.77]
over a maximum of 30 hops:

  138 ms 1 ms 2 ms  10049.webjogger.net [204.8.80.49]
  2 6 ms 6 ms 7 ms  cpe-24-29-112-25.nyc.res.rr.com [24.29.112.25]
  3 8 ms 7 ms 6 ms  gig-12-2-nycmnyrdc-rtr1.nyc.rr.com 
[24.29.104.97]
  4 7 ms 7 ms 8 ms  gig1-0-0-nwrknjmd-rtr1.nyc.rr.com 
[24.29.130.182]
  5 7 ms 7 ms 6 ms  ae-4-0.cr0.nyc30.tbone.rr.com [66.109.6.78]
  6 9 ms 8 ms 8 ms  ae-1-0.pr0.nyc20.tbone.rr.com [66.109.6.163]
  7 8 ms 9 ms 8 ms  66.109.9.210
  8 *** Request timed out.
  9 *** Request timed out.
 10 *** Request timed out.
 11 *** Request timed out.
 12 *** Request timed out.
 13 *** Request timed out.
 14 *** Request timed out.
 15 *** Request timed out.
 16 *** Request timed out.
 17 *** Request timed out.
 18 *** Request timed out.
 19 *** Request timed out.
 20 *** Request timed out.
 21 *** Request timed out.
 22 *** Request timed out.
 23 *** Request timed out.
 24 *** Request timed out.
 25 *** Request timed out.
 26 *** Request timed out.
 27 *** Request timed out.
 28 *** Request timed out.
 29 *** Request timed out.
 30 *** Request timed out.

Trace complete. 

Re: The Confiker Virus.

[JoeSox]

I am uncertain also. I scan a subnet on my network with Axence
NetTools looking for 445 port and I receive some hits. I perform a
netstat -a some of those results but don't really see any 445
activity.  The SCS script doesn't find anything either.  The PCs are
patched and virusscan updated. One PC when I connected to it did not
navigate to Windowsupdate website. I scheduled a Full McAfee scan as
their documentation suggests
(http://download.nai.com/products/mcafee-avert/documents/combating_w32_conficker_worm.pdf),
and sometime through the scan I was able to reach windowsupdate. I
don't know if it was a coincidence or not that I was not able to reach
the website.  I haven't looked into the registry and any other places
for evidence of conficker. I will probably today but I am afraid it
maybe a waste of time since they are already patched and updated.
--
Joe



On Tue, Mar 31, 2009 at 5:48 AM, Eric Tykwinski  wrote:
> Joe,
>
> Here's the link for the Python Crypto toolkit:
> http://www.amk.ca/python/code/crypto.html
>
> I scanned our internal network and didn't find anything, so I can't really
> vouch for it's reliablity though.

Re: The Confiker Virus.

[Jason Biel]

>From what I can find with the nmap way, You don't want to see *Conficker:
LIKELY INFECTED* or *Conficker: VULNERABLE*.

2009/3/31 JoeSox 

> I forgot to mention that I have had python-crypto already installed
> before I posted. I was still getting the WARNING.
> --
> Joe
>
> On Mon, Mar 30, 2009 at 11:10 PM, David Tebbutt
>  wrote:
> > you need to add python-crypto with whatever package manager your OS
> > uses,
> > yast line in suse:
> >
> > │python-crypto   │2.0.1  │2.0.1
> > │Collection of cryptographic algorithms and protocols, implemented
> > for use from Python
> >
> > d
> >
>
>


-- 
Jason Biel

Re: The Confiker Virus.

[Wilkinson, Alex]

0n Tue, Mar 31, 2009 at 09:22:32AM -0400, Steven M. Bellovin wrote: 

Honeynet Project has released Know Your Enemy:  Containing Conficker:

   Our "Know Your Enemy: Containing Conficker" whitepaper was released on March
   30th as a PDF only. You can download the full paper from the link below.

   Paper Abstract

   The Conficker worm has infected several million computers since it first 
started
   spreading in late 2008 but attempts to mitigate Conficker have not yet proved
   very successful. In this paper we present several potential methods to 
contain
   Conficker. The approaches presented take advantage of the way Conficker 
patches
   infected systems, which can be used to remotely detect a compromised system.
   Furthermore, we demonstrate various methods to detect and remove Conficker
   locally and a potential vaccination tool is presented. Finally, the 
domainname
   generation mechanism for all three Conficker variants is discussed in detail 
and
   an overview of the potential for upcoming domain collisions in version .C is
   provided. Tools for all the ideas presented here are freely available for
   download including source code.

   In addition, as a result of this paper and the hard work of Dan Kaminsky, 
most
   vulnerability scanning tools (including Nmap) should now have a plugin or
   signatures that allow you to remotely detect infected Conficker systems on 
your
   networks.  Finally, we would like to recognize and thank the tremendous help 
and
   input of the Conficker Working Group.

   Paper last updated March 30th 2009, 23:00 GMT (rev1)

   http://www.honeynet.org/files/KYE-Conficker.pdf


  -aW

IMPORTANT: This email remains the property of the Australian Defence 
Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 
1914.  If you have received this email in error, you are requested to contact 
the sender and delete the email.

Re: The Confiker Virus.

[JoeSox]

I forgot to mention that I have had python-crypto already installed
before I posted. I was still getting the WARNING.
--
Joe

On Mon, Mar 30, 2009 at 11:10 PM, David Tebbutt
 wrote:
> you need to add python-crypto with whatever package manager your OS
> uses,
> yast line in suse:
>
> │python-crypto                   │2.0.1          │2.0.1
> │Collection of cryptographic algorithms and protocols, implemented
> for use from Python
>
> d
>

Re: The Confiker Virus.

[Steven M. Bellovin]

Also see
http://arstechnica.com/security/news/2009/03/new-method-for-detecting-conficker-discovered-debuted.ars

Re: The Confiker Virus.

[Stefan]

Here is a pretty good recap of all options, including some useful comments:

http://it.slashdot.org/article.pl?sid=09/03/30/090224 - including the
specific one addressing the py script:
http://it.slashdot.org/comments.pl?sid=1180397&cid=27387085 )

Stefan

On Tue, Mar 31, 2009 at 7:48 AM, Eric Tykwinski  wrote:
> Joe,
>
> Here's the link for the Python Crypto toolkit:
> http://www.amk.ca/python/code/crypto.html
>
> I scanned our internal network and didn't find anything, so I can't really
> vouch for it's reliablity though.
>
> -Original Message-
> From: David Tebbutt [mailto:da...@sunshadeseyewear.com.au]
> Sent: Tuesday, March 31, 2009 2:10 AM
> To: Paul Ferguson; JoeSox
> Cc: nanog@nanog.org
> Subject: Re: The Confiker Virus.
>
> you need to add python-crypto with whatever package manager your OS uses,
> yast line in suse:
>
> |python-crypto                   |2.0.1          |2.0.1
> |Collection of cryptographic algorithms and protocols, implemented for use
> from Python
>
> d
>
 JoeSox  31/03/09 8:46 am >>>
> Has anyone tried the Python scs Network Scanner script?
> http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker/
>
> I have installed Impacket-0.9.6.0 library but it throws the following
> warning
> "WARNING: Crypto package not found. Some features will fail."
>
> Does anyone know if this effects the reliability of the scs script? I have
> it scanning but I don't like that warning.
>
> What other library is Impacket looking for to correct that warning?
>
> --
> Thanks, Joe
>
>
> On Mon, Mar 30, 2009 at 10:27 AM, Paul Ferguson 
> wrote:
>
>
>



-- 
***Stefan
http://twitter.com/netfortius

Re: The Confiker Virus.

[Jason Biel]

Anyone try the new nmap beta that includes the ability to detect it?
nmap-4.85BETA5 ?

I am looking for output from a scan on a known infected machine vs what I
believe is a clean machine I have.

Thanks,

On Tue, Mar 31, 2009 at 7:48 AM, Eric Tykwinski wrote:

> Joe,
>
> Here's the link for the Python Crypto toolkit:
> http://www.amk.ca/python/code/crypto.html
>
> I scanned our internal network and didn't find anything, so I can't really
> vouch for it's reliablity though.
>
> -Original Message-
> From: David Tebbutt [mailto:da...@sunshadeseyewear.com.au]
> Sent: Tuesday, March 31, 2009 2:10 AM
> To: Paul Ferguson; JoeSox
> Cc: nanog@nanog.org
> Subject: Re: The Confiker Virus.
>
> you need to add python-crypto with whatever package manager your OS uses,
> yast line in suse:
>
> |python-crypto   |2.0.1  |2.0.1
> |Collection of cryptographic algorithms and protocols, implemented for use
> from Python
>
> d
>
> >>> JoeSox  31/03/09 8:46 am >>>
> Has anyone tried the Python scs Network Scanner script?
> http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker/
>
> I have installed Impacket-0.9.6.0 library but it throws the following
> warning
> "WARNING: Crypto package not found. Some features will fail."
>
> Does anyone know if this effects the reliability of the scs script? I have
> it scanning but I don't like that warning.
>
> What other library is Impacket looking for to correct that warning?
>
> --
> Thanks, Joe
>
>
> On Mon, Mar 30, 2009 at 10:27 AM, Paul Ferguson 
> wrote:
>
>
>


-- 
Jason Biel

RE: The Confiker Virus.

[Eric Tykwinski]

Joe,

Here's the link for the Python Crypto toolkit:
http://www.amk.ca/python/code/crypto.html

I scanned our internal network and didn't find anything, so I can't really
vouch for it's reliablity though.

-Original Message-
From: David Tebbutt [mailto:da...@sunshadeseyewear.com.au] 
Sent: Tuesday, March 31, 2009 2:10 AM
To: Paul Ferguson; JoeSox
Cc: nanog@nanog.org
Subject: Re: The Confiker Virus.

you need to add python-crypto with whatever package manager your OS uses,
yast line in suse:

|python-crypto   |2.0.1  |2.0.1 
|Collection of cryptographic algorithms and protocols, implemented for use
from Python 

d

>>> JoeSox  31/03/09 8:46 am >>>
Has anyone tried the Python scs Network Scanner script?
http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker/ 

I have installed Impacket-0.9.6.0 library but it throws the following
warning
"WARNING: Crypto package not found. Some features will fail."

Does anyone know if this effects the reliability of the scs script? I have
it scanning but I don't like that warning.

What other library is Impacket looking for to correct that warning?

--
Thanks, Joe


On Mon, Mar 30, 2009 at 10:27 AM, Paul Ferguson 
wrote:

Cacti Graphing

[Joseph Nzioka]

Hi All,

Has any one on this list graphed alcatel-lucent service routers succesfully
using Cacti and if yes would you be kind enough to provide the base template
or the how to.?

-- 
Kind Regards

Joseph Nzioka,
Cell:+254 735 452050
Cell:+254 711 968429