RE: Managing free pairs to prevent DSL sync. loss
Yeah, grounding both ends will result in some current traversing across the pairs all the time because of differences in ground potential over long-ish distances. Ken Matlock Network Analyst 303-467-4671 matlo...@exempla.org -Original Message- From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] Sent: Tuesday, July 17, 2012 9:00 AM To: John Souvestre Cc: 'NANOG Mailing List' Subject: Re: Managing free pairs to prevent DSL sync. loss On Tue, 17 Jul 2012 09:15:59 -0500, John Souvestre said: Have you considered grounding one end (or both) of the free pairs? Perhaps this would reduce the amount of noise they pick up. Grounding both ends will probably result in hilarity ensues. And I suspect that Anurag can't ground the free pairs, because the copper belongs to the provider. *** SCLHS Confidentiality Notice *** The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any other dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by replying to the message and deleting it from your computer. Thank you. *** SCLHS Confidentiality Notice ***
RE: Managing free pairs to prevent DSL sync. loss
-Original Message- From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] No, it will be strictly a DC current, with the amperage easily calculated from the voltage difference between the two ends and the resistance of however many cable-feet of wire is involved. Not usually a big deal, unless your termination design didn't include the ability to sink a DC current 24/7. (Of course, actually measuring the voltage and resistance may be non-trivial :) That brings up an interesting question. I assumed the ground potential stays the same between 2 points, but have there been any studies to see if it's actually DC, or if there's an AC component to it? If there's an AC component in the ground at either end (or both) that may introduce EM into adjacent pairs across the cable. And are they more or less than the EM ungrounded pairs would pick up? Ken Matlock Network Analyst 303-467-4671 matlo...@exempla.org *** SCLHS Confidentiality Notice *** The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any other dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by replying to the message and deleting it from your computer. Thank you. *** SCLHS Confidentiality Notice ***
RE: Whither Cometh BCP38?
There are plenty of 'knobs', but I doubt any read this list Ken Matlock Network Engineer 303-467-4671 matlo...@exempla.org -Original Message- From: Dobbins, Roland [mailto:rdobb...@arbor.net] Sent: Monday, June 11, 2012 10:32 AM To: NANOG Gripes List Subject: Re: Whither Cometh BCP38? On Jun 11, 2012, at 11:09 PM, Jay Ashworth wrote: So, are the knobs actually on? (I'm guessing clearly, not) In many cases, no, or we wouldn't be seeing many spoofed packets, would we? ; --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton *** SCLHS Confidentiality Notice *** The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any other dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by replying to the message and deleting it from your computer. Thank you. *** SCLHS Confidentiality Notice ***
RE: Network Traffic Collection
Netflow + netflow collector. Ken Matlock Network Analyst Systems and Technology Service Center Sisters of Charity of Leavenworth Health System 12600 W. Colfax, Suite A-500 Lakewood, CO 80215 303-467-4671 matlo...@exempla.org -Original Message- From: Maverick [mailto:myeaddr...@gmail.com] Sent: Thursday, February 23, 2012 1:19 PM To: Jeroen Massar Cc: nanog@nanog.org Subject: Re: Network Traffic Collection I want to be able to see information like how much traffic an ip send over a period of time, what machines it talked to etc from this perspective it should be IP based but I would really like to know how other people do it. Best, Ali On Thu, Feb 23, 2012 at 3:14 PM, Jeroen Massar jer...@unfix.org wrote: On 2012-02-23 21:11 , Maverick wrote: Hello, I am trying to collect traffic traffic from pcap file and store it in a database but really confused how to organize it. Should I organize it on connection basis/ flow basis or IP basis. It might be an effort to write a customized traffic analysis tool like wireshark with only required functionality. I would really appreciate if someone can give me direction on write way of organizing the data because right now I only see individual packets and no way of putting them in some order. Does this all not completely depend on what you actually want to do with it? You might want to start there instead of the other way around. Greets, Jeroen *** Exempla Confidentiality Notice *** The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any other dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by replying to the message and deleting it from your computer. Thank you. *** Exempla Confidentiality Notice ***
RE: what if...?
You mean besides SSL? :) Ken Matlock Network Analyst Systems and Technology Service Center Sisters of Charity of Leavenworth Health System 12600 W. Colfax, Suite A-500 Lakewood, CO 80215 303-467-4671 matlo...@exempla.org -Original Message- From: Eduardo A. Suárez [mailto:esua...@fcaglp.fcaglp.unlp.edu.ar] Sent: Tuesday, December 20, 2011 9:37 AM To: nanog@nanog.org Subject: what if...? Hi, what if evil guys hack my mom ISP DNS servers and use RPZ to redirect traffic from mom_bank.com to evil.com? How can she detect this? Eduardo.- -- Eduardo A. Suarez Facultad de Ciencias Astronómicas y Geofísicas - UNLP FCAG: (0221)-4236593 int. 172/Cel: (0221)-15-4557542/Casa: (0221)-4526589 This message was sent using IMP, the Internet Messaging Program. *** Exempla Confidentiality Notice *** The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any other dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by replying to the message and deleting it from your computer. Thank you. *** Exempla Confidentiality Notice ***
RE: Recent DNS attacks from China?
Except in this case it's a DNS attack, which implies UDP based and easily spoofed. The source IP may or may not actually be accurate. Ken From: Richard Barnes [mailto:richard.bar...@gmail.com] Sent: Wed 11/30/2011 11:51 AM To: andrew.wallace Cc: nanog@nanog.org; Leland Vandervort Subject: Re: Recent DNS attacks from China? An attack originating from somewhere indicates the presence of either an attacker or a compromised host. A particular density of either in a particular geographical area would seem like an interesting data point. --Richard On Wed, Nov 30, 2011 at 1:24 PM, andrew.wallace andrew.wall...@rocketmail.com wrote: Before we see knee-jerk conclusions about who to blame, these attacks could be carried out by anyone. Is country even relevant in the cyberscape? Andrew *** Exempla Confidentiality Notice *** The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any other dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by replying to the message and deleting it from your computer. Thank you. *** Exempla Confidentiality Notice ***
RE: How to begin making my own ISP?
The second thing is that you need to have at least a VAGUE idea what you want to actually offer. A DSL ISP is VASTLY different than a Co-Location ISP. I'd say you need to sit down and take a long hard look at exactly you want to do, *then* figure out what you need to do in order to accomplish it. Ken Matlock Network Analyst Exempla Healthcare (303) 467-4671 matlo...@exempla.org -Original Message- From: Eric Wieling [mailto:ewiel...@nyigc.com] Sent: Friday, September 16, 2011 12:14 PM To: hass...@hushmail.com; nanog@nanog.org Subject: RE: How to begin making my own ISP? I think the question was far too vague. The first thing you need to start an ISP is LOTS OF MONEY. -Original Message- From: hass...@hushmail.com [mailto:hass...@hushmail.com] Sent: Friday, September 16, 2011 2:10 PM To: nanog@nanog.org Subject: Re: How to begin making my own ISP? No one replied with any useful information. I guess no one wants competition on this list? Pretty poor tactic. On Sat, 10 Sep 2011 21:55:01 -0400 hass...@hushmail.com wrote: I want to begin making my own ISP, mainly for high speed servers and such, but also branching out to residential customers. I'm going to be in Germany for the next school year (probably either Frankfurt am Main or Berlin); any suggestions on what sort of classes I can take there that will be in English and will teach me all I need to know on how to build and manage my own ISP, AS, etc? Thanks. *** Exempla Confidentiality Notice *** The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any other dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by replying to the message and deleting it from your computer. Thank you. *** Exempla Confidentiality Notice ***
RE: 123.45.67.89
I'm not sure what all I'd do with it (besides have the hostname 'Jenny'), but I'd love to have 86.75.30.9 Ken Matlock Network Analyst Exempla Healthcare (303) 467-4671 matlo...@exempla.org -Original Message- From: Robert Lusby [mailto:nano...@gmail.com] Sent: Friday, February 18, 2011 9:48 AM To: nanog@nanog.org Subject: 123.45.67.89 --- Friday miscellaneous --- What can anyone tell me about IPv4: 123.45.67.89 ? Other than it's used by Samsung in Korea? Do they have any cool applications for it? Do you have, or know of any other cherished IPv4s? What do you use it for? Google DNS is a good example (4.4.4.4).
RE: anyone running GPS clocks in Southeastern Georgia?
Probably related to: http://www.engadget.com/2011/01/20/faa-warns-of-ongoing-gps-issues-in-so utheastern-us-due-to-defens/ Sounds like they're doing 'tests' on GPS near SE Georgia. Ken Matlock Network Analyst Exempla Healthcare (303) 467-4671 matlo...@exempla.org -Original Message- From: Jack Carrozzo [mailto:j...@crepinc.com] Sent: Friday, January 21, 2011 10:40 AM To: Majdi S. Abbas Cc: Robert E. Seastrom; nanog@nanog.org Subject: Re: anyone running GPS clocks in Southeastern Georgia? On Fri, Jan 21, 2011 at 12:36 PM, Majdi S. Abbas m...@latt.net wrote: Nahh, that was the western WAAS sat, IIRC. This is...Something Else Entirely. Ahh, my mistake. Sitting in the back now, -Jack Carrozzo
RE: non operational question related to IP
'Octal' (Base-8) :) The leading '0' is telling the box to interpret it as octal instead of decimal or hex. Ken Matlock Network Analyst Exempla Healthcare (303) 467-4671 matlo...@exempla.org -Original Message- From: Greg Whynott [mailto:greg.whyn...@oicr.on.ca] Sent: Monday, November 22, 2010 12:53 PM To: nanog list Subject: non operational question related to IP i was pinging a host from a windows machine and made a typo which seemed harmless. the end result was it interpreted my input differently than what I had intended. thinking this was a m$ issue I quickly took the opportunity to poke fun at windows as the senior m$ admin was near by. look at how brain dead this os is, it can't even do simple math! He is now looking at my screen scratching his head. watch, i'll open a shell on os x and show you how it can add 0 +10 I open a shell on os x, same behavior as windows. ok so apple is brain dead too, watch, it'll work on linux! same deal... long story short, it does work as expected on all our hardware routing gear.still not sure what is happening here... osx-gwhynott:~ gwhynott$ ping 10.010.10.1 PING 10.010.10.1 (10.8.10.1): 56 data bytes gwhyn...@ops:~$ ping 10.010.10.1 PING 10.010.10.1 (10.8.10.1) 56(84) bytes of data. CORE1ping 10.010.10.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds: ! anyone happen to know how the OS's are interpreting the 010? doesn't appear work out in base[2-10] (1010,101,22,20,14,13,12,11,10,A) thanks! greg -- This message and any attachments may contain confidential and/or privileged information for the sole use of the intended recipient. Any review or distribution by anyone other than the person for whom it was originally intended is strictly prohibited. If you have received this message in error, please contact the sender and delete all copies. Opinions, conclusions or other information contained in this message may not be that of the organization.
RE: Pica8 - Open Source Cloud Switch
Because 'cloud computing' is the latest buzzword, and their marketing department thought that by attaching that buzzword to it, that would increase sales? :) Nevermind that clouds contain nothing but vapor. Ken Matlock Network Analyst Exempla Healthcare (303) 467-4671 matlo...@exempla.org -Original Message- From: Nick Hilliard [mailto:n...@foobar.org] Sent: Monday, October 18, 2010 8:14 AM To: Brandon Kim Cc: nanog@nanog.org Subject: Re: Pica8 - Open Source Cloud Switch On 18/10/2010 14:27, Brandon Kim wrote: Good question Nick, what is a cloud switch? Is this like VSS in cisco where you have a virtual chassis? The vss is virtual management software for a virtual switch. This box looks like a piece of hardware that you can plug things into, so I'm just wondering what makes this a cloud switch and some other piece of kit not a cloud switch. Nick
RE: Active Directory requires Microsoft DNS?
Active directly is tied fairly closely to it's DNS. For example, if a client needs to find a Domain Controller, it does a DNS 'SRV' query for (I think, I'm doing this from memory) '_LDAP._TCP.domain.com/org/net/whatever'. I assume other 'services' like LDAP are 'advertised' (if you can call it that) via DNS as well. You MAY be able to duplicate all the records in BIND, but expect random things to not work, and have to do a bunch of research figuring out what DNS query it's doing, and what the proper answer is. Ken Matlock Network Analyst Exempla Healthcare (303) 467-4671 matlo...@exempla.org -Original Message- From: Tom Mikelson [mailto:tmikel...@gmail.com] Sent: Monday, September 20, 2010 8:05 AM To: nanog@nanog.org Subject: Active Directory requires Microsoft DNS? Presently our organization utilizes BIND for DNS services, with the Networking team administering. We are now being told by the Systems team that they will be responsible for DNS services and that it will be changed over to the Microsoft DNS service run on domain controllers. The reason given is that the Active Directory implementation requires the Microsoft DNS service and dynamic DNS. Not being a Microsoft administrator I do not know the veracity of these claims. Anyone out there had any experiences with a situation like this? I am a bit leery of changing something that is already working.
RE: Hung Telnet Sessions on Sco Unix
As well as the don't sue me because I want to stop using them license? Ask Autozone about that one :) Ken Matlock Network Analyst Exempla Healthcare (303) 467-4671 matlo...@exempla.org -Original Message- From: John Peach [mailto:john-na...@johnpeach.com] Sent: Thursday, May 27, 2010 1:31 PM To: nanog@nanog.org Subject: Re: Hung Telnet Sessions on Sco Unix On Thu, 27 May 2010 21:26:27 +0200 Joe Abley jab...@hopcount.ca wrote: On 2010-05-27, at 20:47, jacob miller wrote: Am running an application on Sco Unix but am having the following problem. Application is hunging sporadically. That seems consistent with my memory of SCO Unix. Did you remember to get the licence for the TCP/IP stack?
RE: POE switches and lightning
My first guess would be the lightning was close enough/powerful enough, to send out an EM Pulse which got picked up by the copper going to the devices. This EM Pulse may have been interpreted at the switchport as the device relinquishing power? Had you tried just unplugging one of the devices from Ethernet, and plugging it back in to reset the PoE exchange? Ken Matlock Network Analyst Exempla Healthcare (303) 467-4671 matlo...@exempla.org -Original Message- From: Caleb Tennis [mailto:caleb.ten...@gmail.com] Sent: Thursday, May 13, 2010 9:37 AM To: North American Network Operators Group Subject: POE switches and lightning We had a lightning strike nearby yesterday that looks to have come inside our facility via a feeder circuit that goes outdoors underground to our facility's gate. What's interesting is that various POE switches throughout the entire building seemed to be affected in that some of their ports they just shut down/off. Rebooting these switches brought everything back to life. It didn't impact anything non-POE, and even then, only impacted some devices. But it was spread across the whole building, across multiple switches. I was just curious if anyone had seen anything similar to this before? Our incoming electrical power has surge suppression, and the power to the switches is all through double conversion UPS, so I'm not quite sure why any of them would have been impacted at all. I'm guessing that the strike had some impact on the electrical ground, but I don't know what we can do to prevent future strikes from causing the same issues. Thoughts?
RE: qwest outage no notice
We also got email notifications about 'emergency maintenance' on our Qwest circuits, from their notice: Reason For Maintenance: EMERGENCY MAINTENANCE TO IMPLEMENT A SOFTWARE PATCH FOR NETWORK RELIABILITY Sure sounds like it's all related to the Juniper advisory to me. Ken Matlock Network Analyst Exempla Healthcare (303) 467-4671 matlo...@exempla.org -Original Message- From: JoeSox [mailto:joe...@gmail.com] Sent: Thursday, January 07, 2010 8:25 AM To: nanog@nanog.org Subject: Re: qwest outage no notice My QWest account manager called three different people at my business 7hrs before the maintenance. Also mentioned the Juniper Security Advisories. -- Later, Joe
RE: Linux shaping packet loss
The biggest problem with duplex had to do with 100mb. Cisco (and a lot of other companies) decided in their infinite wisdom that at 100mb if auto-negotiation fails, to use half duplex as the default. So if you have both sides at auto, or both sides hard-set it's all good. But if one side is hard-set and the other is auto, a lot of times the auto device will come up 100/Half. These days at 1Gb+ Full-Duplex seems to be the 'default' for auto-negotiation failures. Ken Matlock Network Analyst Exempla Healthcare (303) 467-4671 matlo...@exempla.org -Original Message- From: Joe Abley [mailto:jab...@hopcount.ca] Sent: Tuesday, December 08, 2009 8:14 AM To: sth...@nethelp.no Cc: nanog@nanog.org Subject: Re: Linux shaping packet loss On 2009-12-08, at 15:01, sth...@nethelp.no wrote: Won't say I'm an expert with TC, but anytime I see packet loss on an interface I always check the interface itself...10% packet loss is pretty much what you would get if there was a duplex problem. I always try to hard set my interfaces on both the Linux machines and Switches. Used to set everything hard five years ago. Nowadays auto works just fine most of the time. I find there is a lot of hard-coded wisdom that hard-coded speed duplex are the way to avoid pain. The last time I saw anybody do a modern survey of switches, routers and hosts, however, it seemed like the early interop problems with autoneg on FE really don't exist today, and on balance there are probably more duplex problems caused by hard-configured ports that are poorly maintained in the heat of battle than there are because autoneg is flaky. I've also heard people say that whatever you think about autoneg in Fast Ethernet, on Gigabit and 10GE interfaces it's pretty much never the right idea to turn autoneg off. I am profoundly ignorant of the details of layer-2. It'd be nice to have more than vague rhetoric to guide me when configuring interfaces. What reliable guidance exists for this stuff? Joe
RE: two interfaces one subnet
If it were me and had the requirement of having both NICs in the same L2 segment, but unique IP addresses, I'd assign a secondary IP address to the Layer3 SVI on the upstream device, and give the 2nd NIC on the server an IP on that secondary IP block. Ken Matlock Network Analyst Exempla Healthcare (303) 467-4671 matlo...@exempla.org -Original Message- From: Chris Meidinger [mailto:cmeidin...@sendmail.com] Sent: Monday, May 11, 2009 3:39 PM To: Dan White Cc: nanog@nanog.org Subject: Re: two interfaces one subnet On 11.05.2009, at 23:31, Dan White wrote: Chris Meidinger wrote: Hi, This is a pretty moronic question, but I've been searching RFC's on- and-off for a couple of weeks and can't find an answer. So I'm hoping someone here will know it offhand. I've been looking through RFC's trying to find a clear statement that having two interfaces in the same subnet does not work, but can't find it that statement anywhere. The OS in this case is Linux. I know it can be done with clever routing and prioritization and such, but this has to do with vanilla config, just setting up two interfaces in one network. I would be grateful for a pointer to such an RFC statement, assuming it exists. If your goal is to achieve redundancy or to increase bandwidth, you can bond the interfaces together - assuming that you have a switch / switch stack that supports 802.3ad. Then you could assign multiple IPs to the bonded interface without any layer 3 messyness. I should have been clearer. The case in point is having two physical interfaces, each with a unique IP, in the same subnet. For example, eth0 is 10.0.0.1/24 and eth1 is 10.0.0.2/24, nothing like bonding going on. The customers usually have the idea of running one interface for administration and another for production (which is a _good_ idea) but they want to do it in the same subnet (not such a good idea...) Chris
RE: Re: Private use of non-RFC1918 IP space
I've even seen at a previous place (note: 'previous') that decided to use 40.x.x.x for their internal IP space I find it hard to believe a company can mismanage their IP space that 10.0.0.0, 192.168.0.0, and 172.(16-31).0.0 are all used up, but then again, I shouldn't be surprised. Back in '96 or so, an ISP I was working at was giving out /24's for a 14.4 dialup account Ken Matlock Network Analyst Exempla Healthcare (303) 467-4671 matlo...@exempla.org -Original Message- From: mikelie...@gmail.com [mailto:mikelie...@gmail.com] Sent: Monday, February 02, 2009 10:16 AM To: sth...@nethelp.no; pstew...@nexicomgroup.net; nanog@nanog.org Subject: Re: Re: Private use of non-RFC1918 IP space Some nitwits just grab one out of fat air. I've seen 192.169.xx and 192.254.xx randomly used before. On Feb 2, 2009 12:03pm, sth...@nethelp.no wrote: What reason could you possibly have to use non RFC 1918 space on a closed network? It's very bad practice - unfortunately I do see it done sometimes There are sometimes good reasons to do this, for instance to ensure uniqueness in the face of mergers and acquisitions. Steinar Haug, Nethelp consulting, sth...@nethelp.no
RE: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)
The system would literally, like an anti-aircraft weapon, shoot down an attack before it hits its target, he said. And that's what we call Einstein 3.0. Correct me if I'm wrong, but doesn't even a basic firewall or ACL provide the same functionality? Drop the packet, drop the attack? I'm in the wrong business if implementing a firewall can net me $millions$ by using appropriate buzzwords. Ken Matlock Network Analyst (303) 467-4671 [EMAIL PROTECTED]
RE: interger to I P address
Easiest way. Take the integer, plug it into windows 'calc'. Go to 'View: Scientific'. Hit 'Hex'. That will show you the hex representation of the integer. Notice that it's either 7 or 8 characters long. If it's 7, prepend it with a 0. Break that into 4 groups of 2. Those are the hex values for the four dotted quads. Make sure 'Hex' is still selected, and put in the first 2 characters, then hit 'binary'. That's your first part of the IP. Repeat for the other 3. For example, you have 1089055123 for an integer. In Hex thats 40E9A993. 40 Hex = 64 E9 Hex = 233 A9 Hex = 169 94 Hex = 147 So your IP is 64.233.169.147 Ken From: Colin Alston [mailto:[EMAIL PROTECTED] Sent: Wed 8/27/2008 5:21 AM To: kcc Cc: nanog@nanog.org Subject: Re: interger to I P address kcc wrote: I search google but couldn't get any solution Can you send me information? Sure! http://www.catb.org/~esr/faqs/smart-questions.html
Force10 Gear - Opinions
Sorry for the off-topic post. Does anyone here have real-world experience with Force 10 gear (Specifically their E-Series and C-Series)? They came and did their whole dog and pony show today, but I wanted to get real-world feedback on their gear. I need to know about their 1) Reliability 2) Performance 3) Support staff (how knowledgeable are they?) 4) Price (higher/lower/comparable to comparable Cisco gear) We're exclusively a Cisco shop here right now (mostly Cat6500s), so changing out some of our core gear with Force 10 is a bit 'scary', but if it meets our needs, maybe... Contact me off-list please. Thanks! Ken Matlock Network Analyst Exempla Healthcare (303) 467-4671 [EMAIL PROTECTED]