Re: Netflix people?
Hi Max, If you're continuing to receive unsatisfactory support on this issue, please reach out to me directly. mc On Mon, Aug 10, 2020 at 10:42 AM Max Tulyev wrote: > Hi All, > > is there anyone from Netflix? > > We have a strange problem: our customers also customers of Netflix when > connecting to Netfilx sees 404 error. If they change IP to another ISP - > everything works fine. The support can't solve it. >
Re: verify currently running software on ram
On 1/13/14 5:26 AM, Tassos Chatzithomaoglou wrote: I'm looking for ways to verify that the currently running software on our Cisco/Juniper boxes is the one that is also in the flash/hd/storage/etc. Something that will somehow compare the running software in ram with the software on flash/hd/storage/etc, so that i can verify that nobody has actually messed with the running software (by whatever means that's possible). Besides the install verify command on IOS-XR (which i'm not 100% sure if it suits my needs), i haven't managed to find anything else. And the vendors say that indeed there is nothing more. All other options are about verifying the software file integrity before it gets loaded into ram. Have you ever done such an exercise? Are there maybe any external tools (or services) that offer this capability? As Tassos said, there are no solutions from vendors. There are, however, some examples by third parties such as Defending Embedded Systems with Software Symbiotes http://ids.cs.columbia.edu/sites/default/files/paper_2.pdf and Protecting Software Codes By Guards http://www.seas.gwu.edu/~simhaweb/security/summer2005/Atallah1.pdf There are other efforts inside academia as well as companies attempting to develop dynamic firmware attestation (full disclosure: I work for one such company). As Valdis and others have said, it's an insoluble problem with solutions of varying degrees of efficacy and practicality. -mc
Re: Colocation in New York for a POP
On 04/20/2012 12:39 PM, Abdelkader Chikh Daho wrote: Hi, Thanks a lot for all your inputs and feedback. My goal is to peer with a lot of networks especially ISPs. We are mainly a content provider. Tlex and Equinix seem to be the obvioius choice for a neutral colocation facility. According to your experience, between 60 Hudson and 111 8th Avenue, which one I should choose? I don't think anyone mentioned it yet, but there is also The Hub at 32 Sixth. http://www.thehubat32sixth.com/ I've only ever purchased transit from one provider there through another and never colocated any equipment. It's a beautiful building, by the way. mc
Re: DSL options in NYC for OOB access
On Mon, 24 Jan 2011 22:04:25 + Andy Ashley li...@nexus6.co.za wrote: Hi, Im looking for a little advice about DSL circuits in New York, specifically at 111 8th Ave. Going to locate a console server there for out-of-band serial management. The router will need connectivity for remote telnet/ssh access from the NOC. Looking for a low speed (and low cost) DSL line with a fixed IP. I searched some obvious providers but dont really want to deal with a huge company (Verizon, Qwest, ?) if it can be avoided. Also $80-100+ seems a lot for something that will be used very rarely, but maybe those prices are normal. Are there smaller/independent companies out there offering this sort of thing? I dont know much about the US DSL market, so any hints are welcome. Speakeasy/Covad/Megapath and Panix offer DSL. Speakeasy is mostly pleasant to deal with, but I've never used Panix. mc
Re: Over a decade of DDOS--any progress yet?
On Fri, 10 Dec 2010 15:32:10 -0500 Drew Weaver drew.wea...@thenap.com wrote: I should've qualified my question by saying What valid application which traverses the Internet and could be seen at the edge of a network actually uses UDP 80? I'll grant that my response was a bit pedantic: there is no legitimate reason for such traffic to leave a network. I can't imagine there is too much Cisco NAC client for macs carrying on over the Internet, although I have been wrong in the past. I imagine you're right, and that any network that detects any significant amount would be one whose first octet is a common fourth-octet-of-a-gateway (1, 65, 129, etc). mc
Re: Over a decade of DDOS--any progress yet?
On Wed, 8 Dec 2010 11:13:01 -0500 Drew Weaver drew.wea...@thenap.com wrote: The most common attacks that I have seen over the last 12 months, and let's say I have seen a fair share have been easily detectable by the source network. It is either protocol 17 (UDP) dst port 80 or UDP Fragments (dst port 0..) What valid application actually uses UDP 80? The Cisco NAC client for Macs, for the purpose of VLAN change detection, sends UDP/80 packets to the host's reversed default gateway (i.e., if the actual gateway is 1.2.3.4, it sends the packets to 4.3.2.1) once every five seconds. mc
Re: list archive
On Mon, 06 Dec 2010 07:56:30 +0900 Randy Bush ra...@psg.com wrote: how do i find archives of this list from the '90s and early '00s? http://www.merit.edu/mail.archives/nanog/historical.html how did you find that? the link labeled Historical NANOG List Archive on the page http://nanog.org/mailinglist/mailarchives/ got me to this month's archive. After following the the Historical NANOG List Archive link, there is a box on the right-hand side of the page labeled Archive Views; click Historical.