>: > Plainly stated, routers no longer have a home in the core of the
network.
>: > "You might have found a router there five years ago, but most
certainly
>: > you have a switch today," said Yankee Group vice president Zeus
Kerravala.
>:
>: What brand of switch is this guy selling? And what i
> Date: Fri, 31 Oct 2003 09:53:09 +
> From: [EMAIL PROTECTED]
> Todays Internet is much bigger, more diverse, and engineered by
> people who have a lot higher skill level based on hard-won
> experience.
>
> Why do businesses keep supporting these "cheerleader"
> analyst groups who want to tr
Thus spake "Daniel Golding" <[EMAIL PROTECTED]>
> Hmm. Don't you just love it when folks say things like "Layer 3 Switches
are
> better than routers". Its very illuminating as to clue level.
>
> I suppose what they were trying to say, is that products that were
designed
> as switches, but are now
This report has been generated at Fri Oct 31 21:48:28 2003 AEST.
The report analyses the BGP Routing Table of an AS4637 (Reach) router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/as4637 for a current version of this report.
Recent Table Hist
Thus spake "Tony Hain" <[EMAIL PROTECTED]>
> Kuhtz, Christian wrote:
> > All hairsplitting aside, given that the term NAT these days is mostly
used
> > in a PAT (particularly in a customer connecting to the I) context, what
> > isn't secure about?
>
> mangling the header doesn't provide any securi
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Chris Parker
> Sent: Thursday, October 30, 2003 9:01 PM
> To: Alex Yuriev
> Cc: [EMAIL PROTECTED]
> Subject: Re: more on filtering
>
[...]
> I don't see how that is the same thing here. I have an
--On Friday, October 31, 2003 7:35 AM -0600 Stephen Sprunk
<[EMAIL PROTECTED]> wrote:
Thus spake "Tony Hain" <[EMAIL PROTECTED]>
Kuhtz, Christian wrote:
> All hairsplitting aside, given that the term NAT these days is mostly
used
> in a PAT (particularly in a customer connecting to the I) conte
I don't see how that is the same thing here. I have an
agreement with cust X to provide services in accordance with
my AUP. cust X resells that service to cust Y, etc. cust Y
is bound to the terms and conditions of my agreement with
cust X, despite that I do not have a direct agreement with cus
[EMAIL PROTECTED] wrote:
>> I don't see how that is the same thing here. I have an
>> agreement with cust X to provide services in accordance with
>> my AUP. cust X resells that service to cust Y, etc. cust Y
>> is bound to the terms and conditions of my agreement with
>> cust X, despite that I
> -Original Message-
> From: Owen DeLong [mailto:[EMAIL PROTECTED]
> Sent: Friday, October 31, 2003 11:12 AM
> To: Daryl G. Jurbala; [EMAIL PROTECTED]
> Subject: RE: more on filtering
>
[...]
> > NOT transitive in this way, unless each agreement is included by
> > reference in the othe
> >> I don't see how that is the same thing here. I have an
> >> agreement with cust X to provide services in accordance with
> >> my AUP. cust X resells that service to cust Y, etc. cust Y
> >> is bound to the terms and conditions of my agreement with
> >> cust X, despite that I do not have a
> -Original Message-
> From: Chris Parker [mailto:[EMAIL PROTECTED]
> Sent: Friday, October 31, 2003 11:18 AM
> To: Daryl G. Jurbala
> Subject: RE: more on filtering
>
[...]
> Ah, you are a member of which bar? :)
I knew that one was coming ;) Actually, I mentioned in my last reply
t
> > It is content filtering. You are filtering packets that you think are
> > causing problems to the ES that you may not control.
>
> No, he said quite clearly he's filtering packets (such as Nachi ICMP) that are
> causing harm to *his* network. He gets to make a choice - filter the known
> pro
-- On Friday, October 31, 2003 08:03 -0800
-- Owen DeLong <[EMAIL PROTECTED]> supposedly wrote:
There is NO security benefit to NAT/PAT/NAPT.
Disagree.
None of the scanning / infecting viruses could get past a $50 NAT/PAT
device which Joe User brings home and turns on without configuring.
Do not
Stephen,
> I've always stated that "switch" is a marketing term meaning
> "fast". Thus a
> "L2 switch" is a "fast bridge" and a "L3 switch" is a "fast
> router". In this light, the Yankee Group is just now
> catching on to something we all knew a decade ago -- slow
> (i.e. software) routers
On 31 Oct 2003, at 11:43, Patrick W. Gilmore wrote:
There is NO security benefit to NAT/PAT/NAPT.
Disagree.
None of the scanning / infecting viruses could get past a $50 NAT/PAT
device which Joe User brings home and turns on without configuring.
It's not the NAT that those boxes are doing whic
>This does not mean we should NAT everything, since I use some of those
>protocols. But if every Joe User had a DLink NAT box in front of his
>Winbloze box, the Internet would be a safer place. And you know it.
You're forgetting Rob Thomas's peripatetic presentation in Chicago.
Not to mention
Patrick W. Gilmore wrote:
NAT is harmful to many protocols. Stateful
inspection is not.
Possibly. But Joe User will never use those "many protocols". Plus the
overwhelming majority of protocols are not harmed by NAT.
Of course NAT causes all sorts of damage to all sorts of protocols, as
the
I'm well aware that law!=logic. In fact, I have often said that there
are two sayings which when recombined provide a more accurate picture
of the true situation in the american legal system:
1. Possession is no excuse.
2. Ignorance is 9/10th of the low.
(Fee free to run
Are you actually saying that providers in the middle should build their
networks to accommodate any amount of DDOS traffic their ingress can
support instead of filtering it at their edge? How do you expect them
to pay for that? Do you really want $10,000/megabit transit costs?
Owen
--On Friday,
--On Friday, October 31, 2003 11:43 AM -0500 "Patrick W. Gilmore"
<[EMAIL PROTECTED]> wrote:
-- On Friday, October 31, 2003 08:03 -0800
-- Owen DeLong <[EMAIL PROTECTED]> supposedly wrote:
There is NO security benefit to NAT/PAT/NAPT.
Disagree.
None of the scanning / infecting viruses could ge
> Are you actually saying that providers in the middle should build their
> networks to accommodate any amount of DDOS traffic their ingress can
> support instead of filtering it at their edge? How do you expect them
> to pay for that? Do you really want $10,000/megabit transit costs?
I remembe
Tell that to Cisco, Nortel, and any other vendor that can handle huge rates
of traffic that conform to "typical" but, when the pattern of addresses (or
options) in the packets cause the flow cache to thrash, die under loads far
below line rate. (See Cisco's
http://www.cisco.com/warp/public/63/ts_c
> > I don't know much, but I do know that legal agreements in the US are
> > NOT transitive in this way, unless each agreement is included by
> > reference in the other.
> They aren't legally, but they are effectively.
Ok, enough legal debate. Let me use a strictly US analogy: The death
penalty
On Fri, 2003-10-31 at 12:26, Owen DeLong wrote:
> Even Windows now has stateful firewall capabilities on
> the box. It's just not that hard.
Not only that, but it is also enabled by default on their IPv6 stack,
last I messed with Windows and v6 anyway.
-Paul
--
Paul Timmins <[EMAIL PROTECTED]>
On Fri, 31 Oct 2003, Matthew Kaufman wrote:
[snip]
> I'm afraid that those of us building actual networks are forced to do so
> using actual hardware that actually exists today, and using actual hardware
> that was actually purchased several years ago and which cannot be forklifted
> out.
>
> You
> It's interesting that many rather sizable networks have
> weathered these events without relying on filtering, NAT, or
> other such behavior.
What's more interesting is how many big networks have implemented 98-byte
ICMP filters, blocks on port 135, and other filters on a temporary basis on
> I remember GM saying something like that about this car that
> put Nader on political arena. Are we that dumb that we need
> to be taught the same lessons?
GM seems to still be building cars and trucks, and Nader lost a presidential
election.
Which lesson were we supposed to learn?
Matthew
> Do you actually believe that it was a BAD idea for Cisco to build a router
> that is more efficient (to the point of being able to handle high-rate
> interfaces at all) when presented with traffic flows that look like real
> sessions?
Why buy something that works well only sometimes ("we are ve
> > I remember GM saying something like that about this car that
> > put Nader on political arena. Are we that dumb that we need
> > to be taught the same lessons?
> GM seems to still be building cars and trucks, and Nader lost a presidential
> election.
GM seems to also have cut a very big che
Well, interestingly, in our network, Juniper makes all of our new core
routers. Specifically because Cisco routers were melting down at an
unacceptable rate.
But there was no such thing as Juniper when we started building (so we still
have a lot of Cisco routers in the network), and they don't ma
Hello,
If anyone on the list works for or has a reliable contact at CP Internet (Duluth,
MN)then please contact me off-list ASAP. I have tried the NOC and ABUSE to no avail.
Thanks.
Scott Vachon
CNS-Salem Network Group
Paymentech L.P.
Learn more about Paymentech's payment processing serv
Agreed NAT's do not create security although many customers believe they
do. NAT's _are_ extremely useful in hiding network topologies from casual
inspection.
What I usually recommend to those who need NAT is a stateful firewall in
front of the NAT. The rationale being the NAT hides the topolo
Funny I thought a "switch" was a multiport bridge... uses the MAC
headers to flood. ahh makes me long for the days of Kalpana.
Scott C. McGrath
On Fri, 31 Oct 2003, Stephen Sprunk wrote:
>
> Thus spake "Daniel Golding" <[EMAIL PROTECTED]>
> > Hmm. Don't you just lov
Folks,
We have set up a few new mailing lists for the routeviews
project; see http://routeviews.org/~majordom/rv-lists.html
Thanks,
Dave
--On Friday, October 31, 2003 1:27 PM -0500 "Vachon, Scott"
<[EMAIL PROTECTED]> wrote:
Learn more about Paymentech's payment processing services at
www.paymentech.com THIS MESSAGE IS CONFIDENTIAL. This e-mail message and
any attachments are proprietary and confidential information intended
onl
>
> Even if I had an all-Juniper network, I'd still need to
> decide what to do
> about DDOS attacks... Do I just call my circuit vendors and
> keep adding
> OC48s until the problem goes away?
>
But isn't this just trying to put a square peg into a round hole? Wouldn't
it be better to let rou
.
>
> Things are getting better, but "L3-switches" pale in comparison to today's
> high-end routers on almost all fronts. If you take GigE out of the
> equation, modern "L3 Switches" are just as expensive as modern "core
> routers" - and routable, "mpls-able" L3 GE ports are _more_ expensive on
>
> Things are getting better, but "L3-switches" pale in comparison to today's
> high-end routers on almost all fronts. If you take GigE out of the
> equation, modern "L3 Switches" are just as expensive as modern "core
> routers" - and routable, "mpls-able" L3 GE ports are _more_ expensive on
> "sw
One word HA !
james
- Original Message -
From: "Jeremiah Cornelius" <>
To: <[EMAIL PROTECTED]>
Sent: Friday, October 31, 2003 11:32 AM
Subject: [Full-Disclosure] Gates: 'You don't need perfect code' for good security
: -BEGIN PGP SIGNED MESSAGE-
: Hash: SHA1
:
: FLAME ON!
Hello,
I'm not sure if it's the right place to post, but I found some related
conversations in the archive, so I hope it'll be ok for me to post.
Since yesterday morning, here in Montreal, all my traffic from 24.202.28.177
to 213.186.35.30 get stucked in New York (traceroute below).
My ISP is l
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&selm=Xns94258238F273Cbruns2mbitcom%40130.133.1.4
>From my post to the NANAE newsgroup...
My favorite quote is...
BG: Until we had this concept of Web services, software on the Internet
couldn't talk to other software on the Internet. The only
Steinar,
Yes, the PL has pricing that has changed for us at least, and will be
changing for others as well. Expect Tetra to be selling for less in short
time (if not already). Looks as if the GE OSM has dropped in price too. As
Deepak pointed out, YMMV based on application. For me, I must loo
Scott McGrath wrote:
> Agreed NAT's do not create security although many customers believe they
> do. NAT's _are_ extremely useful in hiding network topologies from casual
> inspection.
This is another bogus argument, and clearly you have not done the math on
how long it takes to scan a /64 wort
You guys missed it, Gates is utterly right. There is no such thing as perfect code.
Where he errs is that his code is utter and unremarkable crap based on poorly
conceived designs based on a percieved difficulty of use problem. The simple solution
was to design it for the average person and
>
> I would be interested in seeing, say, a 7609-GSR or better yet 7609-T640
> bakeoff. I think that would prove 2 things - 1) you get what you pay for,
> and 2) purpose-built routers are still better at routing heavy loads with
> diverse media. Sure, the loaded 640 will be more expensive, but i
Recently, [EMAIL PROTECTED] (Martin Christian) wrote:
> Things are getting better, but "L3-switches" pale in comparison to today's
> high-end routers on almost all fronts. If you take GigE out of the
> equation, modern "L3 Switches" are just as expensive as modern "core
> routers" - and routable,
On Fri, 2003-10-31 at 18:35, Andrew D Kirch wrote:
> You guys missed it, Gates is utterly right. There is no such thing as perfect code.
Hmmm, I think that is a given. Even my ponytail knows that !
Gates just has a talent with spin.
> Where he errs is that his code is utter and unremarkabl
Sorry for the off topic post, but has anyone dealt with Midco.net?
I recently reported a Scan from a node belonging there and have met with
nothing but side steps. Please contact me off list if you have any contacts there.
Would like to get this resolved.
http://www.rocknyou.com/midco.html
Ch
a) scans from all over are a fact of life on the internet.
b) harassing sources of scans and their upstreams is a DoS attack on
yourself. Send an email, and if you feel paranoid, filter.
-alex
On Fri, 31 Oct 2003 [EMAIL PROTECTED] wrote:
>
>
> Sorry for the off topic post, but has anyone d
Hmmm, so this is up there with SPAM right? do nothing about it cause its
just life. Thats just how Spam has gotta to be such a problem. No one
reports
it because "its a fact of life", which is the reason why its now such a
problem.
Instead of reporting it and getting ISPs to enforce AUP/TOS the an
[EMAIL PROTECTED] wrote:
Sorry for the off topic post, but has anyone dealt with Midco.net?
I recently reported a Scan from a node belonging there and have met with
nothing but side steps. Please contact me off list if you have any contacts there. Would like to get this resolved.
http://www.rock
52 matches
Mail list logo