On Tue, 11 Jan 2005, Joe Rhett wrote:
> > Applying port 25 filters both ways (inbound and outbound to your
> > dialup pool, instead of just outbound port 25 filtering) would help in
> > such a situation.
>
> Inbound 25 filtering has nothing to do with the situation listed above.
No, but inbound
On Sun, Jan 09, 2005 at 07:55:17PM +0530, Suresh Ramasubramanian wrote:
> 1) SYN - Worm emails / spam goes out from another provider, with the
> source address spoofed to be the IP of a trojaned PC
>
> 2) ACK - Receiving network sends an ACK back to the forged source IP,
> and the trojan on that
Yeah, *that* one was basically a matter of restarting the grid. Do you
remember
about a decade or so back, an ice storm in Ontario? *That* one had many places
without power for *weeks*.
ObNANOG: How many weeks of continuous duty is *your* backup generator rated for? ;)
We had an interesting iss
On Tue, 11 Jan 2005 14:13:29 PST, Crist Clark said:
> Remember that last big one in the northeast? The government kept
> reassuring that it wasn't terrorism... like that means there isn't a
> security issue. If a few dopes at a one power company can collapse the
> whole northeast grid, there IS a
[EMAIL PROTECTED] wrote:
[snip]
I'll predict that if we *don't* have an attack on the power grid in the
next 10 years, it's because the attackers have come up with something else
they consider even more interesting as a target. A downed power line, even
though it may have more economic impact, has
On 11 Jan 2005, at 15:28, Kevin wrote:
On Tue, 11 Jan 2005 11:17:55 +0200, Kim Onnel <[EMAIL PROTECTED]>
wrote:
Hello,
I'd like everyones 2 cents on the BCP for network management of an ISP
PoPs, with a non-security oriented NOC,
. . .
2) An OpenBSD bastion host(s), where the NOC would ssh in, g
On 11-jan-05, at 18:48, Daniel Golding wrote:
Its terribly important that your routers' management traffic be
encrypted
all the way to the device.
Why "terribly important"? If this stuff runs over your own network then
others aren't going to be able to sniff it without physically getting
at your
On Tue, 11 Jan 2005 11:17:55 +0200, Kim Onnel <[EMAIL PROTECTED]> wrote:
>
> Hello,
> I'd like everyones 2 cents on the BCP for network management of an ISP
> PoPs, with a non-security oriented NOC,
. . .
> 2) An OpenBSD bastion host(s), where the NOC would ssh in, get
> authenticated from TACACS
On Tue, 11 Jan 2005 13:57:28 GMT, Eric Brunner-Williams in Portland Maine said:
> OK. So one would have to be literate in a particular genre. The Army Air
> Corp started targeting power generation and distribution in the metro NY
> area in the late '30s, to see what a strategic bombing campaign ag
I first read their report on blogs ... We're holding the Koufax Awards _now_
for lefty blogs, so we're about as root on the left hand side of the radio
dial as one could hope for. It wasn't worth reading twice.
Turning to the Pew vetted punditocracy, I went to the questionaire. Q9a got
the belly
It would be fairly useful if Cisco had a published document that detailed
the minimum configuration for each major router line to support BGP with 1
to 4 full views. Of course, this would have to be periodically updated. By
this, I mean a separate overlay document for their entire router product
Kim,
Its terribly important that your routers' management traffic be encrypted
all the way to the device. For this reason, the best practice is to use
ssh2. There are some other hacks that can be used, but they are hacks, and
are not scalable.
Bastion hosts are a good thing and can be a great pl
This will not work for full routes.
The memory upgrade is utilized for larger
IOS images with new features.
An update to the product bulletin is
in the works to clarify it.
Further specific questions in regards to
the memory can be moved over to the
cisco-nsp alias.
Rodney
On Tue, Jan 11, 2005
Just brought to my attention, and if you haven't seen it..
>From the Pew Internet & American Life Project ...
"The Future of the Internet"
In a survey, technology experts and scholars
evaluate where the network is headed in the next ten years
http://www.elon.edu/predictions/20
On Tue, 11 Jan 2005, David Barak wrote:
> seriously, there have been various proposals ([ADV],
> etc) to facilitate "legit UCE," but that hasn't slowed
> the arms race. How would you recommend that we make
> it easier for legit businesses?
Legit businesses do not use spam. The phrase "Legit UC
On Tue, Jan 11, 2005 at 10:14:35AM +, [EMAIL PROTECTED] wrote:
> > But as article specifically mentions sending during the night and
> > registration next morning that does seem to indicate eweek found out
> > about "no whois" but with already registered domain, i.e. see
> Could they simply b
--- [EMAIL PROTECTED] wrote:
> When we make it too hard for legitimate businesses
> to
> use spam as a means of advertising their product,
> then
> only criminals will use spam.
you can have my mailserver when you can pry it from my
cold, dead datacenter...
seriously, there have been various p
On 11-jan-05, at 12:51, Philip Smith wrote:
Well, my preference is to start with route reflectors pretty much from
day one. Let's face it, one day you will have to migrate that full
mesh iBGP to route reflector. Why do the work of migration when you
can start off at the beginning using route ref
On Tue, 2005-01-11 at 13:09, Daniel Roesen wrote:
> One of the main problems of route reflection is that the best path
> decision is done centrally. The best route is not seen as from the
> router making the forwarding decision, but from the route reflector's
> point of view. Depending on network
On Tue, Jan 11, 2005 at 09:51:36PM +1000, Philip Smith wrote:
> Many of the ISPs I've worked with around the world have followed this
> path - and they are quite happy. I really think there is absolutely no
> need to consider full mesh iBGP any more. I wouldn't go as far as saying
> it's histor
Hi Eric,
Eric Kagan said the following on 11/01/2005 11:03:
>>
Correct, route reflector's main advantage is scalability and
if you're thinking to evolve into a larger network with
dedicated access and core routers, route reflectors are a far
better option than full mesh, though perhaps not from
On Tue, 2005-01-11 at 02:03, Eric Kagan wrote:
>
> Does anyone have any input on when this does make sense ? We have 3 Main IP
> pops with upstream BGP at each and 4 internal BGP sessions. I am looking to
> add 2 new routers so there will be about 7 sessions on each border router.
This seems
> But as article specifically mentions sending during the night and
> registration next morning that does seem to indicate eweek found out
> about "no whois" but with already registered domain, i.e. see
Could they simply be referring to the technique of
sending spam at night with a URL to a non-e
Hello,
I'd like everyones 2 cents on the BCP for network management of an ISP
PoPs, with a non-security oriented NOC,
Most of my routers doesnt have crypto IOS images,
couldnt agree with core members to do a major upgrade, just a promise
of doign that when other needs to an IOS upgrade come up,
On Tue, Jan 11, 2005, Ejay Hire wrote:
>
> My apologies if this strays off topic, but I wanted to share my recent
> experience.
>
> We had a collocation customer come in and request a t1 of pots lines for
> their servers, then complaints that their "security" software wasn't
> working because of
25 matches
Mail list logo