Hi,
Are there any ISPs that do, or desire, splitting traffic across
different ASes for prefixes learnt via an exterior gateway protocol
(say BGP)?
For example, an ISP can learn two different equal cost routes to a
foo.com server via two different autonomous domains. It can thus split
different
Glen Kent [EMAIL PROTECTED] writes:
For example, an ISP can learn two different equal cost routes to a
foo.com server via two different autonomous domains. It can thus split
different flows (based on src-dest IP, src-dest Port, TOS, etc) across
these two paths.
Do operators currently do
Hi guys, this is rather urgent, we would appreciate any help.
I will make sure and update as things progress, but right now I believe
public attention would only hinder our (DA/MWP/etc. TISF) incident
response attempts.
Thanks,
Gadi.
On Tue, 24 Jan 2006, Robert E.Seastrom wrote:
Glen Kent [EMAIL PROTECTED] writes:
For example, an ISP can learn two different equal cost routes to a
foo.com server via two different autonomous domains. It can thus split
different flows (based on src-dest IP, src-dest Port, TOS, etc)
All,
Our company is starting to grow rather quickly and we are starting to have
growing pains. We are in the need for a better mechanism for sharing passwords
between our engineers. Most of these passwords are for our client's systems
where some of them are controlling the password schemes
Hello.
This is an urgent alert released by the cooperative efforts of the MWP /
DA groups that also worked on the hurricane Rita scams. This task force is
now known as the TISF BlackWorm task force.
This task force involves many in the security (anti spam, CERTs, anti
virus, academia, ISP's,
Jeremy -
I've not found a better solution than PGP. Perhaps more a formalized
process for communicating password updates proactively is all you need.
Ideally, distributing passwords at 3am is too late.
In the past I've used small password database programs on a network
share. You are then left
On Thu, Jan 12, 2006 at 11:09:13PM -0500, Steven M. Bellovin wrote:
RFC2827/BCP38?
The problem is that an ISP can do all the source filtering it wants,
but if it only blocks SYNs to port 25 all it takes is one unfiltered
dial-up to spoof that ISP's addresses.
On the subject of filtering
Christopher L. Morrow [EMAIL PROTECTED] writes:
On Tue, 24 Jan 2006, Robert E.Seastrom wrote:
Glen Kent [EMAIL PROTECTED] writes:
For example, an ISP can learn two different equal cost routes to a
foo.com server via two different autonomous domains. It can thus split
different flows
Technical information on the worm itself can be found here:
http://www.f-secure.com/v-descs/nyxem_e.shtml
and http://blogs.securiteam.com/index.php/archives/229
Gadi.
On 24-Jan-2006, at 12:07, Robert E.Seastrom wrote:
He said via two different autonomous domains, which I took to mean
two upstreams... and my understanding is that (on ciscos anyway)
you're talking per-packet, not per-flow load balancing.
If you can get two candidate routes for the same
On 24-Jan-2006, at 13:05, Joe Abley wrote:
On 24-Jan-2006, at 12:07, Robert E.Seastrom wrote:
He said via two different autonomous domains, which I took to mean
two upstreams... and my understanding is that (on ciscos anyway)
you're talking per-packet, not per-flow load balancing.
If you
Joe Abley [EMAIL PROTECTED] writes:
On 24-Jan-2006, at 12:07, Robert E.Seastrom wrote:
He said via two different autonomous domains, which I took to mean
two upstreams... and my understanding is that (on ciscos anyway)
you're talking per-packet, not per-flow load balancing.
If you can get
On 24-Jan-2006, at 13:09, Robert E.Seastrom wrote:
Joe Abley [EMAIL PROTECTED] writes:
If you can get two candidate routes for the same destination into the
FIB, then you'll get per-flow load balancing as long as CEF is
running, no?
Yes and no. CEF is {src, dst} hash IIRC, and per-flow
Joe Abley [EMAIL PROTECTED] writes:
On 24-Jan-2006, at 13:09, Robert E.Seastrom wrote:
Joe Abley [EMAIL PROTECTED] writes:
If you can get two candidate routes for the same destination into the
FIB, then you'll get per-flow load balancing as long as CEF is
running, no?
Yes and no. CEF
Hi,
That sounds like it could be useful. The major problem I have with password
safe is that it is hard to do things like copy a group of passwords to
another .dat file. That makes it hard to do anything put either keep
several .dat files floating around for different users, aka accountants,
The CME entry should appear on their site shortly:
http://cme.mitre.org
Gadi.
On Tue, 24 Jan 2006, Joe Abley wrote:
On 24-Jan-2006, at 12:07, Robert E.Seastrom wrote:
He said via two different autonomous domains, which I took to mean
two upstreams... and my understanding is that (on ciscos anyway)
you're talking per-packet, not per-flow load balancing.
If you
Our company is starting to grow rather quickly and we are starting
to have growing pains. We are in the need for a better mechanism for
sharing passwords between our engineers.
I wish there was a system that let you do the following:
* Store and encrypt logins/passwords and access logs in a
Can someone shed some technical light on the details of how two T1's are
bonded (typically). We've got two sets of T's at two different location
with vendor 'X' (name starts w/ an 'A') and it appears that we're really
only getting about 1 full T's worth of bandwidth and maybe 20% of the
second.
Hi.
In the next day or so some of us will cooperate to bring to the
attention of all effected AS's information about infected users in their
net-space.
This will be coordinated with several groups and organizations. Please
expect these emails, thanks.
Gadi.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matt Bazan wrote:
Can someone shed some technical light on the details of how two T1's are
bonded (typically). We've got two sets of T's at two different location
with vendor 'X' (name starts w/ an 'A') and it appears that we're really
only
If you're treating them as two separate links (e.g. two POPs, etc.) then
that's correct, it'll be done by the routers choice of load-balancing (L3).
If you are going to the same POP (or box potentially) you can do MLPPP and
have a more effective L2 load balancing.
Otherwise, it's possible to get
On Tue, 24 Jan 2006, (nanog) Brian Battle wrote:
I wish there was a system that let you do the following:
* Store and encrypt logins/passwords and access logs in a database
* Assign permissions (add new logins/passwords, change password...)
to those passwords on a per user/group basis, based
Is it ATT?
If so, they only use Cisco Express Forwarding on the router, or so
that's at least what I was told by the level 1 techs. If packet order
reassembly is a an issue and the link is oversubscribed (IE: Heavy
VoIP/gaming use), this method isn't the greatest over others like MLPPP,
or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Scott Morris wrote:
If you're treating them as two separate links (e.g. two POPs, etc.) then
that's correct, it'll be done by the routers choice of load-balancing (L3).
If you are going to the same POP (or box potentially) you can do MLPPP and
I'm re-reading it, and slowly, but I don't see mention of having two
different vendors. Perhaps I need to put the beer a bit further away, but
he talks about generic vendor 'x' and notes that it starts with letter 'A'
as further definition, not as two separate vendors.
*shrug*
Scott
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Scott Morris wrote:
I'm re-reading it, and slowly, but I don't see mention of having two
different vendors. Perhaps I need to put the beer a bit further away, but
he talks about generic vendor 'x' and notes that it starts with letter 'A'
as
On Tue, 24 Jan 2006, Christopher L. Morrow wrote:
that was my thought... and yes, it could get ugly for tcp services. Why
would you knowningly induce this complication?
When you want single flows to go faster than a single member link? (not that
I am saying this is a good idea)
Actually,
josh == josh harrington [EMAIL PROTECTED] writes:
josh [option #3 - Cisco 6509 switch'router' w/MSFC2]
[...]
josh - 'not a router' as some would say [though this one is as good
josh as it gets for a switch with router ability built in, so i read
josh at least]
It routes packets,
On 24-Jan-2006, at 14:17, Matt Buford wrote:
Actually, TCP handles out of order packets rather well as long as
the reordering isn't too severe.
There's packet reordering, and there's oscillating RTT on segments
that travel by different paths.
I suspect the veracity of your statement
They can be bonded via MLPPP or IMA, as stated previously. Also they can
be load-balanced via EIGRP.
What are you using to test your bandwidth (IPerf is pretty handy)? I'm
kinda assuming that the T1's are point to point, how far apart are the
offices?
-Wil
Matt Bazan wrote:
Can someone
On Wed, 25 Jan 2006, Andrew - Supernews wrote:
I have some of these running with combinations ranging from 5
full-routes sessions + iBGP through to 2 full + iBGP + 70+ peers. You
don't need to be nervous about the MSFC2's ability to do BGP (though
for serious work you do want the maximum
33 matches
Mail list logo