It may also be worth noting that if
the provider is running Juniper and not Cisco, there are fragmentation
issues with certain versions of Juniper code. The MLPPP session cannot
agree on an MTU and usually stop somewhere around 100 bytes if they do.
The workaround is to implement ppp multilink
Hi all,I'm currently looking for a CPE that can replace the Cisco 3550 we currentlydeploy in our network. Key features that I'm looking for are as follows:Hierarchical QOSTraffic shaping/policingL3VPN functionality(VRF-lite)
BGPOSPFdot1qsome sort of spanning treeAny help would be really
Title: Message
I've
been told by Juniper that the MTU negotiation problem was fixed in the 7.x
versions. We're upgrading soon, so I hope to find out for
myself.
Diane Turley Sr. Network Engineer Xspedius Communications Co.
636-625-7178
-Original Message-From:
[EMAIL
Maybe a 2811 with an Etherswitch
module?
http://www.cisco.com/en/US/products/ps5854/products_data_sheet0900aecd8016fa68.html
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jacky LamSent:
Monday, February 20, 2006 13:47To: nanog@merit.eduSubject:
Cisco 3550 replacement
Hi
Or a Security bundle with an
Etherswitch.
http://www.cisco.com/en/US/products/ps5853/products_data_sheet0900aecd8022e567.html
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jacky LamSent:
Monday, February 20, 2006 13:47To: nanog@merit.eduSubject:
Cisco 3550 replacement
Hi
Many ISP's who do care about issues such as worms, infected users
spreading the love, etc. simply do not have the man-power to handle
all their infected users' population.
It is becoming more and more obvious that the answer may not be at the
ISP's doorstep, but the ISP's are indeed a
- Original Message Follows -
From: Gadi Evron [EMAIL PROTECTED]
Many ISP's who do care about issues such as worms,
infected users spreading the love, etc. simply do not
have the man-power to handle all their infected users'
population.
Some who are user/broadband ISP's (not say,
[EMAIL PROTECTED] wrote:
On Mon, 20 Feb 2006 23:40:48 +0200, Gadi Evron said:
Many ISP's who do care about issues such as worms, infected users
spreading the love, etc. simply do not have the man-power to handle
all their infected users' population.
It is becoming more and more obvious
Oh geez, here we go again... Search the archives and
read until you're content. It's a non-thread. This
horse isn't only dead, it's not even a grease spot on
the road any more. :-(
I quite agree, which is why I trived to cover the
philosophical part from both sides. Now, how
scott, these are all just gadi's self-promotion ads. i recommend
procmail.
randy
On Tue, 21 Feb 2006, Gadi Evron wrote:
Many ISP's who do care about issues such as worms, infected users
spreading the love, etc. simply do not have the man-power to handle all
their infected users' population.
The ISPs will be a part of the solution. However, ISPs fall into two major
And I have a solution for bad drivers; required all manufacturers to fix the
steering wheel so that acknowledged bad drivers cannot turn the wheel to
make turns, change lanes, etc. Or perhaps limit the mph to 35 max and deny
them access to freeways.
ISPs should not police users, just like auto
Edward W. Ray wrote:
IMHO, a user should have to demonstrate a minimum amount of expertise and
have a up-to-date AV, anti-spyware and firewall solution for their PCs.
That is why we have hundreds of millions of bots in the wild.
The mostly-user ISP's will have to eventually do something or
We're one of those user/broadband ISPs, and I have to agree with the other
commentary that to set up an appropriate filtering system (either user,
port, or conversation) across all our internet access platforms would be
difficult. Put it on the edge and you miss the intra-net traffic, put it in
Frank Bulk wrote:
We're one of those user/broadband ISPs, and I have to agree with the other
commentary that to set up an appropriate filtering system (either user,
port, or conversation) across all our internet access platforms would be
difficult. Put it on the edge and you miss the intra-net
Edward W. Ray wrote:
IMHO, a user should have to demonstrate a minimum amount of expertise and
have a up-to-date AV, anti-spyware and firewall solution for their PCs.
The mostly-user ISP's will have to eventually do something or end up
being either regulated, spending more and more and
[EMAIL PROTECTED] wrote:
Hey Bill,
i'm begining to think that botnet like structures are in fac t the
wave of the future. ... and instead of trying to irradicate them, we should
be looking at ways to use botnet like structures for adding value to
an increasingly more connected
On Mon, 20 Feb 2006, Rob Thomas wrote:
Hey, Bill.
] wht is the mean-time-to-infection for a stock windows XP system
] when plugged intot he net?... 2-5minutes? you can't get patches
] down that fast.
The same case can be made for Linux and Unix-based web servers with
Christopher L. Morrow wrote:
it's also not just a 'i got infected over the net' problem... where is
that sean when you need his nifty stats :) Something about no matter what
you filter grandpa-jones will find a way to click on the nekkid jiffs of
Anna Kournikova again :(
anyway, someone
On Tue, 21 Feb 2006 04:15:25 +0200, Gadi Evron said:
The philosophical discussion aside (latest one can be found under zotob
port 445 nanog on Google), presenting some new technologies that shows
this *can* be done changes the picture.
OK. The tech exists, or can be made to exist. The
On 2/20/06, Edward W. Ray [EMAIL PROTECTED] wrote:
ISPs should not police users, just like auto manufacturers should not police
drivers. That is what driver's licenses are for.
So the state polices the drivers.. Should the state police the
internet as well? And how would that be
On Mon, 20 Feb 2006, Jean-Francois Vaillancourt wrote:
Check out the Cisco 3560 with IP Services software:
http://www.cisco.com/en/US/products/hw/switches/ps5528/index.html
it's basically a less expensive version of the 3750, without the external
32 Gbps stack
Reality Check:
32Gbps Backplane (Counted packet-in, packet-out, each direction, with all
packets the same size, multicast?) and 52 GE interfaces.
Not exactly non-blocking.
Gotsta do the CiscoMath.
;-)
On Mon, 20 Feb 2006, Jean-Francois Vaillancourt wrote:
Check out the Cisco
On Tue, 21 Feb 2006, Christopher L. Morrow wrote:
it's also not just a 'i got infected over the net' problem... where is
that sean when you need his nifty stats :) Something about no matter what
you filter grandpa-jones will find a way to click on the nekkid jiffs of
Anna Kournikova again :(
On Mon, 2006-02-20 at 23:40:48 +0200, Gadi Evron proclaimed...
[snip]
I'll update on these as I find out more on: http://blogs.securiteam.com
This write-up can be found here:
http://blogs.securiteam.com/index.php/archives/312
Ah yes, the old self-promotion trick. You know, I get some ads
Sean Donelan wrote:
On Tue, 21 Feb 2006, Christopher L. Morrow wrote:
it's also not just a 'i got infected over the net' problem... where is
that sean when you need his nifty stats :) Something about no matter what
you filter grandpa-jones will find a way to click on the nekkid jiffs of
Anna
[EMAIL PROTECTED] wrote:
On Mon, 2006-02-20 at 23:40:48 +0200, Gadi Evron proclaimed...
[snip]
I'll update on these as I find out more on: http://blogs.securiteam.com
This write-up can be found here:
http://blogs.securiteam.com/index.php/archives/312
Ah yes, the old self-promotion
On Mon, Feb 20, 2006 at 07:49:04PM -0600, Rob Thomas wrote:
Hey, Bill.
] wht is the mean-time-to-infection for a stock windows XP system
] when plugged intot he net?... 2-5minutes? you can't get patches
] down that fast.
The same case can be made for Linux and Unix-based
] true enough. but auntie jane doesn't have linux/unix web server(s)
] or router(s) (other than the one provided by her ISP and managed by
them)
] and has zero clue about overly permissive service machines.
Agreed. Instead all of her financial records are on those
unix
[EMAIL PROTECTED] wrote:
On Mon, Feb 20, 2006 at 07:49:04PM -0600, Rob Thomas wrote:
Hey, Bill.
] wht is the mean-time-to-infection for a stock windows XP system
] when plugged intot he net?... 2-5minutes? you can't get patches
] down that fast.
The same case can be made
On Tue, Feb 21, 2006 at 12:04:17AM -0600, Rob Thomas wrote:
] true enough. but auntie jane doesn't have linux/unix web server(s)
] or router(s) (other than the one provided by her ISP and managed by
them)
] and has zero clue about overly permissive service machines.
Agreed.
On (2006-02-20 21:54 -0600), [EMAIL PROTECTED] wrote:
Reality Check:
32Gbps Backplane (Counted packet-in, packet-out, each direction, with all
packets the same size, multicast?) and 52 GE interfaces.
Not exactly non-blocking.
Gotsta do the CiscoMath.
And no hierarchial QoS, which was
Below is an automatically generated periodic public report from the
ISOTF's affiliated group DA (Drone Armies (botnets) research and
mitigation mailing list / TISF DA) with the ISOTF affiliated ASreport
project (TISF / RatOut).
For this report it should be noted that we base our analysis on the
Hey, Bill.
The vast majority of what I see is based on financial gain.
Popping a web+database server, installing a rootkit, and
transferring off the day's business transactions is a lot more
certain than popping 10K Windows boxes and hoping the users go
shopping. Yep, seen it more than once.
On Mon, 20 Feb 2006 23:54:38 EST, Sean Donelan said:
On the other hand, the number of infected computers never seems to spiral
out of control. I've been wondering, instead of trying to figure out why
some computers get infected, should we be trying to figure out why most
computers don't become
35 matches
Mail list logo