I used very raw estimation (which is not well correct but dont make too much
of errors) - to remive 1 KW out of building, yiou spend extra 1 KW.
But anyway, 450,000 servers have a great power consumption - you can use
river or a lake to cool them, but you still need 45,000 KW of power to make
Mecahnical work converts to heat in the very end. Not _mostly 100%_ but
_absolutely 100%_.
Except if it is cell station which inducts energy into the radio wawes, and
minus some light coming out of the building (which removes energy as well).
- Original Message -
From: David Lesher
450,000 * 100 WT (power itself)
Cooling - I donot know, but I should estimate it as extra 70% of consumed
power.
So,
450,000 * 0.2KWT = 90,000KWT.
- Original Message -
From: chuck goolsbee [EMAIL PROTECTED]
To: nanog@merit.edu
Sent: Friday, June 16, 2006 10:47 AM
Subject: Re: WSJ:
and
they will exist in 201x. Just as mountain lionss do exists in Bay Area (and
sometimes can eat your favorite cat...)
- Original Message -
From: Suresh Ramasubramanian [EMAIL PROTECTED]
To: Alexei Roudnev [EMAIL PROTECTED]
Cc: Fergie [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED
You have not other chance than to accept it - itr is real life. Period.
- Original Message -
From: Fergie [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; nanog@merit.edu
Sent: Saturday, May 27, 2006 2:59 PM
Subject: Re: Black Frog - the botnets keep
Internet IS a wild west. You should live with it. It will never be _quet,
dead american's residential area, where dogs do not bark and kids do not
play themself on streets in age of 8 (normal dogs bark, and normal kids
often play themself when they are 8)_.
It is the whole WORLD, not one
PROTECTED]
To: Alexei Roudnev [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; John Dupuy [EMAIL PROTECTED]
Sent: Tuesday, April 11, 2006 11:29 AM
Subject: Re: Open Letter to D-Link about their NTP vandalism
law professor I'd really suggest that readers confirm this claim (that
intentional sending
It's legal to have broken NTP server in ANY country, and it's legal in most
(by number) countries to send counter-attack (except USA as usual, where
lawyers want to get their money and so do not allow people to self-defence).
So, it can be a GOOD prtactice in reality. But, of course, not in USA.
I use snmpstatd - snmpstat.sf.net .
- Original Message -
From: Ray Burkholder [EMAIL PROTECTED]
To: 'Ashe Canvar' [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, March 28, 2006 4:47 PM
Subject: RE: Backbone Monitoring Tools
A few more comments.
I found a link to snmp
PROTECTED]
To: Alexei Roudnev [EMAIL PROTECTED]
Cc: Ray Burkholder [EMAIL PROTECTED]; 'Ashe Canvar'
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, March 29, 2006 5:09 AM
Subject: Re: Backbone Monitoring Tools
On Wed, 29 Mar 2006, Alexei Roudnev wrote:
I use snmpstatd - snmpstat.sf.net
I love long discussion about dead cow (shim6). The early we forget about
this dumb idea the better.
- Original Message -
From: Michael Loftis [EMAIL PROTECTED]
To: nanog@merit.edu
Sent: Wednesday, March 01, 2006 2:34 PM
Subject: Re: a plea re: shim6
--On March 1, 2006 12:08:21 PM
Thus spake [EMAIL PROTECTED]
Let's face it, IPv6 is close enough to IPv4 that any
attempt to put a price on IPv4 addresses will simply
cause a massive migration to free and plentiful IPv6
addresses.
You assume that there will be a source of free and plentiful IPv6
addresses.
Why
How do you count # of networks? 8M means - 8M of independent, multihomed
companies. What is the reson to expect so many?
Don't forget that today's number of networks is multiplied few times because
you (foten) need to get more than 1
allocation. And what is a problem with 8M networks in next 8
So what? They are good for the customers, and then, scaling problems are
minor (esp. if you count
on decreasing of # of allocations per company).
PI space for multihoming and AS number growth is a bad thing for scaling
I use CCR (Cisco COnfiguration Repository, part of snmpstat project) and
have change reports daily, + have syslog reports hourly.
The same (osiris ) with hosts, btw.
- Original Message -
From: Rob Thomas [EMAIL PROTECTED]
To: NANOG nanog@merit.edu
Sent: Thursday, January 12, 2006 10:19
http://snmpstat.sourceforge.net/CCR-config.htm
- Original Message -
From: Randy Bush [EMAIL PROTECTED]
To: Jared Mauch [EMAIL PROTECTED]
Cc: NANOG nanog@merit.edu
Sent: Thursday, January 12, 2006 1:00 PM
Subject: Re: Is my router owned? How would I know?
Configuration Change
Some Cisco IOS'es have numerous bugs, related to SNMP (I watched few cases,
when all Cisco's 72xx lost configuration becuase of receivbing something
bogus), so SNMP should be filtered out from public internet.
- Original Message -
From: Mikael Abrahamsson [EMAIL PROTECTED]
To: NANOG
Are you sure? ?? statistics shows me opposite.
There are people actively scanning for any open ports running any
protocol, without a SPECIFIC interest in your computer.
I mean - for ANY. Pretty easy to check - set up access liost with 'log' for
2 ports - port 22 and port 63023, and show us
I said many times - just use non standard port. Number of hackerts who
discover this port wil decrease approx 10,000 times, to
almost 0 (number).
(Of course, except if you are a bank).
Other approach exists as well - SecureID on firewall. Login to firewall,
authenticate, and have dynamic access
: Suresh Ramasubramanian [EMAIL PROTECTED]
To: Alexei Roudnev [EMAIL PROTECTED]
Cc: Patrick W. Gilmore [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Saturday, November 19, 2005 7:02 PM
Subject: Re: a record?
On 11/20/05, Alexei Roudnev [EMAIL PROTECTED] wrote:
Other approach exists as well - SecureID
seconds.
T1 wil not be suitable for full routing of course, so what?
Just agaion - there are many tricks todo things right, out of theoretics of
IPv6 commitees.
- Original Message -
From: Blaine Christian [EMAIL PROTECTED]
To: Lincoln Dale [EMAIL PROTECTED]
Cc: Alexei Roudnev [EMAIL
- it
will be crearted easily. Today we eed 160,000 routes - and it works (line
cards,m software, etc - it DO WORK).
- Original Message -
From: Lincoln Dale [EMAIL PROTECTED]
To: Alexei Roudnev [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; Daniel Senie [EMAIL PROTECTED]
Sent: Wednesday, October 26, 2005 2:42 AM
this fragility.
Rubens
On 10/24/05, Alexei Roudnev [EMAIL PROTECTED] wrote:
One question - which percent of routing table of any particular router is
REALLY used, say, during 1 week?
I have a strong impression, that answer wil not be more than 20% even in
biggerst backbones
It is not true. Many tier-2 ISP specializes in very ghigh quality Internet
access, so mnasking problems of big ISP (who in reality never can provide
high quality Internet at all). Good example - Internap.
So, it is not about tier-1 vs tier-2, it is about ISP specialized on cheap
acvcess and ISP
One question - which percent of routing table of any particular router is
REALLY used, say, during 1 week?
I have a strong impression, that answer wil not be more than 20% even in
biggerst backbones, and
will be (more likely) below 1% in the rest of the world. Which makes a hige
space for
Randy; we are living on Earth with small size (only 6,000 km in radius), so
we will never see unlimited grouth in multihomed networks.
It is not a problem. We are not building Internet for the whole universe.
Good old Moore can deal with our planet very well.
I repeated many times - IPv6 idea of
We do not think, that _it wil be IPv6_. IPv6 is a good example of _second_
system, and do not looks as _succesfull_ for now.
And it is not definitely _LAST PROTOCOL_.
It _can be_ IPv6, true. But it can be other protocol (or just workaround for
IPv4, as we had CIDR and CLASSLESS) instead.
-
Fixed already. There was cable ct bteween Moscow and St. Petersburg.
- Original Message -
From: Alexei Roudnev [EMAIL PROTECTED]
To: nanog@merit.edu
Sent: Saturday, September 24, 2005 11:35 AM
Subject: What happen in Russia?
What is wrong with Internet in Russia? Looks
of National Investigations. The
Statesman says that with the network down the running of the country will be
a
'Herculean task'.
Frank
- Original Message -
From: Alexei Roudnev [EMAIL PROTECTED]
To: nanog@merit.edu
Sent: Saturday, September 24, 2005 11:35 AM
Subject: What happen in Russia
They are 'cogentco.com' .
- Original Message -
From: Tao Wan [EMAIL PROTECTED]
To: nanog@merit.edu
Sent: Tuesday, September 06, 2005 2:08 PM
Subject: Technical contact at Cogent
Can someone from Cogent or with a technical contact there (other than
[EMAIL PROTECTED]) contact me
This in reality protects from EVERYTHING! In theory - not, but in reality -
no exploits exists at all (except DDOS exploints, of course) for such
systems.
- Original Message -
From: Florian Weimer [EMAIL PROTECTED]
To: nanog@merit.edu
Sent: Tuesday, September 06, 2005 2:43 AM
Subject:
Things you must pay attention to:
(1) IP KVM should not use client software - good switches uses VNC and can
work via WEB.
The same with authentication.
(2) If you connect IP KVM to normal KVM, check if they are well compatible
in suich things as:
- monitor recognition on KVM;
- switching ports
DELL's DRAC-III is waste of money.
DELL's DRAC-IV is a very good thing, and I find it replacing al consoles
around (it have embedded monitoring with e-mail and SNMP alerts; have VNC
based console servcie with perfect /not ideal, through/ mouse
syncronisation, haVE VIRTUAL cd (SLOW, BUT WORKING)
Not a switch, but if you use DELL 2850 , 1850 and other _modern_ DELL xx8x
servers, DRAC-IV cards provides very good IP-KVM functionality. (Older
DRAC-III cards, used in 1650, are just a piece of junk).
- Original Message -
From: Jim Mercer jim@reptiles.org
To: Drew Weaver [EMAIL
.
IPv6 addressed problem which do note exists in reality.
- Original Message -
From: Christopher L. Morrow [EMAIL PROTECTED]
To: Alexei Roudnev [EMAIL PROTECTED]
Cc: NANOG nanog@merit.edu; Brad Knowles [EMAIL PROTECTED]
Sent: Friday, July 08, 2005 11:12 PM
Subject: Re: OMB: IPv6 by June 2008
To: Christopher L. Morrow
Cc: Alexei Roudnev ; NANOG ; Brad Knowles
Sent: Saturday, July 09, 2005 1:02
AM
Subject: Re: OMB: IPv6 by June 2008
Christopher L. Morrow wrote:
randy already asked for a kibosh on the lunacy here... I agree, it'd be
nice, but...
On Fri, 8 Jul 2005, Alexei Roudnev wrote
with constant renumbering
they proposed to use. Just wait 2 - 10 years and you will see).
- Original Message -
From: Dave Andersen [EMAIL PROTECTED]
To: Alexei Roudnev [EMAIL PROTECTED]; Syed Junaid Farooqi
[EMAIL PROTECTED]; Christopher L. Morrow
[EMAIL PROTECTED]
Cc: NANOG nanog@merit.edu
.
- Original Message -
From: Joe Abley [EMAIL PROTECTED]
To: Andre Oppermann [EMAIL PROTECTED]
Cc: NANOG list nanog@merit.edu; Alexei Roudnev [EMAIL PROTECTED];
Iljitsch van Beijnum [EMAIL PROTECTED]
Sent: Thursday, July 07, 2005 8:11 AM
Subject: Re: OMB: IPv6 by June 2008
On 2005-07-07, at 10:23
Message -
From: Randy Bush [EMAIL PROTECTED]
To: Alexei Roudnev [EMAIL PROTECTED]
Cc: nanog@merit.edu
Sent: Thursday, July 07, 2005 1:23 PM
Subject: Re: OMB: IPv6 by June 2008
Is it a pproblem keeping 500,000 routess in core routers? Of
course, it is not (it was in 1996, but it is not in 2005
Moreover, if you are not multihomned, you can be aggregated. If you became
multihome - yes, you take a slot; how many entities in the world should be
multihomed?
- Original Message -
From: Kuhtz, Christian [EMAIL PROTECTED]
To: David Conrad [EMAIL PROTECTED]; Alexei Roudnev
[EMAIL
Message -
From: Brad Knowles [EMAIL PROTECTED]
To: NANOG nanog@merit.edu
Sent: Friday, July 08, 2005 1:03 AM
Subject: Re: OMB: IPv6 by June 2008
At 12:51 AM -0700 2005-07-08, Alexei Roudnev wrote:
Who need this complexity? What's wrong with old good _routing rotocol_
approach
is terrible.
IPSec - compare SSH and IPSec. Compare IPSec and PPTP. No, IPSec is
extremely bad thing.
- Original Message -
From: David Conrad [EMAIL PROTECTED]
To: Alexei Roudnev [EMAIL PROTECTED]
Cc: Daniel Golding [EMAIL PROTECTED]; Scott McGrath
[EMAIL PROTECTED]; nanog@merit.edu
Sent
Message -
From: Mohacsi Janos [EMAIL PROTECTED]
To: Alexei Roudnev [EMAIL PROTECTED]
Cc: Daniel Golding [EMAIL PROTECTED]; Scott McGrath
[EMAIL PROTECTED]; David Conrad [EMAIL PROTECTED];
nanog@merit.edu
Sent: Thursday, July 07, 2005 1:08 AM
Subject: Re: OMB: IPv6 by June 2008
On Wed, 6
IPv6 is an excellent example of _second system_ (do you remember book,
written by Brooks many years ago?) Happu engineers put all their crazy ideas
together into the second version of first 9succesfull) thing, and they
wonder why it do not work properly.
OS/360 is one example, IPv6 will be
My e-mail is [EMAIL PROTECTED], but I send it when I am on DSL with EthLink
(and thru Earthlink SMTP). And it is 100% valid situation.
- Original Message -
From: John Levine [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Saturday, June 18, 2005 12:25 AM
Subject:
(I do not feel it as off-topic, btw).
Q. - what really are you going to see on this projected screen? I saw very
, very few systems and screens, which was really interesting for the big
screen. Most 'World map, colored icons, fancy lines' views are 99% useless
(many reasons). Big screen is
1) M9 have UPS power for a few days. BUT - it is 60V DC power. Only a very
few routers or switches are able to use it.
2) Power outages in Moscow data centers are very rare event, because most
have 2 - 3 different power inputs. 24 May failure was caused mainly
by operator's error, who
RIPN and Relcom was not affected, except their M9 colocations. They had, in
theory, backup connectivity thru another node, but I am not sure, if it
really worked or not.
- Original Message -
From: Joe Abley [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: nanog@merit.edu
Sent: Saturday, May
I agree with Tony. No need to overcomplicate a problem.
Today, more and more ISP verify routing, using prefixes or (less reliable)
AS--es, taking them from different sources.
If you be able to add, in small increments, certified information into this
routes, OR create external source of such
Yes, corect - registry is as accurate as it used for the routing decisions.
The more it is used, the better is feedback and the faster
it will fix unavoidable errors.
No one registry can be accurate until it is used for every day operations.
- Original Message -
From: Florian Weimer
Do you have amny information about last Microsoft problems with security
patches? We can see, how
one of last updates broke MTU discovery (not totally, but it restricts
number of discovered pathes so servers tsop working in a few days). And,
amazingly, no one published this problem.
Hosman' [EMAIL PROTECTED]; 'Joe Loiacono'
[EMAIL PROTECTED]; 'Alexei Roudnev' [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Friday, May 13, 2005 5:41 AM
Subject: Re: what will all you who work for private isp's be doing in a few
years?
Alexei Roudnev wrote:
What I can't
So imagine a residential area all pulling digital video over wireless.
Sound familiar? Ironically close to TV! (yet so different)
What I can't understand is why multicast hasn't just gone gangbusters into
use yet. I see it as a really pent-up capability that, in light of
Because multicast
Other is CCR (Cisco Configuration Repository), derived from here:
snmpstat.sf.net
- Original Message -
From: joshua sahala [EMAIL PROTECTED]
To: nanog@merit.edu
Sent: Thursday, May 12, 2005 2:16 PM
Subject: Re: ACL Monitoring
On (12/05/05 17:14), Paul Ryan wrote:
All - I am
Used in CCR, and adapted for
Cisco IOS
Cisco Catos
Pix OS
Cisco VPN 3000 os
Really nice thing.
- Original Message -
From: Glynn Stanton [EMAIL PROTECTED]
To: nanog@merit.edu
Sent: Thursday, May 12, 2005 3:39 PM
Subject: RE: ACL Monitoring
If you anticipate doing a lot of
It's all done in CCR. It encrypts passwords (allowing you to have a few
password groups, all WEB configurable), and uses
passphrases + 3DES or public/private key encryption (or just you can enter
logi and password from the web).
idea is simple - operators have WEB access and know passphrase, but
Alexei Roudnev wrote:
O, my god. Primitive hack, primitive ssh exploit I watched it all 6
years ago, bnothing changed since this.
It is _minor_ incident, in reality.
Primitive I can understand, but _minor_?
First, I don't really see why an attack should be estimated by the tool
*Your* boxes may be hardened beyond all belief and plausibility, but
you're
*STILL* screwed if some teenaged kid on another continent has more
effective
control of the router at the other end of your OC-48 than the NOC monkey
you
call when things get wonky
It is mostly fantasy. DNS
I agree. But I saw, how hackers intruded into XXX agency (USA's, I mean)
6
years ago. Cisco sources never was a great secret
Then you shouldn't be talking about it.
I mean - such things was common even 6 years ago. There was (always) some
level of rooted servers, some level of teen
O, my god. Primitive hack, primitive ssh exploit I watched it all 6
years ago, bnothing changed since this.
It is _minor_ incident, in reality.
- Original Message -
From: Sean Donelan [EMAIL PROTECTED]
To: nanog@merit.edu
Sent: Monday, May 09, 2005 10:32 PM
Subject: NYT: Internet
Hmm, the onses who block everything and cut wires off send 0 spam. So what?
- Original Message -
From: Daniel Golding [EMAIL PROTECTED]
To: Hank Nussbacher [EMAIL PROTECTED]; Adam Jacob Muller
[EMAIL PROTECTED]
Cc: Nanog Mailing list nanog@merit.edu
Sent: Tuesday, April 26, 2005 2:50 PM
Too much noice on too small problem. The only use of this - BOT wars in IRC
world (mopre likely, with a very low success rate).
- Original Message -
From: Alex Bligh [EMAIL PROTECTED]
To: Gwendolynn ferch Elydyr [EMAIL PROTECTED]; Hannigan, Martin
[EMAIL PROTECTED]
Cc: nanog@merit.edu;
On Wed, 30 Mar 2005 21:36:19 -0600, Chris Adams [EMAIL PROTECTED]
wrote:
Once upon a time, Eric A. Hall [EMAIL PROTECTED] said:
Do you also block NNTP so that customers have to use your servers?
Change that to SMTP and you'll get a bunch of yes answers. Why is one
right and the
with 0 counters).
- Original Message -
From: Petri Helenius [EMAIL PROTECTED]
To: Jim Popovitch [EMAIL PROTECTED]
Cc: Alexei Roudnev [EMAIL PROTECTED]; [EMAIL PROTECTED];
nanog@merit.edu
Sent: Sunday, March 06, 2005 7:18 AM
Subject: Re: public accessible snmp devices?
Jim Popovitch wrote
Cisco drops SNMP requests but not return '0', I saw it (dropped requests
because of _busy_) many times.
- Original Message -
From: Petri Helenius [EMAIL PROTECTED]
To: Jim Popovitch [EMAIL PROTECTED]
Cc: Alexei Roudnev [EMAIL PROTECTED]; [EMAIL PROTECTED];
nanog@merit.edu
Sent: Sunday
Hmm, good idea. I add my voice to this question.
But, btw, SNMP implementations are extremely buggy. Last 2 examples from my
experience (with snmpstat system):
- I found Cisco which have packet countters (on interface) _decreased_
instead of _increased_ (but octet counters are _increased_);
- I
Problem - you are talking about changing registrar, but in reality you
describe changing of domain owner.
Why (what for) is it allowed to transfer from one registrar to another with
changing NS records and other owner information?
Why don't separate this 2 events - changing registrar, and
I addition, there is a good rule for such situations:
- first, return everything to _previous_ state;
- having it fixed in previous state, allow time for laywers, disputes and so
on to resolve a problem.
It makes VeriSign position very strange (of course, it is dumb clueless
behemot as it was
I addition, there is a good rule for such situations:
- first, return everything to _previous_ state;
- having it fixed in previous state, allow time for laywers, disputes
and
so
on to resolve a problem.
agreed. but then proverbially, common sense isn't.
What happen if someone
Joe Maimon [EMAIL PROTECTED] writes:
Or perhaps do you mean previous owners can call in a stop order or
dispute the transfer unilaterally within X days of occurence, much
like it works for many REAL money transactions?
That makes considerable sense. You should be able to call in, say
There is more sertious problem here.
I can image 2 kinds of transfer:
- (1) domain is transferred WITHOUT CHANGES to the new registrar. Notice -
WITHOUT CHANGES. New registrar
should not change diomain without explicit order from owner.
- (2) Domain is expired and, after reasonable HOLD period,
Are you sure? RR should just distribute routes.
RR do not make any route decisions, and (btw) iBGP do not make route
decisions - they are mostly based on IGP routing. All iBGP + RR are doing
is:
- tie external routes to internal IP;
- distribute this information using iBGP mesh, RR's etc.
-
strong as it seems initially. You can always
add direct iBGP connections between 2 RR clients, if they have direct IP
connection and you suspect suboptimal routing thru RR's.
If we want to continue (I am not 100% sure in this problem), let's drow
pictures first.
On 12-jan-05, at 9:06, Alexei
I receive DNS responses 500 bytes every day (reported by PIX firewall). So
it is an issue, no matter wgat is recomended in RFC.
- Original Message -
From: Mark Andrews [EMAIL PROTECTED]
To: nanog@merit.edu
Sent: Sunday, January 09, 2005 3:08 PM
Subject: Re: Broken PMTUD for . + TLD
Yes, it is correct.
It is a cisco pix, right? Maybe just replacing the thing with a 1U
openbsd box will work wonders.
A PIX firewall can handle EDNS fine. It just has to be told
what is the maximum EDNS size being advertised by the internal
clients. The defaults assume there is no
36xx or 72xx
Old != bad .
All you need is MEMORY = = 256 Mb.
- Original 36xx, 72xx
Message -
From:
Erik
Amundson
To: Mark Bojara ; nanog@merit.edu
Sent: Monday, January 03, 2005 6:27
AM
Subject: RE: minimum requirements for a
full bgp feed
Well,
Please,do not compare connections thru PNAT (DSL + Linksys) with dialup.
So, this all is incorrect - DSL providers are (in 90% cases) protected from
the very beginning by hardware (even if they never hear word FIREWALL) -
because of PNAT.
- Original Message -
From: Suresh
I recommend such thing (remembering, how we learned BGP ourself many years
ago, and then participated in edition of the book about BGP).
But it all depends of complexity. 2 uplink multihome site - simple case; 100
node backbone with reflectors and private AS-es - another one.
On Fri,
Here is it:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml
Very good document.
There was excellent docuent on Cisco (better than book). I can search for
it, if you want.
Btw, BGP is not for dummies, too many possible consequencies of config
errors are possible.
- Original Message -
From: David E. Smith [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday,
We are using FreeBSD 4.x on 1Gbit Ethernet (for snifferring). Never had a
problems (but I should not garantee 100% snifferring on 400,000pps).
In reality, correct, pps is important, bandwidth is not important. If
traffic is VoIP, it's a problem; if it is 90% WEB, it's an easy task.
-
On Cisco it is (generation of config update) veryu complicated (in general
case) task. But we always automated every day config changes (acccess lists,
as path lists, route maps, interfaces except some special cases, and so on).
perl + 'expect+ 'conf net' was key elements.
- Original
In such products, only 20% value is in engine; 80% are in rules, because I
can not wrire rules myself - I have not event until it happen, and I can not
filetr out noice until it happen.
We use a few syslog analyzers (using syslog-ng as a transport), some with
simple logcheck, other with database
On Fri, 12 Nov 2004, Alexei Roudnev wrote:
If someone want to be insane - allow him to do it; what's the problem?
Is
this question coming from Panamian government? -:)
when you have to comply with some insane gov't ruling at penalty of
legal (possibly felony type actions) you
your filters.
- Original Message -
From: Robert Mathews [EMAIL PROTECTED]
To: NANOG [EMAIL PROTECTED]
Sent: Saturday, November 13, 2004 11:12 AM
Subject: Re: How to Blocking VoIP ( H.323) ?
On Fri, 12 Nov 2004, Alexei Roudnev wrote:
Date: Fri, 12 Nov 2004 09:46:15 -0800
From
Btw - using Solaris + no_stack_exec + old ssl - appear to be 100% secure
from all random attacks (it can be broken - in theory, see articles from
'Solar designer' - but it is absolutely inpractical for hacking). I watched
such system (absolutely not patched, with apache and openssl, untouched
Below, please:
s/such/VoIP filtering/
and it will be true. It do not depends of alghoritm you are using.
Moreover, if you deploy such service, someone else can deploy VoIP which
uses https tunnel to it, and you will not have any chances than to block
total https traffic.
It (such thing) can
If someone want to be insane - allow him to do it; what's the problem? Is
this question coming from Panamian government? -:)
This is internet - if I have 10 Mbit connection and 100msec latency, I can
use it for Voice, no way to block me; if it is 19200bits/second and 2 second
latency, I can
On Thu, 11 Nov 2004, Alexei Roudnev wrote:
Date: Thu, 11 Nov 2004 09:38:00 -0800
From: Alexei Roudnev [EMAIL PROTECTED]
To: Christopher L. Morrow [EMAIL PROTECTED],
Irwin Lazar [EMAIL PROTECTED]
Cc: Joe Shen [EMAIL PROTECTED], NANOG [EMAIL PROTECTED]
Subject: Re: How
SkyPE was designed to work thru any firewalls (except, of course, if you
block all outbound connections and require using HTTP proxy) -:).
- Original Message -
From: Irwin Lazar [EMAIL PROTECTED]
To: Joe Shen [EMAIL PROTECTED]
Cc: NANOG [EMAIL PROTECTED]
Sent: Thursday, November 11,
Hmm - just introduce some jitter into your network, and add random delay to
the short packets - and no VoIP in your company -:).
Other way - block ALL outbound connections (including DNS and HTTPS) and
require using proxy, or better do not allow external IP addresses.
-:)
(I should not be very
as it has to code
password in login script. Is there any tool to get
configuration file from read-only SNMP cumminity?
Joe
--- Jon Lyons [EMAIL PROTECTED] wrote:
Checkout http://perfparse.sourceforge.net/ lets you
graph the data from the nagios plugins...
--- Alexei Roudnev [EMAIL
Nagios is one of the best systems (and widely
used).
CCR is part of snmpstat (but separate installation tar), see
http://snmpstat.sf.net
- Original Message -
From:
J
Sparacio
To: Joe Shen
Cc: Alexei Roudnev ; Jon Lyons ; Andy Dills ; Charlie Khanna - NextWeb
Here:
http://sourceforge.net/projects/snmpstat
and docs are here
http://snmpstat.sourceforge.net/CCR-config.htm
- Original Message -
From: Joe Shen [EMAIL PROTECTED]
To: Alexei Roudnev [EMAIL PROTECTED]; Jon Lyons [EMAIL PROTECTED];
Andy Dills [EMAIL PROTECTED]; Charlie Khanna
Nothing all in one place, that I'm aware of. But with a little work, you
snmpstat have hardcoded set of monitored parameters, but creates all graphs
anb links automartically, including customer-only view of customer's links,
link to the database record about this link, and link to the
I use
http://snmpstat.sf.net
for bandwidth, links monityoring, router's cpu usage, etc etc; and
http://cricket.sourceforge.net/
for additional parameters.
First (developed in Moscow for few ISP) monitors abd adapted here for
Enterprise (and shows everuything on the single scree, with
I generated config for 'snmpstatd' automatically, from user;'s database (it
was simple; all I need was Router, Interface, User-name, number for this
user, priority).
For automated config backups, I use CCR (fully web based Cisco
configuration - CVS system).
- Original Message -
From:
CAR does not work like a regular link; no way. It works like a link with 0
buffer size.
Problem is that CAR drops packets which override bandwidth, do not query
them (and do not prioritize them), so it use TCP adaptation to the packet
drop, not to the delay/rtt. This thing works fine with drop
Pardon for my possibly ill informed interjection. I was under the
impression that the current wind was blowing towards filtering outbound
It is not true, as I know; moreover, the day when I receive such proposal
from my ISP will be my last day with this ISP, so it will be for many
others.
If my ISP block port 25, I'll change ISP next day.
But if it will be _configurable_ (blocked by default, but I can change
setting by simple openimng web page and select checkbox) - why not.
- Original Message -
From: Petri Helenius [EMAIL PROTECTED]
To: Gadi Evron [EMAIL PROTECTED]
Cc:
1 - 100 of 253 matches
Mail list logo