1e6 entries. What finally broke was doing a table list, possibly because the
command prints in sorted order. No performance problems were observed at my
limited volume of perhaps 3 hits per day.
--
Barney Wolff I never met a computer I didn't like.
that, latency goes up when bandwidth goes up
> for your case ?
I assume it had to do with different settings for interleaving on the
DSLAM, as some prior poster mentioned.
--
Barney Wolff http://www.databus.com/bwresume.pdf
I never met a computer I didn't like.
. Here are a few
> examples:
When I switched from 1600/384 to 3000/768 dsl, download speed went up to
very nearly the promised 3Mbps, but latency to the first hop went from
14 ms to 26 ms.
Now I have FTTH, and first-hop latency is 3 ms (acedsl.com, Verizon
reseller, good guys).
--
Barne
On Mon, Dec 20, 2004 at 12:26:31AM +0100, Florian Weimer wrote:
> * Barney Wolff:
>
> > Perhaps, then, one should not be so quick to disparage software-based
> > firewalls, resident on the computer itself.
>
> Yes, but it's only a real obstacle if the malw
e software-based
firewalls, resident on the computer itself.
After all, there is really no such thing as a "hardware-based" firewall.
bugtraq has plenty of reports of software bugs in firewalls resident on
dedicated hardware.
"Defense in depth" would suggest using both.
-
n may need to upgrade again.
If we wait much longer, of course, the opportunity will be lost. To
argue that it's already too late, when ipv6 is a small fraction of all
traffic and an infinitesmal fraction of future traffic is, imho, foolish.
--
Barney Wolff http://www.databus.com/bwre
ware of it unless they want to be, it would appear to
solve all of these problems.
How much would it add to the pain of the v4-v6 transition, to just bite
the bullet and do tcp-sctp at the same time? I'd sure rather be a
network troubleshooter going through that than living with NAT forever
n bad users after 1 and edited the sendmail source to wait 10 sec
before responding rather than 1. That seems to have discouraged them some.
As has been mentioned, the key is either not to have/be a secondary mx or
to make it smart enough to know who's valid, to avoid DoSing the forged
senders.
-
> announces them to you, voila, DDOS gone. (even for spoofed traffic,
> depending on how your filters are set up) Obviously these would be
> no-export routes so no peer need be worried.
1. Why is BGP the right tool for this?
2. Is your idea to block only packets destined for the custo
ough I have no idea
how to do it in an ASIC.
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
// Simulate a fragmentation algorithm
// frag Omtu [Ihdrsz]
// Barney Wolff&l
ckets, the difference between 750 and 1410 will start to become
> noticable.
That's not how PMTUD works. If DF is set, you discard the packet and
report back with ICMP. If DF is not set, you frag the packet - but
that's not PMTUD, because no report ever goes back to the sender.
-
strictly US analogy: The death
penalty for shooting a cop is a legal deterrent, but a wise cop still
wears a bulletproof vest.
Filter to protect your own network, and, when necessary and possible,
your customers from each other and the Internet from your customers.
Legalisms punish, after the fact.
27;t want to
make any rash decisions about deploying it."
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
o real source with result as a courtesy
Doing this from behind a NAT would be difficult.
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
n of a money transfer or add
an invisible transaction, but that's certainly quite a lot harder than
a simple keystroke logger.
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
But really, since the gas lines are down there too, is fiber the chief
worry?
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
- Forwarded message from [EMAIL PROTECTED] -
Date: Tue, 28 Jan 2003 00:43:09 -0500 (EST)
Worm Hits Microsoft, Which Ignored Own Advice
January 28, 2003
By JOHN SCHWARTZ
...
A spokesman for Microsoft, Rick Miller, confirmed that a
number of the company's machines had gone unpatched, a
he company's
machine and under control of the company - maybe the only scenario where
TCPA/Palladium-ng would be acceptable.
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
rrent, dial
tone and voice current, not just run the switch itself, at least
in the Copper Age. I don't think -48VDC is an electrocution risk
unless you're sweaty, but a vaporized wrench sure can burn you, and
I don't think GFIs existed for DC.
Anyway, nukes don't need
tators are going to find computers, connect to the
> Net (outlawed by their leaders), and attack us.
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
d been expected.
>
> --Steve Bellovin, http://www.research.att.com/~smb (me)
> http://www.wilyhacker.com ("Firewalls" book)
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
5. Work by smb on the
dangers of spoofed source addresses was already public then. It's
long past time for the rest of the world to catch up.
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
ed.
I don't understand this reasoning. The ISP's justification for blocking
25 except to its own servers is to avoid having its facilities used
for abuse. How would the local ISP enforce use of SMTPAUTH to connect
to some remote ISP?
--
Barney Wolff
I'm available by contract or
cable/dsl subscriber still only uses about
5-10 Kbps, averaged over a month. If lots of people start watching video
streams for much of the day, current cable/dsl rates will not survive.
--
Barney Wolff
I never met a computer I didn't like.
24 matches
Mail list logo
