Last night I saw an issue with connectivity between a domestic site in
Pennsylvania off of Level3's network connecting to a site on UUNet in
Australia - latency was almost triple of what it normally is...
Level3's response was of course We don't see anything - even with
traceroutes showing
Iljitsch van Beijnum wrote:
There seem to be large scale problems at the AMS-IX. BGP sessions with
peers keep oscillating. Since their own addresses keep jumping all over
the place, it is not possible to reach anyone over the AMS-IX tech list.
I have disabled all AMS-IX peerings
On Wed, 23 Oct 2002, Nipper, Arnold wrote:
There seem to be large scale problems at the AMS-IX. BGP sessions with
peers keep oscillating. Since their own addresses keep jumping all over
the place, it is not possible to reach anyone over the AMS-IX tech list.
I have disabled all AMS-IX
It's very interesting to see the traffic stats at
http://www.ams-ix.net/hugegraph.html Usually, incoming and outgoing
traffic is the same. But during this problem, much more traffic went out
than came in.
Curious, as the exchange sources no traffic that shouldnt really be possible ;)
On Wed, 23 Oct 2002, Stephen J. Wilcox wrote:
It's very interesting to see the traffic stats at
http://www.ams-ix.net/hugegraph.html Usually, incoming and outgoing
traffic is the same. But during this problem, much more traffic went out
than came in.
Curious, as the exchange sources
Stephen J. Wilcox:
It's very interesting to see the traffic stats at
http://www.ams-ix.net/hugegraph.html Usually, incoming and outgoing
traffic is the same. But during this problem, much more traffic went out
than came in.
Curious, as the exchange sources no traffic that shouldnt
On Wed, 23 Oct 2002, Stephen J. Wilcox wrote:
It's very interesting to see the traffic stats at
http://www.ams-ix.net/hugegraph.html Usually, incoming and outgoing
traffic is the same. But during this problem, much more traffic went out
than came in.
Curious, as the exchange sources no
Iljitcsh,
There seem to be large scale problems at the AMS-IX. BGP sessions with
peers keep oscillating. Since their own addresses keep jumping all
over the place, it is not possible to reach anyone over the AMS-IX
tech list.
I have disabled all AMS-IX peerings for the networks I manage
On Wed, 23 Oct 2002, Neil J. McRae wrote:
There seem to be large scale problems at the AMS-IX. BGP sessions with
peers keep oscillating. Since their own addresses keep jumping all
over the place, it is not possible to reach anyone over the AMS-IX
tech list.
I have disabled all AMS-IX
Did you try calling them?!
No. I have enough confidence in the AMS-IX staff to trust they'll notice
problems without me having to tell them about it.
So why send an email here?
--
Neil J. McRae - Alive and Kicking
[EMAIL PROTECTED]
On Wed, 23 Oct 2002, Neil J. McRae wrote:
Did you try calling them?!
No. I have enough confidence in the AMS-IX staff to trust they'll notice
problems without me having to tell them about it.
So why send an email here?
To advise other network operators of the problem, so they could
There seem to be large scale problems at the AMS-IX. BGP sessions with
peers keep oscillating. Since their own addresses keep jumping all over
the place, it is not possible to reach anyone over the AMS-IX tech list.
I have disabled all AMS-IX peerings for the networks I manage, and I
suggest
On Sat, 31 Aug 2002, Gerald wrote:
Man it is hard to find where routes die when you are dead on the net.
tip - keep some access via another provider!
2 hops out from our network was not broadcasting our routes. We should be
alive on the internet again to everyone. Thanks for the input
80 0 7911 8001 22420 i
*i63.74.146.0/23 216.191.64.253 80 0 7911 8001 23368 i
At 10:54 AM 8/31/2002 -0400, Gerald wrote:
We are seeing bad routing problems from outside our network. Can anyone
corroborate this or help?
We are on AS4276 and all traffic from us to our
PROTECTED]
Subject: Re: Bad bad routing problems?
Strange, from my network I see you via GT and via Telus but not via ATT
From me (as11647)
BGP routing table entry for 216.223.192.0/19
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Not advertised to any peer
852 174 8001
: Bad bad routing problems?
We are seeing bad routing problems from outside our network. Can anyone
corroborate this or help?
We are on AS4276 and all traffic from us to our upstream seems good. Great
way to spend holiday weekend. /me wonders if anyone is even awake on the
NANOG list. :-)
2
to not be of more assistance.
-Chris
-Original Message-
From: Mike Tancsa [mailto:[EMAIL PROTECTED]]
Sent: Saturday, August 31, 2002 11:14 AM
To: Gerald
Cc: [EMAIL PROTECTED]
Subject: Re: Bad bad routing problems?
Strange, from my network I see you via GT and via Telus
i awoke from my hibernation to this mail. what's going on?
Why do we let RIchard Sexton get away with posting this kind of insulting
drivel to the list?
[EMAIL PROTECTED] writes:
Why do we let RIchard Sexton get away with posting this kind of insulting
drivel to the list?
in my specific case, it's because i've configured my user interface in a
way that allows me to live on an internet that does not have certain people
in it. (no, my
Welcome to installment 2 of ALGX leaking routes. If they have any
connectivity to speak of by the end of the day, I'd be amazed.
At 03:00 PM 8/15/2002 -0500, Stanley, Jon wrote:
Welcome to installment 2 of ALGX leaking routes. If they have any
connectivity to speak of by the end of the day, I'd be amazed.
Well, it was one of ALGX downstreams leaking to them. Shame on them
for not filtering their customer properly.
happened.
This is part of one email that we got from them a while ago:
1. You should be using [EMAIL PROTECTED] for reporting problems with your
peers and it is 24X7. Fo new turnups, please use [EMAIL PROTECTED] more
digex.net. - 866-696-2794 options 1 8824
The downstream customer responded right
On Thu, Aug 15, 2002 at 05:15:04PM -0700, Joe Wood wrote:
However, I don't really see a reason why ISP's shouldn't implement
max-prefixes on their customer sessions; This would not prevent against
very small prefix leaks, but would prevent partial and whole routing table
leaks that impact
On Thu, 15 Aug 2002, Richard A Steenbergen wrote:
If you're using a Cisco, and they leak, their session stays down until a
human clears it. It also does very little to prevent leaking of a single
route (like one of Phil Rosenthal's /24s), impacting someone else. As a
customer, I would
Joe Wood [EMAIL PROTECTED] typed:
However, for ISP's that do NOT use any sort of prefix filters, wouldn't
you prefer that your BGP session was limited to a number of prefixes, in
case of a routing leak?
We'ld prefer that such ISPs identify themselves here so we can
straighten them out.
On Thu, 15 Aug 2002, Mark Kent wrote:
We'ld prefer that such ISPs identify themselves here so we can
straighten them out. Wasn't that your intention when you asked this
question:
How many of you that currently do not filter your customer BGP
sessions have max-prefixes configured?
harm in going aginst CIDR. Perhaps it
is lack of experience in general engineering; one basic rule of thumb is
to solve problems by avoiding the conditions which create them. By rushing
headllong into activities that are -in even the most conservative terms-
debatable, you are inviting both known
On Sat, 27 Jul 2002, Ralph Doncaster wrote:
If you want to run seperate networks, run separate networks. Different
ASes, the whole 9 yards; perhaps a re-reading of rfc1930 is in order?
That brings us back to the discussion of PI space. If de-aggregating my
/20 didn't work, then I'd
Ralph,
I think you're missing the point a bit. Don't expecy to use resources on
other people's networks and routers to do your own traffic engineering
unless you pay them for it.
You must buy transit from the same ISP in each city, and then you can do
your traffic engineering using their
If you want to run seperate networks, run separate networks. Different
ASes, the whole 9 yards; perhaps a re-reading of rfc1930 is in order?
That brings us back to the discussion of PI space. If de-aggregating my
/20 didn't work, then I'd either inefficiently use IP space in order
On Sat, 27 Jul 2002, Ralph Doncaster wrote:
And your assumption about my Ottawa-Toronto link is wrong. I have a 100M
point-to-point ethernet link between the cities. I have a 100M transit
connection to Peer1 in Toronto, and have issued a letter of intent to a
transit provider in Ottawa
On Sat, 27 Jul 2002, Ralph Doncaster wrote:
And your assumption about my Ottawa-Toronto link is wrong. I have a 100M
point-to-point ethernet link between the cities. I have a 100M transit
connection to Peer1 in Toronto, and have issued a letter of intent to a
transit provider in
At 10:56 AM -0400 2002/07/27, Andy Dills wrote:
Are you suggesting that either of those (which don't violate any
RFCs) options are better than de-aggregating my /20?
The best solution is just as everybody here has suggested. Use the same
provider for transit at both locations,
If he would buy transit from *2* providers in 2 cities, he'd be fine, as
he could announce the longer prefixes the rest of the internet does not
need to see on either ISP1's backbone or ISP2's backbone or both to
influence how much traffic he takes inbound on each link on each city, and
how
On Sat, 27 Jul 2002, Brad Knowles wrote:
At 10:56 AM -0400 2002/07/27, Andy Dills wrote:
If you buy bandwidth from two different providers at two
different locations, this would seem to me to be a good way to
provide backup in case on provider or one location goes
Tango-Uniform,
At 3:51 PM -0400 2002/07/27, C. Jon Larsen wrote:
But with only 1 ISP link in each city (1 upstream) if he ever loses the
link between the two cities, he has a problem, as there is no way to
transfer traffic bound for city1 that enters city2's connection, and vice
versa.
I
A. one can always find different providers. If you are trying to build
something and you don't have the right tools then get new tools. If you
can't afford multiple redundant links between pieces of your own AS and
you want to use an upstream to provide this for you then you must pick a
At 4:04 PM -0400 2002/07/27, Paul Schultz wrote:
If you connect to the same transit(s) in both cities you can announce more
specific networks with no-export set, keep most of your external traffic
off your own network, and not cause the entire world to know about your
more specific
On Sat, 27 Jul 2002, Brad Knowles wrote:
Responsible and overall best: connect to the same 2+ providers in both
locations and announce more specifics locally in each region/city/whatever
with no-export.
As said above, this isn't possible. I'd like to learn what could
be done
Does anybody else has BGP problems with Savvis today?
They are usually very proactive on any problems, call me even for 20
second interruptions but today my BGP session has been dead for probably
5-6 hours (and effectively my ability to use Savvis as upstream provider),
I called them 3
* * *
...
Thanks,
--Chad
On Tue, 16 Jul 2002, Christopher L. Morrow wrote:
Date: Tue, 16 Jul 2002 19:45:49 + (GMT)
From: Christopher L. Morrow [EMAIL PROTECTED]
To: Bryan Heitman [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: problems with 701
wow.. what are you trying to get
.
-Original Message-
From: Chad Oleary [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 18, 2002 6:05 AM
To: [EMAIL PROTECTED]
Cc: Bryan Heitman; Christopher L. Morrow
Subject: Re: problems with 701
We're starting to see the same issues with uunet, again. Anyone else
seeing this? Trying
anyone know what is going on over at uu?
seeing problems all over...
3 10 ms 10 ms 10 ms 216.79.187.254
4 10 ms10 ms 10 ms 172.25.57.5
5 10 ms10 ms 10 ms 205.152.37.184
6 10 ms10 ms10 ms 500.POS2-0.GW11.ATL5.ALTER.NET
[157.130.76.97]
710
BH anyone know what is going on over at uu?
BH
BH seeing problems all over...
BH
BH3 10 ms 10 ms 10 ms 216.79.187.254
BH4 10 ms10 ms 10 ms 172.25.57.5
BH5 10 ms10 ms 10 ms 205.152.37.184
BH6 10 ms10 ms10 ms 500.POS2-0.GW11.ATL5.ALTER.NET
BH
ms31 ms POS7-0.BR6.SAC1.ALTER.NET [152.63.53.5]
10 ** ^C
C:\
Alan
-Original Message-
From: E.B. Dreger [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 16, 2002 1:36 PM
To: [EMAIL PROTECTED]
Subject: Re: problems with 701
BH anyone know what is going
: Tuesday, July 16, 2002 7:46 PM
To: Alan Sato; [EMAIL PROTECTED]; E.B. Dreger
Subject: Re: problems with 701
On Tue, 16 Jul 2002 19:02:22 -0700
Alan Sato [EMAIL PROTECTED] wrote:
Im having the same problem. I was told Verio was not accepting connections
from UUnet.
C:\tracert www.webshots.com
Good day everyone,
I am seeing a strange problem on my network lately after adding a new terminal
server, a Lucent MAX TNT with madd modems in it. The symptoms are that users can
connect, they can ping and traceroute without any trouble. Anything that is TCP based
however is failing.
On Wed, 10 Jul 2002, Jeffrey Wheat wrote:
Can anyone please offer some advice or
suggestions? I am too young to go bald :)
Yes, take the question to the Ascend-users list.
Tell them Frank Rizzo sent you. And if they won't help out, wrap a
ratchet round their heads.
Charles
Cheers,
At 02:43 PM 7/10/2002 -0400, Jeffrey Wheat wrote:
I am seeing a strange problem on my network lately after adding a
new terminal server, a Lucent MAX TNT with madd modems in it. The
symptoms are that users can connect, they can ping and traceroute without
any trouble. Anything
apologies in advance for this somewhat off topic posting.
back in may, a number of you contacted me indicating that there were
problems with email that i was sending out (for example, some of you are
getting no visible From: or To:)
one of the authors of my email client wishes
Does anyone have information why ATT's Worldnet portal is being
routed through Splitrock, UIUC and NCSA? It seems to have pretty
much taken the Worldnet site off the net.
nslookup www.worldnet.att.net
Server: localhost
Address: 127.0.0.1
Non-authoritative answer:
Name:
On Thu, May 23, 2002 at 12:54:57PM -0700, Scott Granados wrote:
As are f5 proeducts including bigip, 3dns and hmmm they make something
else I forget:).
On Thu, 23 May 2002, Brian wrote:
bsd kernel eh? i believe netapp filers are based on that as well.
Indeed - bigIP is BSDI aka
Though I might lend a comment here. I have had alot of experience
with PC based routers, starting around 96, and getting majorly into it
around 98 or so.
To give you an idea. No moving parts except cooling fans. Main drive
is an IDE style SanDisk flash drive. System goes through a
On Thu, May 23, 2002 at 11:17:11AM -0500, Richard Irving wrote:
Einstein wouldn't have made it anywhere, without his
background in Mathematics that he got from a Prominent Ivy League...
Oh.. Shoot, did it again.
Have you ever heard the expression Flat World Thinking ?
Einstein was
Note the expression -background- in Mathematics.
While Einstein -later- graduated from SFP, please realize that
that Einstein had problems in School... Wild Duck comes to mind,
but the end result was that he then later -Taught Himself-
Calculus and -then- Boot strapped himself into his future
: : Richard Irving [EMAIL PROTECTED]
:
:
: Note the expression -background- in Mathematics.
:
: While Einstein -later- graduated from SFP, please realize that
: that Einstein had problems in School... Wild Duck comes to mind,
: but the end result was that he then later -Taught
If you hadn't clipped this, it would have been a non-issue:
LURK
Is the above meta tag broken, or what ?
:P
Petr M. Swedock wrote:
GAAH! #!$H$%#@!X!
This discussion has left the operational and entered the realm of
baleful minutia and noxious ego-gratification. Please stop, or
take
a minute... (/mnt asbestos underwear)
Just my 2ยข.
-Al
-Original Message-
From: Steven J. Sobol [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 23, 2002 2:39 PM
To: Dan Hollis
Cc: E.B. Dreger; Vinny Abello; [EMAIL PROTECTED]
Subject: Re: Routers vs. PC's for routing - was list problems?
On Thu
J. Sobol; Vinny Abello; [EMAIL PROTECTED]
Subject: Re: Routers vs. PC's for routing - was list problems?
JKS Date: Thu, 23 May 2002 17:34:29 -0400 (EDT)
JKS From: Jason K. Schechner
JKS Why would you want to do this?
JKS
JKS Logging. If a h@xx0r cracks your box he can't erase
JKS anything
BSD enforces append-only when running proper securelevel. AFAIK,
Linux lacks this attribute, and root can disable the so-called
immutable attrib.
bsd enforces append only or immutable when the flag is set, not
depending on the securelevel. there are user and system flag
sets. the user flag
They did but when you mentioned this I went to look for it and haven't
found it. .
As I recall this was infact for the nsa but I don't remember the exact
application.
On Fri, 24 May 2002, Joseph T. Klein wrote:
Didn't National Semiconductor have a spec sheet for write only memory
back in
And remember, Einstein probably wasn't right:). I also recall that the
popular myth that he failed math classes as a child is cincorrect.
Hmm, if we're not careful our list will degrade from operational to my
relativistic mass is bigger than your pc based relativistic mass:).
On Fri,
24
On Fri, 24 May 2002, Rowland, Alan D wrote:
AFAIK standard (non-proprietary) CompactFlash, SmartCards, Memory Stick, et
al, are seen as (removable) storage with typical allowed attributes. I can
set a file/folder/card to 'locked' in my camera but when plugged into the
computer this will
Richard Irving wrote:
Router#Conf t
Router(config)#
Scott Granados wrote:
And remember, Einstein probably wasn't right:).
% Invalid input detected at '^' marker.
Router(config)#
What, God -does- play dice ? ;)
Actually, yes, God does ;)
(See Bell's theorum and its tests,
On Wed, 22 May 2002, Kristian P. Jackson wrote:
Perhaps a bachelors in network
engineering is in order?
I'm afraid there's not enough stuff one has to know to sucessfully
design networks to fill more than one-semester course.
--vadim
Andrew,
The college I am attending, Strayer Univeristy, has a B.S. degree
in Internetworking. While it is kinds geared towards Cisco the good part
is that they will give credit for life experience etc. I am getting credit
for 8 classes due to my work experience in the field. The also
I would have to say for any Linux/BSD platform to be a viable routing
solution, you have to eliminate all moving parts or as much as possible,
ie. no hard drives because hard drives will fail. Not much you can do about
the cooling fans in various parts of the machine though which routers also
VA Date: Thu, 23 May 2002 09:26:41 -0400
VA From: Vinny Abello
VA I would have to say for any Linux/BSD platform to be a viable
I suppose it's been awhile since this thread has made the rounds,
so I'll jump in for a moment...
VA routing solution, you have to eliminate all moving parts or
VA
And that's MY real question. Who has actually done this in a production
environment that can speak with some real experience on the topic? What
can you replace with a linux box to route and run BGP for you in real
life? A 7200? Bigger.
I don't have the facilities to try these things
On Thu, 23 May 2002, Neil J. McRae wrote:
I've done it in a production environment and unless money was
extremely tight I wouldn't consider doing it again. You will
save on capital expediture but you need an army of resources
to support it. When I did it, it was on NetBSD running GateD
The fact that there are actually ways of knowing and
characterizing the extent of one's ignorance, while still remaining
ignorant, may ultimately be more interesting and useful to people
than Yarkovsky
That's just a fancy way of saying a Clint Eastwood line from
one of his movies (Magnum
Not to say you can't route well with a linux or bsd system you can but
at the high-end probably not as well.
Tell that to Juniper.
routing != forwarding
routers have two jobs, both critical
randy
On Wed, May 22, 2002 at 03:16:14PM -0700, [EMAIL PROTECTED] said:
[snip]
Nice list. Can we sort by helpful/clueful/relevant postings, and ask the
top 10 to post more frequently? :)
(OTOH, suspect I would quickly drop down out of the top 100 ... =\ )
--
Scott Francis
At 02:42 PM 5/23/2002 -0400, Henry Yen wrote:
On Thu, May 23, 2002 at 06:22:50AM -0700, Rachel K. Warren wrote:
[ snip ]
Of course, there are exceptions to every rule - I've had managers and
executive officers in the same companies I worked at who did not have
degrees. But more
In the immortal words of Paul Vixie ([EMAIL PROTECTED]):
The trouble is, often times I'd rather hire the world's smartest garbage
man. I never forget that when I got done interviewing for my first full
time programming job I went back to my job fixing cars and pumping gas, and
my fallback
ADC Date: Thu, 23 May 2002 14:30:16 -0400
ADC From: Anthony D Cennami
ADC Not to say you can't route well with a linux or bsd system
ADC you can but at the high-end probably not as well.
ADC
ADC Tell that to Juniper.
Where can I buy their line cards for my PC?
--
Eddy
Brotsman Dreger,
(with ospfd. They (the problems) weren't confirmed by the
zebra community but thats the only thing we could narrow it down to.
ospfd would die periodically.) The line cards were bought off of eBay.
We did VLAN trunking through the 3com GBE card to a Catalyst 3548. Did any
rate limiting with DUMMYNET
As are f5 proeducts including bigip, 3dns and hmmm they make something
else I forget:).
On Thu, 23 May 2002, Brian wrote:
bsd kernel eh? i believe netapp filers are based on that as well.
Bri
On Thu, 23 May 2002, Anthony D Cennami wrote:
Not to say you can't route well
well for a long time,
JC although it turned out getting deprecated because of some
JC zebra issues (with ospfd. They (the problems) weren't
JC confirmed by the zebra community but thats the only thing we
JC could narrow it down to. ospfd would die periodically.) The
JC line cards were bought off
I agree with you on that. Hot swapability for various interfaces is
something routers obviously have over PC's.
Hot swap PCI is old news.
True... unless going for 64 bit PCI at 66MHz... still it's obvious that
routers are designed for one simple purpose and generally have larger
On Thu, 23 May 2002, E.B. Dreger wrote:
I'm trying to remember what Buy It Now was on that M20 on eBay
the other day... IIRC, it had 4x OC3 + 4x DS3 + 4x FE.
$39,975
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=2025155277
--
Dominic J. Eidson
On Thu, May 23, 2002 at 03:00:20AM -0400, Patrick W. Gilmore wrote:
At 02:42 PM 5/23/2002 -0400, Henry Yen wrote:
On Thu, May 23, 2002 at 06:22:50AM -0700, Rachel K. Warren wrote:
Of course, there are exceptions to every rule - I've had managers and
executive officers in the same
At 04:17 PM 5/23/2002 -0400, you wrote:
I agree with you on that. Hot swapability for various interfaces is
something routers obviously have over PC's.
Hot swap PCI is old news.
True, but not widely implemented in the standard PC market. If you want a
server that has hot swap capability,
On Thu, 23 May 2002, E.B. Dreger wrote:
EIDE-based flash drives have become very inexpensive. Some
embedded systems use CompactFlash boards.
Can you set flash drives to be write-only? Sorry if this is a basic
question, but the only EIDE mass-storage devices I've used are more
traditional
On Thu, 23 May 2002, Steven J. Sobol wrote:
On Thu, 23 May 2002, E.B. Dreger wrote:
EIDE-based flash drives have become very inexpensive. Some
embedded systems use CompactFlash boards.
Can you set flash drives to be write-only?
Why would you want to do this?
-Dan
--
[-] Omae no subete
SJS Date: Thu, 23 May 2002 17:23:43 -0400 (EDT)
SJS From: Steven J. Sobol
SJS Can you set flash drives to be write-only? Sorry if this is
Depends on the drive, just like traditional HDDs.
SJS a basic question, but the only EIDE mass-storage devices
SJS I've used are more traditional drives.
JKS Date: Thu, 23 May 2002 17:34:29 -0400 (EDT)
JKS From: Jason K. Schechner
JKS Why would you want to do this?
JKS
JKS Logging. If a h@xx0r cracks your box he can't erase
JKS anything that's already been written there. Often it takes
BSD enforces append-only when running proper
On Thu, 23 May 2002, Dan Hollis wrote:
On Thu, 23 May 2002, Steven J. Sobol wrote:
On Thu, 23 May 2002, E.B. Dreger wrote:
EIDE-based flash drives have become very inexpensive. Some
embedded systems use CompactFlash boards.
Can you set flash drives to be write-only?
Why would
At 02:28 PM 5/23/2002 -0700, Dan wrote:
Why would you want to do this?
Because flash has a limited number of writes. If you used it like a
traditional file system, it would go kaput in no time.
-- jb
Vinny Abello wrote:
First off, you're right about moving parts generally being a bad
thing. However, it is not always necessary to eliminate the hard
drive. Two drives in a RAID-0 configuration may be reliable
enough. Especially if the failure of a single drive sets off
sufficient alarms
Let me elaborate. I thought Steve was concerned about the limited
writablity of flash.
My thought was to build something like a Linux router, you'd have to load
the OS into a RAMdisk (or something similar), and only write to flash when
the config changed. Which means you'd need some sort of
On Thu, 23 May 2002, Jason K. Schechner wrote:
On Thu, 23 May 2002, Dan Hollis wrote:
On Thu, 23 May 2002, Steven J. Sobol wrote:
Can you set flash drives to be write-only?
Why would you want to do this?
Logging. If a h@xx0r cracks your box he can't erase anything that's
already been
On Thu, 23 May 2002, Jake Baillie wrote:
the config changed. Which means you'd need some sort of singular
configuration file.
But I was wrong. :) He meant read-only
I'm just throwing ideas out there. I could boot Linux off a floppy or
a bootable CD and create a ramdisk upon bootup -
On Thu, 23 May 2002, E.B. Dreger wrote:
SJS a basic question, but the only EIDE mass-storage devices
SJS I've used are more traditional drives.
Why not partition wisely, then mount the desired partition as
read-only? Or I guess one _could_ mount each partition as RO...
But why?
The
On Thu, May 23, 2002 at 05:47:40PM -0400, David Charlap wrote:
64/66 PCI has 4 times as much bandwidth - about 4Gbit/s. Much better
than standard PCI, but hard to find on a PC-compatible motherboard, and
expensive when you do find it. Enough bandwidth for 10 line-rate 100M
Ethernet ports
Speaking of which: I have been looking for a reasonable priced hardware
ramdisk. The ones I've seen (albeit expensive) are essentially a brick
with DIMMs in them, and have either a IDE or SCSI interface. Some have a
battery to back them up for a few hours.
Anyone got some pointers?
On Thu,
On Thu, 23 May 2002, Dave Israel wrote:
Then why ot boot from a CD-ROM? Sure, it moves, but only for the
few minutes it takes to boot. Then it spins down and sits idle for
the n days/weeks/months until the next reboot. It would probably
last as long as the solid state drive, and would
Didn't National Semiconductor have a spec sheet for write only memory
back in the late 70s or early 80s?
I think they developed it for the NSA.
--On Thursday, 23 May 2002 14:53 -0700 Dan Hollis [EMAIL PROTECTED] wrote:
On Thu, 23 May 2002, Jason K. Schechner wrote:
On Thu, 23 May 2002, Dan
On Thu, 23 May 2002 18:01:03 EDT, Steven J. Sobol said:
The box I want to build is passing packets between the rest of my network
(and the public Internet) and one server that will hold sensitive data.
It'll be a Linux box with the TCP/IP stack running in bridged mode, with
two ethernet
Date: Fri, 24 May 2002 00:52:14 -0400
From: [EMAIL PROTECTED]
I've heard tell that a good way to secure a Linux box that's
doing this is to have it boot, set up the interfaces, set up
iptables, and then do a quick /sbin/halt - if you fail to
'ifconfig down' the interfaces on the way
701 - 800 of 854 matches
Mail list logo
