-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
David Ulevitch
Sent: Friday, May 24, 2002 2:36 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: Routers vs. PC's for routing - was list problems?
[deleted]
As to being immune to explo
On Fri, 24 May 2002, Rowland, Alan D wrote:
> AFAIK standard (non-proprietary) CompactFlash, SmartCards, Memory Stick, et
> al, are seen as (removable) storage with typical allowed attributes. I can
> set a file/folder/card to 'locked' in my camera but when plugged into the
> computer this will
They did but when you mentioned this I went to look for it and haven't
found it. .
As I recall this was infact for the nsa but I don't remember the exact
application.
On Fri, 24 May 2002, Joseph T. Klein wrote:
> Didn't National Semiconductor have a spec sheet for write only memory
> back in
>BSD enforces append-only when running proper securelevel. AFAIK,
>Linux lacks this attribute, and root can disable the so-called
>"immutable" attrib.
bsd enforces append only or immutable when the flag is set, not
depending on the securelevel. there are "user" and "system" flag
sets. the "us
is; Steven J. Sobol; Vinny Abello; [EMAIL PROTECTED]
Subject: Re: Routers vs. PC's for routing - was list problems?
JKS> Date: Thu, 23 May 2002 17:34:29 -0400 (EDT)
JKS> From: Jason K. Schechner
JKS> > Why would you want to do this?
JKS>
JKS> Logging. If a h@xx0r c
right? Worked for Apple,
oh, wait a minute... (/mnt asbestos underwear)
Just my 2ยข.
-Al
-Original Message-
From: Steven J. Sobol [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 23, 2002 2:39 PM
To: Dan Hollis
Cc: E.B. Dreger; Vinny Abello; [EMAIL PROTECTED]
Subject: Re: Routers vs. PC's fo
Unnamed Administration sources reported that Joseph T. Klein said:
>
>
>
> Didn't National Semiconductor have a spec sheet for write only memory
> back in the late 70s or early 80s?
>
> I think they developed it for the NSA.
Not exactly. As I recall, National or maybe Signetics had a run
of
Though I might lend a comment here. I have had alot of experience
with PC based routers, starting around 96, and getting majorly into it
around 98 or so.
To give you an idea. No moving parts except cooling fans. Main drive
is an IDE style SanDisk flash drive. System goes through a multista
On Thu, May 23, 2002 at 12:54:57PM -0700, Scott Granados wrote:
> As are f5 proeducts including bigip, 3dns and hmmm they make something
> else I forget:).
>
> On Thu, 23 May 2002, Brian wrote:
>
> > bsd kernel eh? i believe netapp filers are based on that as well.
Indeed - bigIP is BSDI aka
## On Friday, May 24, 2002 12:52 AM -0400
## [EMAIL PROTECTED] wrote:
> I've heard tell that a good way to secure a Linux box that's doing this is
> to have it boot, set up the interfaces, set up iptables, and then do
> a quick /sbin/halt - if you fail to 'ifconfig down' the interfaces on the
[ On Friday, May 24, 2002 at 04:50:27 (-), Joseph T. Klein wrote: ]
> Subject: Re: Routers vs. PC's for routing - was list problems?
>
> Didn't National Semiconductor have a spec sheet for write only memory
> back in the late 70s or early 80s?
>
> I think they de
unreasonable for USA.
- Original Message -
From: "Scott Granados" <[EMAIL PROTECTED]>
To: "Vinny Abello" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, May 23, 2002 11:22 AM
Subject: Re: Routers vs. PC's for routing - was list probl
In a silly and useless off topic thread ...
I found the reference. It was Signetics, not NS.
http://sunsite.informatik.rwth-aachen.de/jargon300/write-onlymemory.html
write-only memory: n. The obvious antonym to `read-only
memory'. Out of frustration with the long and seemingly useless
> Date: Fri, 24 May 2002 00:52:14 -0400
> From: [EMAIL PROTECTED]
> I've heard tell that a good way to secure a Linux box that's
> doing this is to have it boot, set up the interfaces, set up
> iptables, and then do a quick /sbin/halt - if you fail to
> 'ifconfig down' the interfaces on the way
On Thu, 23 May 2002 18:01:03 EDT, "Steven J. Sobol" said:
> The box I want to build is passing packets between the rest of my network
> (and the public Internet) and one server that will hold sensitive data.
> It'll be a Linux box with the TCP/IP stack running in bridged mode, with
> two etherne
Didn't National Semiconductor have a spec sheet for write only memory
back in the late 70s or early 80s?
I think they developed it for the NSA.
--On Thursday, 23 May 2002 14:53 -0700 Dan Hollis <[EMAIL PROTECTED]> wrote:
>
> On Thu, 23 May 2002, Jason K. Schechner wrote:
>> On Thu, 23 May 2002,
On Thu, 23 May 2002, Dave Israel wrote:
>
> Then why ot boot from a CD-ROM? Sure, it moves, but only for the
> few minutes it takes to boot. Then it spins down and sits idle for
> the n days/weeks/months until the next reboot. It would probably
> last as long as the solid state drive, and wo
Speaking of which: I have been looking for a reasonable priced hardware
ramdisk. The ones I've seen (albeit expensive) are essentially a brick
with DIMMs in them, and have either a IDE or SCSI interface. Some have a
battery to back them up for a few hours.
Anyone got some pointers?
On Thu, 2
> > True... unless going for 64 bit PCI at 66MHz...
>
> 64/66 PCI has 4 times as much bandwidth - about 4Gbit/s. Much better
> than standard PCI, but hard to find on a PC-compatible motherboard, and
> expensive when you do find it. Enough bandwidth for 10 line-rate 100M
> Ethernet ports or six
On Thu, May 23, 2002 at 06:04:09PM -0400, [EMAIL PROTECTED] said:
[snip]
> I'm just throwing ideas out there. I could boot Linux off a floppy or
> a bootable CD and create a ramdisk upon bootup - Linux has always had this
> capability. I'm just a person who occasionally comes up with silly
> hal
On Thu, May 23, 2002 at 09:38:18AM +, E.B. Dreger wrote:
> BSD enforces append-only when running proper securelevel. AFAIK,
> Linux lacks this attribute, and root can disable the so-called
> "immutable" attrib.
i think that modern linuxes have both of these capabilities,
but they need to be
On Thu, 23 May 2002, E.B. Dreger wrote:
> Everything that you say one can do from a CDROM, one can do from
> flash. CDROM technology gains you nothing.
Depends on what flash you use. There's no way to write protect
compactflash. CDROM technology gains you security in the case where m4d
h4x0r
DI> Date: Thu, 23 May 2002 18:22:50 -0400
DI> From: Dave Israel
DI> Then why ot boot from a CD-ROM? Sure, it moves, but only for
DI> the few minutes it takes to boot. Then it spins down and
DI> sits idle for the n days/weeks/months until the next
DI> reboot. It would probably last as long as
Then why ot boot from a CD-ROM? Sure, it moves, but only for the
few minutes it takes to boot. Then it spins down and sits idle for
the n days/weeks/months until the next reboot. It would probably
last as long as the solid state drive, and would be cheaper.
The big problem here, of course,
On Thu, May 23, 2002 at 05:47:40PM -0400, David Charlap wrote:
>
> 64/66 PCI has 4 times as much bandwidth - about 4Gbit/s. Much better
> than standard PCI, but hard to find on a PC-compatible motherboard, and
> expensive when you do find it. Enough bandwidth for 10 line-rate 100M
> Ethernet p
On Thu, 23 May 2002, E.B. Dreger wrote:
> SJS> a basic question, but the only EIDE mass-storage devices
> SJS> I've used are more traditional drives.
>
> Why not partition wisely, then mount the desired partition as
> read-only? Or I guess one _could_ mount each partition as RO...
>
> But why
On Thu, 23 May 2002, Jake Baillie wrote:
> the config changed. Which means you'd need some sort of singular
> configuration file.
>
> But I was wrong. :) He meant "read-only"
I'm just throwing ideas out there. I could boot Linux off a floppy or
a bootable CD and create a ramdisk upon bootup -
On Thu, 23 May 2002, Jason K. Schechner wrote:
> On Thu, 23 May 2002, Dan Hollis wrote:
> > On Thu, 23 May 2002, Steven J. Sobol wrote:
> > > Can you set flash drives to be write-only?
> > Why would you want to do this?
> Logging. If a h@xx0r cracks your box he can't erase anything that's
> alre
Let me elaborate. I thought Steve was concerned about the limited
writablity of flash.
My thought was to build something like a Linux router, you'd have to load
the OS into a RAMdisk (or something similar), and only write to flash when
the config changed. Which means you'd need some sort of
On Thu, 23 May 2002, Jake Baillie wrote:
> At 02:28 PM 5/23/2002 -0700, Dan wrote:
> >Why would you want to do this?
> Because flash has a limited number of writes. If you used it like a
> traditional file system, it would go kaput in no time.
And making it *write-only* as the original poster a
Vinny Abello wrote:
>>
>> First off, you're right about moving parts generally being a bad
>> thing. However, it is not always necessary to eliminate the hard
>> drive. Two drives in a RAID-0 configuration may be reliable
>> enough. Especially if the failure of a single drive sets off
>> suffic
At 02:28 PM 5/23/2002 -0700, Dan wrote:
>Why would you want to do this?
Because flash has a limited number of writes. If you used it like a
traditional file system, it would go kaput in no time.
-- jb
On Thu, 23 May 2002, Dan Hollis wrote:
> On Thu, 23 May 2002, Steven J. Sobol wrote:
> > On Thu, 23 May 2002, E.B. Dreger wrote:
> > > EIDE-based flash drives have become very inexpensive. Some
> > > embedded systems use CompactFlash boards.
> > Can you set flash drives to be write-only?
>
>
JKS> Date: Thu, 23 May 2002 17:34:29 -0400 (EDT)
JKS> From: Jason K. Schechner
JKS> > Why would you want to do this?
JKS>
JKS> Logging. If a h@xx0r cracks your box he can't erase
JKS> anything that's already been written there. Often it takes
BSD enforces append-only when running proper sec
SJS> Date: Thu, 23 May 2002 17:23:43 -0400 (EDT)
SJS> From: Steven J. Sobol
SJS> Can you set flash drives to be write-only? Sorry if this is
Depends on the drive, just like traditional HDDs.
SJS> a basic question, but the only EIDE mass-storage devices
SJS> I've used are more traditional dri
>
>
> On Thu, 23 May 2002, E.B. Dreger wrote:
>
> > EIDE-based flash drives have become very inexpensive. Some
> > embedded systems use CompactFlash boards.
>
> Can you set flash drives to be write-only? Sorry if this is a basic
> question, but the only EIDE mass-storage devices I've used a
On Thu, 23 May 2002, Steven J. Sobol wrote:
> On Thu, 23 May 2002, E.B. Dreger wrote:
> > EIDE-based flash drives have become very inexpensive. Some
> > embedded systems use CompactFlash boards.
> Can you set flash drives to be write-only?
Why would you want to do this?
-Dan
--
[-] Omae no su
On Thu, 23 May 2002, E.B. Dreger wrote:
> EIDE-based flash drives have become very inexpensive. Some
> embedded systems use CompactFlash boards.
Can you set flash drives to be write-only? Sorry if this is a basic
question, but the only EIDE mass-storage devices I've used are more
traditional
At 04:17 PM 5/23/2002 -0400, you wrote:
> > I agree with you on that. Hot swapability for various interfaces is
> > something routers obviously have over PC's.
>
>Hot swap PCI is old news.
True, but not widely implemented in the standard PC market. If you want a
server that has hot swap capabi
AR> Date: Thu, 23 May 2002 16:17:16 -0400 (Eastern Daylight Time)
AR> From: Alex Rubenstein
AR> Yes, ipfw/dummy is very very cool. Like, inducing a few 100
AR> msecs of latency to folks who don't pay on time :)
1. Oh, come on, I know you're more creative than _that_. How
about 30% packet l
On Thu, 23 May 2002, E.B. Dreger wrote:
> I'm trying to remember what "Buy It Now" was on that M20 on eBay
> the other day... IIRC, it had 4x OC3 + 4x DS3 + 4x FE.
$39,975
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=2025155277
--
Dominic J. Eidson
> I agree with you on that. Hot swapability for various interfaces is
> something routers obviously have over PC's.
Hot swap PCI is old news.
> True... unless going for 64 bit PCI at 66MHz... still it's obvious that
> routers are designed for one simple purpose and generally have larger
> bac
JC> Date: Thu, 23 May 2002 15:25:14 -0400 (EDT)
JC> From: James Cornman
JC> We've had some rather good success with FreeBSD based PC
JC> Routers. Typical setup was FreeBSD 4.x, 512mb, 20gb RAID-1,
JC> 3com Gigabit Ethernet card, Fore Systems OC3 ATM card. All
JC> this, with zebra on top. It wor
As are f5 proeducts including bigip, 3dns and hmmm they make something
else I forget:).
On Thu, 23 May 2002, Brian wrote:
> bsd kernel eh? i believe netapp filers are based on that as well.
>
> Bri
>
>
>
> On Thu, 23 May 2002, Anthony D Cennami wrote:
>
> >
> > "Not to say you can'
bsd kernel eh? i believe netapp filers are based on that as well.
Bri
On Thu, 23 May 2002, Anthony D Cennami wrote:
>
> "Not to say you can't route well with a linux or bsd system you can but
> at the high-end probably not as well."
>
> Tell that to Juniper.
>
>
>
> Scott Granados w
We've had some rather good success with PC based routers. Typical
setup was FreeBSD 4.x, 512mb, 20gb RAID-1, 3com Gigabit Ethernet card,
Fore Systems OC3 ATM card. All this, with zebra on top. It worked well for
a long time, although it turned out getting deprecated because of some
zebra issues (
ADC> Date: Thu, 23 May 2002 14:30:16 -0400
ADC> From: Anthony D Cennami
ADC> "Not to say you can't route well with a linux or bsd system
ADC> you can but at the high-end probably not as well."
ADC>
ADC> Tell that to Juniper.
Where can I buy their line cards for my PC?
--
Eddy
Brotsman & Dr
> "Not to say you can't route well with a linux or bsd system you can but
> at the high-end probably not as well."
>
> Tell that to Juniper.
routing != forwarding
routers have two jobs, both critical
randy
At 02:20 PM 5/23/2002 -0400, you wrote:
>Vinny Abello wrote:
> >
> > I would have to say for any Linux/BSD platform to be a viable
> > routing solution, you have to eliminate all moving parts or as much
> > as possible, ie. no hard drives because hard drives will fail. Not
> > much you can do abo
"Not to say you can't route well with a linux or bsd system you can but
at the high-end probably not as well."
Tell that to Juniper.
Scott Granados wrote:
> Remember that a pc may have some certain functions that are "more
> powerful" than a router but a pc is a much more general computer.
Remember that a pc may have some certain functions that are "more
powerful" than a router but a pc is a much more general computer.
Routers are supposed to be and usually designed to do one thing only,
route, not play quake, balance your check book, browse the net, etc etc.
So although for
> Good point, I also did this for cash reasons and would just buy hardware
> on the used market today. As far as OS, I was using stripped down FreeBSD.
> I started with Linux, but at the time they did not support radix trees so
> routing tables killed the box. If I HAD to do it again I would s
On Thu, 23 May 2002, Neil J. McRae wrote:
> I've done it in a production environment and unless money was
> extremely tight I wouldn't consider doing it again. You will
> save on capital expediture but you need an army of resources
> to support it. When I did it, it was on NetBSD running GateD 3
On Thu, 23 May 2002, Daryl G. Jurbala wrote:
> And that's MY real question. Who has actually done this in a production
> environment that can speak with some real experience on the topic? What
> can you replace with a linux box to route and run BGP for you in real
> life? A 7200? Bigger.
I
> And that's MY real question. Who has actually done this in a production
> environment that can speak with some real experience on the topic? What
> can you replace with a linux box to route and run BGP for you in real
> life? A 7200? Bigger.
>
> I don't have the facilities to try these thi
On Thu, 2002-05-23 at 09:26, Vinny Abello wrote:
common router. Otherwise, if you can get the functionality out of a PC, I
> say go for it! The processing power of a modern PC is far beyond any router
> I can think of. I suppose it would just be a matter of how efficient your
> kernel, TCP/IP
VA> Date: Thu, 23 May 2002 09:26:41 -0400
VA> From: Vinny Abello
VA> I would have to say for any Linux/BSD platform to be a viable
I suppose it's been awhile since this thread has made the rounds,
so I'll jump in for a moment...
VA> routing solution, you have to eliminate all moving parts or
I would have to say for any Linux/BSD platform to be a viable routing
solution, you have to eliminate all moving parts or as much as possible,
ie. no hard drives because hard drives will fail. Not much you can do about
the cooling fans in various parts of the machine though which routers also
58 matches
Mail list logo
