Re: [NANOG] 10GE router resource

2008-05-18 Thread Henning Brauer
* Aaron Glenn <[EMAIL PROTECTED]> [2008-03-26 03:14]: > > On Tue, Mar 25, 2008 at 6:15 PM, Patrick Clochesy <[EMAIL PROTECTED]> wrote: > > Very interesting study I had not seen, and a bummer. That really puts a > > cramp in my advocation of our CARP+pf load balancers/firewalls/gateways. > > Than a

Re: [NANOG] 10GE router resource

2008-05-18 Thread Henning Brauer
* Patrick Clochesy <[EMAIL PROTECTED]> [2008-03-26 02:26]: > I also had to switch to OpenBSD congrats > AFAIK pf/forwarding only takes place on one core and wouldn't take > advantage of the other 3 cores, correct? for the moment, yes. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] B

Re: [NANOG] IOS rootkits

2008-05-18 Thread Suresh Ramasubramanian
On Mon, May 19, 2008 at 2:03 AM, Dragos Ruiu <[EMAIL PROTECTED]> wrote: > So in my opinion the benefits of discussing serious issues at conferences > far outweigh the potential drawbacks of misguided media coverage of them. > What I infer from your post is that you are of the opinion that issues su

Re: [NANOG] IOS rootkits

2008-05-18 Thread Marc Manthey
> > http://eusecwest.com/sebastian-muniz-da-ios-rootkit.html its worth a digg... regards -- "Use your imagination not to scare yourself to death but to inspire yourself to life." Les enfants teribbles - research and deployment Marc Manthey - head of

Re: [NANOG] IOS rootkits

2008-05-18 Thread Gadi Evron
On Sun, 18 May 2008, Joel Jaeggli wrote: >> >> The result from your check can easily be modified, first thing I would have >> changed is the checker. > > That is a normal thing to do with rootkits (return bogus results). Which is > part of the reason I suggested that method I did. Short of pulli

Re: [NANOG] IOS rootkits

2008-05-18 Thread Joel Jaeggli
Gadi Evron wrote: > On Sun, 18 May 2008, Joel Jaeggli wrote: >> Dragos Ruiu wrote: >> >>> First of all about prevention, I'm not at all sure about this being >>> covered by existing router security planning / BCP. >>> I don't believe most operators reflash their routers periodically, nor >>> check

Re: [NANOG] IOS rootkits

2008-05-18 Thread Gadi Evron
On Sun, 18 May 2008, Joel Jaeggli wrote: > Dragos Ruiu wrote: > >> First of all about prevention, I'm not at all sure about this being >> covered by existing router security planning / BCP. >> I don't believe most operators reflash their routers periodically, nor >> check existing images (particula

Re: [NANOG] IOS rootkits

2008-05-18 Thread Mark Smith
On Sun, 18 May 2008 13:33:53 -0700 Dragos Ruiu <[EMAIL PROTECTED]> wrote: > > On 18-May-08, at 7:11 AM, Suresh Ramasubramanian wrote: > > 2. It can be prevented by what's widely regarded as BCP on router > > security, and has been covered at *nog, in cisco training material, > > etc etc for quite

Re: [NANOG] IOS rootkits

2008-05-18 Thread Joel Jaeggli
Dragos Ruiu wrote: > First of all about prevention, I'm not at all sure about this being > covered by existing router security planning / BCP. > I don't believe most operators reflash their routers periodically, nor > check existing images (particularly because the tools for this > integrity

Re: [NANOG] IOS rootkits

2008-05-18 Thread Dragos Ruiu
On 18-May-08, at 7:11 AM, Suresh Ramasubramanian wrote: > 2. It can be prevented by what's widely regarded as BCP on router > security, and has been covered at *nog, in cisco training material, > etc etc for quite some time now. > > I am much less concerned about security conferences discussing th

Re: [NANOG] IOS rootkits

2008-05-18 Thread Gadi Evron
On Sun, 18 May 2008, Suresh Ramasubramanian wrote: > Let's put it this way. > > 1. Yes there's nothing to patch, as such > > 2. It can be prevented by what's widely regarded as BCP on router > security, and has been covered at *nog, in cisco training material, > etc etc for quite some time now. > >

Re: [NANOG] IOS rootkits

2008-05-18 Thread Gadi Evron
On Sun, 18 May 2008, Dragos Ruiu wrote: > > On 17-May-08, at 3:12 AM, Suresh Ramasubramanian wrote: > >> On Sat, May 17, 2008 at 12:47 PM, Matthew Moyle-Croft >> <[EMAIL PROTECTED]> wrote: >>> If the way of running this isn't out in the wild and it's actually >>> dangerous then a pox on anyone who

Re: [NANOG] US DoD receives chunked IPv6 /13 (14x /22 but not totally consecutive)

2008-05-18 Thread Pekka Savola
On Fri, 16 May 2008, Colin Alston wrote: > On 16/05/2008 20:15 Christopher LILJENSTOLPE wrote: >> My guess is that they don't want to be tied to only announcing a >> single /13. Each of those organizations is bigger than a lot of >> service providers out there... > > Since when do you have to

Re: [NANOG] IOS rootkits

2008-05-18 Thread Suresh Ramasubramanian
Let's put it this way. 1. Yes there's nothing to patch, as such 2. It can be prevented by what's widely regarded as BCP on router security, and has been covered at *nog, in cisco training material, etc etc for quite some time now. I am much less concerned about security conferences discussing th

Re: [NANOG] IOS rootkits

2008-05-18 Thread Dragos Ruiu
On 17-May-08, at 3:12 AM, Suresh Ramasubramanian wrote: > On Sat, May 17, 2008 at 12:47 PM, Matthew Moyle-Croft > <[EMAIL PROTECTED]> wrote: >> If the way of running this isn't out in the wild and it's actually >> dangerous then a pox on anyone who releases it, especially to gain >> publicity at

[NANOG] Routing Tools BOF at NANOG tuesday June 3rd

2008-05-18 Thread Joel Jaeggli
We've got some interesting material already lined up that should be appearing on the agenda shortly. I wonder however if there's anyone in the community interested in discussing their personal operational experience with tools for black-hole automation, or prefix hijacking detection? I'm sur