Re: Should routers send redirects by default?

On Wed, 25 Aug 2010, Stephen Stuart wrote: Once upon a time I think the question is what sensible defaults should be. In my environment we turn off proxy-arp and redirects, and it is my firm belief that this is actually what should be the default. In my opinion: A host SHOULD support list

Re: Should routers send redirects by default?

> > Forgetting all of the theoretical constructs for a moment, has anyone > > here personally encountered an operational scenario in which ICMP > > redirects solved a problem for you that you would otherwise have found > > difficult or intransigent? Without naming names, would you describe > > the

Re: Should routers send redirects by default?

On Tue, Aug 24, 2010 at 4:32 PM, William Herrin wrote: > On Fri, Aug 20, 2010 at 1:20 PM, Christopher Morrow > wrote: >> Polling a little bit here, there's an active discussion going on >> 6...@ietf about whether or not v6 routers should: >>  o be required to implement ip redirect functions (icmp

Re: aol postmaster?

On Aug 24, 2010, at 8:43 PM, Matt Kelly wrote: > If there is an AOL postmaster contact available, can you please contact me > off list? Have you tried http://postmaster.aol.com? The vast majority of the AOL Postmaster team was laid off back in January (and will be missed), so YMMV these days.

Re: Should routers send redirects by default?

On Fri, 2010-08-20 at 21:34 -0400, Brandon Ross wrote: > So far I have not heard a single compelling argument for how the > _transmittal_ of ICMP redirects can cause any signficicant harm to a > network other than what the other typical protocols that are enabled by > defualt (ping, can't frage

aol postmaster?

If there is an AOL postmaster contact available, can you please contact me off list? Thanks. -- Matt

Re: Should routers send redirects by default?

On Tue, 24 Aug 2010 13:25:01 -0700 "David W. Hankins" wrote: > On Sun, Aug 22, 2010 at 10:12:01AM +0930, Mark Smith wrote: > > o allow an IPv6 router to indicate to an end-node that the destination > > it is attempting to send to is onlink. This situation occurs when the > > router is more infor

Re: end-user ipv6 deployment and concerns about privacy

On Wed, Aug 18, 2010 at 04:41:56PM -0500, Jack Bates wrote: > prefixes to the unnumbered interface. If you use dslam level controls, > you'll most likely being using DHCPv6 TA addressing with PD on top of it, > which works well. Most of which can support quick static/dynamic > capabilities as it

Re: Should routers send redirects by default?

On Fri, Aug 20, 2010 at 1:20 PM, Christopher Morrow wrote: > Polling a little bit here, there's an active discussion going on > 6...@ietf about whether or not v6 routers should: >  o be required to implement ip redirect functions (icmpv6 redirect) >  o be sending these by default Hi Chris, If yo

Re: Should routers send redirects by default?

On Tue, Aug 24, 2010 at 01:02:49PM -0700, David W. Hankins wrote: > will ultimately be cleaned. If the destination is reused later, > Ah, I forgot to complete this thought in editing. If packets are sent to the destination later (after a cache entry is expired) the host obviously starts over as

Re: Should routers send redirects by default?

On Sun, Aug 22, 2010 at 10:12:01AM +0930, Mark Smith wrote: > o allow an IPv6 router to indicate to an end-node that the destination > it is attempting to send to is onlink. This situation occurs when the > router is more informed than the origin end-node about what prefixes > are onlink. > > Thi

Re: Should routers send redirects by default?

On Fri, Aug 20, 2010 at 07:49:43PM -0400, Ricky Beam wrote: > I think it's almost universally disabled (by default) everywhere in IPv4 > purely for security (traffic interception.) In a perfectly run network, > redirects should never be necessary, so I'd think IPv6 should avoid going > down tha

Re: on network monitoring and security - req for monitoring tools

> Hi, I'm putting together a book on security*, and wanted some expert > input onto network monitoring solutions... > > http://www.subspacefield.org/security/security_concepts.html > > Nagios, Net-SNMP, ifgraph, cacti, OpenNMS... any others? prelude, barnyard -- Kyle

Re: IPv6 PMTUD and OS-X

>> 1220? I am pretty sure the minimal IPv6 MTU is 1280 and that below it fragmentation should be handled by the medium that transports packets smaller than that Can you enlighten me >> Bill? :) Please correct me if I'm wrong, but last I heard IPv6 routers do not do fragmentation...it's up to t

RE: on network monitoring and security - req for monitoring tools

> -Original Message- > From: travis+ml-na...@subspacefield.org [mailto:travis+ml- > na...@subspacefield.org] > Sent: Saturday, August 21, 2010 2:58 PM > To: nanog@nanog.org > Subject: on network monitoring and security - req for monitoring tools > > Hi, I'm putting together a book on sec

Re: Motorola Canopy & Prizm

On Tue, Aug 24, 2010 at 11:15 AM, Matthew Welch wrote: > We use canopy and prizm at our office. Are you having AP auth issues? Over the past few days, a lot of our Subscriber Modules are no longer authenticating with Prizm. If we turn authentication off on the AP, they all immediately register.

Re: Motorola Canopy & Prizm

We use canopy and prizm at our office. Are you having AP auth issues? On Tue, Aug 24, 2010 at 9:59 AM, Chris Gotstein wrote: > May want to join the animal farm list which is a group of WISPs that run > canopy systems. > > http://www.afmug.com/the-group > > > On 8/24/2010 9:44 AM, Alan Bryant wr

Re: Real ops talking to future ops

On 8/23/2010 6:39 PM, John Kristoff wrote: A few classes ago I had a student tell me they had an instructor spend two full classes (out of 10) on Token Ring. There's a serious need to cover such a construct, but also to introduce it in the context of modern systems: Probably none of w

Re: Motorola Canopy & Prizm

May want to join the animal farm list which is a group of WISPs that run canopy systems. http://www.afmug.com/the-group On 8/24/2010 9:44 AM, Alan Bryant wrote: I'm looking for some help with Motorola's Prizm software which is used for provisioning of subscriber modules with their Canopy wirel

Motorola Canopy & Prizm

I'm looking for some help with Motorola's Prizm software which is used for provisioning of subscriber modules with their Canopy wireless products. We are having some issues with authentication of some customer's and I believe it to be related to the management software (Prizm). Is there anyone on

Re: Real ops talking to future ops

> It is just me that found the location "Loop Campus" amusing in this context? > > Thanks, > > John > > -- David Freedman Group Network Engineering Claranet Group

Re: Tagged vlan inside isolated pvlan

>sfou...@shortestpathfirst.net wrote: >> Hello, >> >> I have a catalyst 6503 with sup32 and was trying to set a tagged vlan >> inside a pvlan. Basically I wanna have the behavior of: >> >> switchport mode access >> switchport access vlan 101 >> switchport protected. >> >> So that other machines c

Re: Real ops talking to future ops

On Tue, 24 Aug 2010 10:33:28 +0100 (BST) Jethro R Binks wrote: > Maybe there's hope for you yet: > > http://fcotr.org/ Hah, I am not available! :-) Someone else sent me that too. Everything old is new again. I'll see their FCoTR and raise them one EtherRing spec:

Re: Real ops talking to future ops

On Mon, 23 Aug 2010, John Kristoff wrote: > On Mon, 23 Aug 2010 20:17:53 -0400 > ML wrote: > > > I'm just as surprised as you are. They left out AppleTalk. > > A few classes ago I had a student tell me they had an instructor spend > two full classes (out of 10) on Token Ring. I think Token R

Re: (cisco, or any) acl *reducers* out there?

Maybe FLINT? http://www.matasano.com/playbook/flint Never tried it so feedback is welcome... :-) /bs On Wed, Aug 18, 2010 at 5:38 PM, George Michaelson wrote: > I have been looking at acl management s/w in the freecode space and I can > find lots of tools which manage/distribute and test ACLs