On 1/14/11 4:10 PM, William Herrin wrote:
On Fri, Jan 14, 2011 at 2:43 PM, Owen DeLong wrote:
Ah, but, the point here is that NAT actually serves as an enabling
technology for part of the attack he is describing.
As for strictly passive attacks, like the so-called drive by download,
it is not
> From: William Herrin
> Sent: Friday, January 14, 2011 4:11 PM
> To: nanog@nanog.org
> Subject: Re: Is NAT can provide some kind of protection?
>
> On Fri, Jan 14, 2011 at 2:43 PM, Owen DeLong wrote:
> > Ah, but, the point here is that NAT actually serves as an enabling
> > technology for par
On Fri, Jan 14, 2011 at 2:43 PM, Owen DeLong wrote:
> Ah, but, the point here is that NAT actually serves as an enabling
> technology for part of the attack he is describing.
Hi Owen,
Doug's comments on that were pretty abstract, so let me try to ground
it a little bit. He basically observed tha
On Fri, Jan 14, 2011 at 8:20 PM, Randy Bush wrote:
> i'm with jon and the static crew. brutal but simple.
Depending on how the interconnect is built, using the "permanent"
keyword along with the static route may be worth investigating also if
you want the static route to stay in place, if you wi
On 1/14/11 11:49 AM, Jack Bates wrote:
On 1/14/2011 1:43 PM, Owen DeLong wrote:
Ah, but, the point here is that NAT actually serves as an enabling
technology for part of the attack he is describing. Another example
where NAT can and is a security negative. The fact that you refuse
to acknowledge
Hi all,
Sorry for the noise, but I was wondering if anyone has a NOC or BGP
knowledgeable contact with INDOSAT Internet Network Provider
(AS4761). I have emailed the hostmaster@ email address listed in the
WHOIS contact, and tried calling the phone number listed as well
(disconnect message).
This report has been generated at Fri Jan 14 21:11:53 2011 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org for a current version of this report.
Recent Table History
Date
BGP Update Report
Interval: 06-Jan-11 -to- 13-Jan-11 (7 days)
Observation Point: BGP Peering with AS131072
TOP 20 Unstable Origin AS
Rank ASNUpds % Upds/PfxAS-Name
1 - AS18025 25153 1.9%1676.9 -- ACE-1-WIFI-AS-AP Ace-1 Wifi
Network
2 - AS32528 1
On Jan 14, 2011, at 11:03 AM, Michel de Nostredame wrote:
> On Fri, Jan 14, 2011 at 3:33 AM, Bogdan wrote:
>> allowas-in will do the trick
>
> Provided your uplink ISP does not filter out that.
Why would your upstream filter that out?
I would get a new upstream if they do.
--
TTFN,
patrick
I have 5 discrete networks across Canada using one ASN (will be down to
2 by end of year!). We accept a default (along with full tables) to
route between discrete networks. Not very elegant but gets the job done.
Eric
-Original Message-
From: Harris Hui [mailto:harris@gmail.com]
Se
On 1/14/2011 1:43 PM, Owen DeLong wrote:
Ah, but, the point here is that NAT actually serves as an enabling
technology for part of the attack he is describing. Another example
where NAT can and is a security negative. The fact that you refuse
to acknowledge these is exactly what you were accusing
On Jan 14, 2011, at 6:24 AM, William Herrin wrote:
> On Thu, Jan 13, 2011 at 11:50 PM, Douglas Otis wrote:
>> Unfortunately, a large number of web sites have been compromised, where an
>> unseen iFrame might be included in what is normally safe content. A device
>> accessing the Internet throug
haha… yeah that is not a copy and paste but rather me just typing that out.
the proper spelling in the config is being used, or the american spelling…
english is the worse language…
thanks again,
greg
On Jan 14, 2011, at 12:52 PM, Thomas Magill wrote:
> Wait...
>
> Does the router even acce
thanks Thomas, I opened a ticket with Cisco and am pestering other lists so
i'm not bothering anyone with my operational issues.
it does accept it under address-family, and doing a show bgp indicates
something is going on:
ASR1004#show bgp | inc \ \ 150\
*> 132.248.13.0/24 205.211.94.145
Wait...
Does the router even accept 'neighbour' instead of ' neighbor'?
-Original Message-
From: Greg Whynott [mailto:greg.whyn...@oicr.on.ca]
Sent: Friday, January 14, 2011 9:00 AM
To: nanog@nanog.org list
Subject: BGP route-map options
Following a few documents on how to use route-m
Try doing it under the 'address-family ipv4'?
I've never seen any version of IOS not take it.
-Original Message-
From: Greg Whynott [mailto:greg.whyn...@oicr.on.ca]
Sent: Friday, January 14, 2011 9:00 AM
To: nanog@nanog.org list
Subject: BGP route-map options
Following a few documents o
1) this is probably better posed over at cisco-nsp instead of NANOG.
2) i really hope you aren't using the canadian version of 'neighbor'
On Fri, Jan 14, 2011 at 9:59 AM, Greg Whynott wrote:
> Following a few documents on how to use route-maps to set preference of
> routes (related to my last thr
Following a few documents on how to use route-maps to set preference of routes
(related to my last thread regarding asymmetrical routing) all the ones I have
looked at today (about 6or so) use the below method to apply the route map
under the router section:
router bgp YOURAS#
neighbour x.x.x.x
On Fri, Jan 14, 2011 at 8:54 AM, Dorn Hetzel wrote:
>>
>> Randy, I know my solution was right. I don't need your blessing.
>>
>> Go fuck yourself.
>>
>>
>
> It's nice to see we've really elevated the level of discourse around here :)
yea... back to the coffee urn for me!
(sometimes folks have h
On Fri, Jan 14, 2011 at 3:33 AM, Bogdan wrote:
> On 14.01.2011 12:06, Patrick W. Gilmore wrote:
> allowas-in will do the trick
>
Provided your uplink ISP does not filter out that.
--
Michel~
I was fired from eBay several years ago for posting to NANOG trying to
help others deal with the dDoS issues of those days, nothing said was
fair for termination IMO. Using a personal account may be prudent. Now
I hardly ever even post.
On 01/12/2011 03:17 PM, Michael Hallgren wrote:
Le mer
On Thu, Jan 13, 2011 at 11:50 PM, Douglas Otis wrote:
> Unfortunately, a large number of web sites have been compromised, where an
> unseen iFrame might be included in what is normally safe content. A device
> accessing the Internet through a NATs often creates opportunities for
> unknown sources
On 1/14/2011 7:49 AM, Jon Lewis wrote:
My boss calls NANOG the Masters of the Universe conference.
Beats "Unruly kids with toys" conference. ;)
Jack
On 1/13/2011 10:50 PM, Douglas Otis wrote:
Unfortunately, a large number of web sites have been compromised, where
an unseen iFrame might be included in what is normally safe content. A
device accessing the Internet through a NATs often creates opportunities
for unknown sources to reach the devi
> My name is Joe, not jon, Randy.
congrats. but i was speaking of jon lewis.
randy
>
> Randy, I know my solution was right. I don't need your blessing.
>
> Go fuck yourself.
>
>
It's nice to see we've really elevated the level of discourse around here :)
-dorn
On Fri, 14 Jan 2011, Joe Hamelin wrote:
On Fri, Jan 14, 2011 at 1:50 AM, Randy Bush wrote:
i'm with jon and the static crew. brutal but simple.
My name is Joe, not jon, Randy.
But what can I expect from a man that used the phrase "tell him to go
fuck himself" when I put my hand out in gre
- Original Message -
> From: "Joe Hamelin"
> To: "Randy Bush" , "NANOG list"
> Sent: Friday, January 14, 2011 6:50:05 AM
> Subject: Re: Routing Suggestions
> On Fri, Jan 14, 2011 at 1:50 AM, Randy Bush wrote:
> > i'm with jon and the static crew. brutal but simple.
>
> My name is Joe,
On Fri, Jan 14, 2011 at 1:50 AM, Randy Bush wrote:
> i'm with jon and the static crew. brutal but simple.
My name is Joe, not jon, Randy.
But what can I expect from a man that used the phrase "tell him to go
fuck himself" when I put my hand out in greeting back at Atlanta NANOG
in 2001, when y
On 14.01.2011 12:06, Patrick W. Gilmore wrote:
> On Jan 14, 2011, at 4:58 AM, Harris Hui wrote:
>
>> We have an AS Number AS2 and have 2 /24 subnets belongs to this AS
>> Number. It is using in US and peering with US Service Providers now.
>>
>> We are going to deploy another site in Asia, can
On Jan 14, 2011, at 4:58 AM, Harris Hui wrote:
> We have an AS Number AS2 and have 2 /24 subnets belongs to this AS
> Number. It is using in US and peering with US Service Providers now.
>
> We are going to deploy another site in Asia, can we use the same AS Number
> AS2 and have 2 other
Hi,
We have an AS Number AS2 and have 2 /24 subnets belongs to this AS
Number. It is using in US and peering with US Service Providers now.
We are going to deploy another site in Asia, can we use the same AS Number
AS2 and have 2 other /24 subnets and peering with other Asia Service
Provi
i'm with jon and the static crew. brutal but simple.
if you want no leakage, A can filter the prefix from it's upstreams,
both can low-pref blackhole it, ...
randy
> Cruzio in Santa Cruz ...
> Their 1U offer comes with limited access to your server, only from 10AM
> to 6 PM. I find that not acceptable.
sheesh d00d, you ever been to cruz?
randy
34 matches
Mail list logo
