On 11/22/11 8:16 AM, Jay Ashworth wrote:
> - Original Message -
>> From: "Owen DeLong"
>
>> As in all cases, additional flexibility results in additional ability
>> to make mistakes. Simple mechanical lockouts do not scale to the
>> modern world. The benefits of these additional capabilit
"There is no evidence to support claims made in initial reports -- which were
based on raw, unconfirmed data and subsequently leaked to the
media."
http://jeffreycarr.blogspot.com/2011/11/latest-fbi-statement-on-alleged.html
From what I'm seeing and
hearing is the report by the fusion centr
On Nov 22, 2011, at 8:08 58PM, Steven Bellovin wrote:
They do state categorically that "After detailed analysis, DHS and the
FBI have found no evidence of a cyber intrusion into the SCADA system of
the Curran-Gardner Public Water District in Springfield, Illinois."
I'm waiting to see Joe Weiss'
Note to self. When my opc/modbus code goes to hell and wipes out an
hvac unit; blame cyber terrorists, crappy vendors, and provide a random
shady ip address.
This was sad when it was possibly an unprotected network, with poor
password procedures, horrible protection code in the logics, etc et
Like any of the decades largest breaches this could have been avoided by
following BCP's. In addition SCADA networks are easily protected via
behavioral and signature based security technologies.
Steven Bellovin wrote:
>
>On Nov 22, 2011, at 8:08 58PM, Steven Bellovin wrote:
>
>>
>> On Nov
- Original Message -
> From: "Jimmy Hess"
> So you have 3 circuits, and any one circuit can detect the most
> severe potential failure of any pair of the other circuits.
Just so. Byzantine monitoring, just like a Byzantine clock.
Cheers,
-- jra
--
Jay R. Ashworth Bayl
On Tue, Nov 22, 2011 at 5:23 PM, Brett Frankenberger
wrote:
> On Tue, Nov 22, 2011 at 06:14:54PM -0500, Jay Ashworth wrote:
> in a manner that removes voltage from the relays). It doesn't protect
> against the case of conflicting output from the controller which the
> conflict monitor fails to de
On Nov 22, 2011, at 8:08 58PM, Steven Bellovin wrote:
>
> On Nov 22, 2011, at 7:51 59PM, valdis.kletni...@vt.edu wrote:
>
>> On Tue, 22 Nov 2011 13:32:23 -1000, Michael Painter said:
>>
http://jeffreycarr.blogspot.com/2011/11/latest-fbi-statement-on-alleged.html
>>
>>> And "In addition,
On Nov 22, 2011, at 7:51 59PM, valdis.kletni...@vt.edu wrote:
> On Tue, 22 Nov 2011 13:32:23 -1000, Michael Painter said:
>
>>> http://jeffreycarr.blogspot.com/2011/11/latest-fbi-statement-on-alleged.html
>
>> And "In addition, DHS and FBI have concluded that there was no malicious
>> traffic
On Tue, 22 Nov 2011 13:32:23 -1000, Michael Painter said:
> > http://jeffreycarr.blogspot.com/2011/11/latest-fbi-statement-on-alleged.html
> And "In addition, DHS and FBI have concluded that there was no malicious
> traffic from Russia or any foreign entities, as
> previously reported."
It's i
This might be of interest to those wishing to dive deeper into the subject.
Telecommunications Handbook for Transportation Professionals: The Basics of
Telecommunications by the Federal Highway Administration.
http://ops.fhwa.dot.gov/publications/telecomm_handbook/
I'm still digging through it t
andrew.wallace wrote:
Here is the latest folks,
"DHS and the FBI have found no evidence of a cyber intrusion into the SCADA system
in Springfield, Illinois."
http://jeffreycarr.blogspot.com/2011/11/latest-fbi-statement-on-alleged.html
Andrew
And "In addition, DHS and FBI have concluded that
On Tue, Nov 22, 2011 at 06:14:54PM -0500, Jay Ashworth wrote:
> - Original Message -
> > From: "Matthew Kaufman"
>
> > Indeed. All solid-state controllers, microprocessor or not, are required
> > to have a completely independent conflict monitor that watches the
> > actual HV outputs to t
- Original Message -
> From: "Matthew Kaufman"
> Indeed. All solid-state controllers, microprocessor or not, are required
> to have a completely independent conflict monitor that watches the
> actual HV outputs to the lamps and, in the event of a fault, uses
> electromechanical relays to
Steven Bellovin wrote:
On Nov 21, 2011, at 4:30 PM, Mark Radabaugh wrote:
Probably nowhere near that sophisticated. More like somebody owned the PC running Windows 98 being used as an
operator
interface to the control system. Then they started poking buttons on the
pretty screen.
Somew
Here is the latest folks,
"DHS and the FBI have found no evidence of a cyber intrusion into the SCADA
system in Springfield, Illinois."
http://jeffreycarr.blogspot.com/2011/11/latest-fbi-statement-on-alleged.html
Andrew
On 11/22/2011 5:59 AM, Brett Frankenberger wrote:
The typical implementation in a modern controller is to have a
separate conflict monitor unit that will detect when conflicting
greens (for example) are displayed, and trigger a (also separate)
flasher unit that will cause the signal to display
Anyone using Net Brain? Just curious what you think
Barry Jones - CISSP GSNA
P please don't print this e-mail unless you really need to.
I could look though our customer list and show over 2,000 networks being
ran by RouterOS from small networks running 20-50 meg all the way up to
networks running 10GigE BGP feeds. We just turned up a location
running 4 BGP GigE feeds in a single router.
On Tue, Nov 22, 2011 at 02:26:34PM -0500, Jay Ashworth wrote:
>
> > Some other things to consider.
> >
> > Relays are more likely to fail. Yes, the relay architecture was
> > carefully designed such that the most failures would not result in
> > conflicting greens,
>
> My understanding was that
*** *** right. *** like * ** to ** *** what *** * ***
** **.
:)
--
Brielle
(sent from my phone)
On Nov 22, 2011, at 1:30 PM, valdis.kletni...@vt.edu wrote:
> On Tue, 22 Nov 2011 10:43:35 PST, Owen DeLong said:
>
>>> Not sure why you'd blame Microsoft. HTTP{,S} i
On Nov 22, 2011, at 12:30 PM, valdis.kletni...@vt.edu wrote:
> On Tue, 22 Nov 2011 10:43:35 PST, Owen DeLong said:
>
>>> Not sure why you'd blame Microsoft. HTTP{,S} is increasingly looking to be
>>> the real IPng.
>
>> Perhaps because they have done more than any other vendor to
>> enable/en
>
>> but that's not the only risk. When the traffic
>> signal is failing, even if it's failing with dark or red in every
>> direction, the intersection becomes more dangerous. Not as dangerous
>> as conflicting greens,
>
> By 2 or 3 orders of magnitude, usually; the second th
On Tue, 22 Nov 2011 10:43:35 PST, Owen DeLong said:
> > Not sure why you'd blame Microsoft. HTTP{,S} is increasingly looking to be
> > the real IPng.
> Perhaps because they have done more than any other vendor to enable/encourage
> this trend?
Actually, I'd nominate the creator of the PIX fire
We use a lot of Mikrotik in our network. They are fantastic little routers
as long as you remember that they are not Cisco/Juniper/whatever. In other
words, you pay a few hundred bucks, you get something worth at least that
much. But don't put it head to head against a $10k router.
Suppor
On Tue, Nov 22, 2011 at 02:26:34PM -0500, Jay Ashworth wrote:
>
> Yes, but the complexity of a computerized controller is 3-6 orders of
> magnitude higher, *and none of it is visible*
You can't see the electrons in the relays either.
> > Some other things to consider.
> >
> > Relays are more li
Leigh Porter writes:
> Has anybody had experience of mikrotik support? Is it any good? Any
> thoughts about the time to fix bugs?
I have dealt with Mikrotik support. They were easily comparable to
[CJ]TAC. Which is to say "guy was pleasant and courteous, I could
tell through the language barr
ecom
On 11/22/2011 10:38 AM, Deric Kwok wrote:
Hi
Can I know any selection of Linux routers except cisco / juniper?
They are reliable and have good support provided
We would like to get one for testing.
Thank you
__ Information from ESET NOD32 Antivirus, version of virus
signature
Deploy RANCID?
On Tue, Nov 22, 2011 at 1:35 PM, Jon Heise wrote:
> Does anyone know of a method of automating config backups for force10
> switches running SFTOS ? I've got an python expect script that works on our
> routers running FTOS, it uses a role account that can show the running
> config
Does anyone know of a method of automating config backups for force10
switches running SFTOS ? I've got an python expect script that works on our
routers running FTOS, it uses a role account that can show the running
configs without having to use the enable password. i could expand the
script to u
> Relay logic has the potential for programming (i.e. wiring) errors
> also.
Yes, but the complexity of a computerized controller is 3-6 orders of
magnitude higher, *and none of it is visible*
> It's not fair to compare "conflict monitor" to "properly programmed
> relay logic". We either have to
Having worked with approx 10-15 units of RouterBoards, I cannot say
that I have see this issue.
Could it be some sort of a software bug ? we typically update the
mikrotik OS and Firmware before we deploy.
Faisal Imtiaz
Snappy Internet& Telecom
On 11/22/2011 1:58 PM, Thomas York wrote:
I
On Tue, Nov 22, 2011 at 11:16:54AM -0500, Jay Ashworth wrote:
> - Original Message -
> > From: "Owen DeLong"
>
> > As in all cases, additional flexibility results in additional
> > ability to make mistakes. Simple mechanical lockouts do not scale
> > to the modern world. The benefits of
I've had one major, glaring issue with RouterBoard/Mikrotik. Quite often, I
will configure a new router/AP/whatever Mikrotik device and it simply will
not work. The config is correct, but the device just won't work properly
(sometimes it won't pass data, it won't bridge correctly, VLAN membership
i
>
>>> 3) If you write an application using anything other than UDP or TCP, it
>>> won't work on most networks (with some minor exceptions for PPTP and IPSEC,
>>> which work sometimes).
>> This hasn't been my experience unless you're behind some form of NAT. Yes,
>> it is well known that NAT bre
One missing feature in MikroTik is IS-IS.
--
Eduardo Schoedler
> -Mensagem original-
> De: Eduardo Schoedler [mailto:lis...@esds.com.br]
> Enviada em: terça-feira, 22 de novembro de 2011 15:04
> Para: 'Meftah Tayeb'; 'Leigh Porter'; fai...@snappydsl.net
> Cc: 'nanog list'
> Assunto: RES
Owen DeLong naively wrote:
>
> On Nov 22, 2011, at 7:38 AM, Joel Maslak wrote:
>
> > On Nov 22, 2011, at 8:05 AM, Ray Soucy wrote:
> >
> >> As long as a static allocation can be billed as a premium service,
> >> most providers will unfortunately do it.
> >
> > Exactly. ISPs are in business to
On Mon, Nov 21, 2011 at 2:12 PM, Keegan Holley
wrote:
> 2011/11/21
>> On Sun, 20 Nov 2011 21:40:08 EST, Tyler Haske said:
>>
>> > I'm looking for a mentor who can help me focus my career so eventually I
>> > wind up working at one of the Tier I ISPs as a senior tech. I want to
>> > handle the big
On Nov 22, 2011, at 8:19 AM, Owen DeLong wrote:
>> Exactly. ISPs are in business to make as much money as they can - go figure.
> How do you make more money by refusing to meet customer requests?
Not rocket science. The vast majority of customers fall into a small number of
categories. You make
On Nov 22, 2011, at 9:09 AM, James Jones wrote:
> On Tue, Nov 22, 2011 at 10:43 AM, lorddoskias wrote:
>
>> On 11/22/2011 3:38 PM, Deric Kwok wrote:
>>
>>> Hi
>>>
>>> Can I know any selection of Linux routers except cisco / juniper?
>>>
>>> They are reliable and have good support provided
>
On Tue, Nov 22, 2011 at 10:43 AM, lorddoskias wrote:
> On 11/22/2011 3:38 PM, Deric Kwok wrote:
>
>> Hi
>>
>> Can I know any selection of Linux routers except cisco / juniper?
>>
>> They are reliable and have good support provided
>>
>> We would like to get one for testing.
>>
>> Thank you
>>
>>
On 22/11/2011 3:06pm, Julien Gormotte wrote:
> Le Tue, 22 Nov 2011 14:59:13 -0200,
> "Eduardo Schoedler" a écrit :
>
> > On 22/11/2011 1:39pm, Deric Kwok wrote:
> > > Can I know any selection of Linux routers except cisco / juniper?
> >
> > I prefer Freebsd.
> > Take a look on BSDRP (BSD Route Pr
Le Tue, 22 Nov 2011 14:59:13 -0200,
"Eduardo Schoedler" a écrit :
> On 22/11/2011 1:39pm, Deric Kwok wrote:
> > Can I know any selection of Linux routers except cisco / juniper?
>
> I prefer Freebsd.
> Take a look on BSDRP (BSD Route Project).
> http://bsdrp.net/
The problem with this is to fin
One important feature for me is MPLS/VPLS support.
+1 MikroTik
--
Eduardo Schoedler
> -Mensagem original-
> De: Meftah Tayeb [mailto:tayeb.mef...@gmail.com]
> Enviada em: segunda-feira, 21 de novembro de 2011 12:26
> Para: Leigh Porter; fai...@snappydsl.net
> Cc: nanog list
> Assunto: R
.
>>
>> Thank you
>>
>>
>>
>> __ Information from ESET NOD32 Antivirus, version of virus
>> signature database 6651 (2022) __
>>
>> The message was checked by ESET NOD32 Antivirus.
>>
>> http://www.eset.com
>>
On 22/11/2011 1:39pm, Deric Kwok wrote:
> Can I know any selection of Linux routers except cisco / juniper?
I prefer Freebsd.
Take a look on BSDRP (BSD Route Project).
http://bsdrp.net/
--
Eduardo Schoedler
On Nov 22, 2011, at 8:36 AM, valdis.kletni...@vt.edu wrote:
> On Tue, 22 Nov 2011 08:19:25 PST, Owen DeLong said:
>> On Nov 22, 2011, at 7:38 AM, Joel Maslak wrote:
>>> Exactly. ISPs are in business to make as much money as they can - go
>>> figure.
>>
>> How do you make more money by refusing
On Tue, Nov 22, 2011 at 11:36 AM, wrote:
> A number of providers seem to be doing just fine with that business model
> over> on the IPv4 side of the fence. And since they're usually a
> near-monopoly in> their service area, angry customers aren't likely to
> actually vote with their> wallets.
>> 3) If you write an application using anything other than UDP or TCP,
>> it won't work on most networks (with some minor exceptions for PPTP
>> and IPSEC, which work sometimes).
>
> This hasn't been my experience unless you're behind some form of NAT.
> Yes, it is well known that NAT breaks most
On Tue, 22 Nov 2011 08:19:25 PST, Owen DeLong said:
> On Nov 22, 2011, at 7:38 AM, Joel Maslak wrote:
> > Exactly. ISPs are in business to make as much money as they can - go
> > figure.
>
> How do you make more money by refusing to meet customer requests?
>
> I could understand how it MIGHT make
On Nov 22, 2011, at 7:38 AM, Joel Maslak wrote:
> On Nov 22, 2011, at 8:05 AM, Ray Soucy wrote:
>
>> As long as a static allocation can be billed as a premium service,
>> most providers will unfortunately do it.
>
> Exactly. ISPs are in business to make as much money as they can - go figure.
- Original Message -
> From: "Owen DeLong"
> As in all cases, additional flexibility results in additional ability
> to make mistakes. Simple mechanical lockouts do not scale to the
> modern world. The benefits of these additional capabilities far
> outweigh the perceived risks of program
On 22 Nov 2011, at 13:38, Joel Maslak wrote:
> 1) Not having IPv6 at all. I expect to get it on my DSL in about 10 years or
> so when the equipment my line on is old enough to be replaced under a 15 or
> 20 year replacement cycle.
>
> 2) Bandwidth caps probably affect people a lot more than
Worst case, you can always get an IPv6 static /48 from at least one provider
without any additional cost.
Owen
On Nov 22, 2011, at 7:05 AM, Ray Soucy wrote:
> On Mon, Nov 21, 2011 at 10:21 AM, Seth Mos wrote:
>
>> What is bewildering to me is that each time the system establishes a new
>> PPPo
______
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> __
>
&
loud service.
For more information please visit http://www.symanteccloud.com
__
__ Information from ESET NOD32 Antivirus, version of virus signature
database 6651 (2022) __
The message was checked by ESET NOD
cept cisco / juniper?
They are reliable and have good support provided
We would like to get one for testing.
Thank you
__ Information from ESET NOD32 Antivirus, version of virus
signature database 6651 (2022) __
The message was checked by ESET NOD32 Antivirus.
Has anybody had experience of mikrotik support? Is it any good? Any thoughts
about the time to fix bugs?
--
Leigh
On 22 Nov 2011, at 15:57, "Faisal Imtiaz" wrote:
> mikrotik family .. you can have all sizes and shapes of routers ..
> lots of support available online or from independent consu
Hello,
On 11/21/11 16:21, Seth Mos wrote:
> Hello List,
>
> As a pfSense developer I recently ran into a test system that (actually)
> gets a IPv6 prefix from it's ISP. (Hurrah).
>
> What is bewildering to me is that each time the system establishes a new
> PPPoE session to the ISP they assign
mikrotik family .. you can have all sizes and shapes of routers ..
lots of support available online or from independent consultants.
Regards.
Faisal Imtiaz
Snappy Internet& Telecom
On 11/22/2011 10:38 AM, Deric Kwok wrote:
Hi
Can I know any selection of Linux routers except cisco / juniper?
http://imagestream.com
On 11/22/11 9:38 AM, Deric Kwok wrote:
> Hi
>
> Can I know any selection of Linux routers except cisco / juniper?
>
> They are reliable and have good support provided
>
> We would like to get one for testing.
>
> Thank you
>
On 11/22/2011 3:38 PM, Deric Kwok wrote:
Hi
Can I know any selection of Linux routers except cisco / juniper?
They are reliable and have good support provided
We would like to get one for testing.
Thank you
http://www.vyatta.com/ might be worth checking.
Brocade have some reasonable boxes.
--
Leigh Porter
On 22 Nov 2011, at 15:40, "Deric Kwok" wrote:
> Hi
>
> Can I know any selection of Linux routers except cisco / juniper?
>
> They are reliable and have good support provided
>
> We would like to get one for testing.
>
> Thank you
>
>
Hello,
I am looking for a proprietary $subj, a la ziproxy [1]. Caching is not the main
concern
(well, I wouldn't mind it caching compressed JPEGs). Mobile telco people should
probably know a few vendors. Thanks!
[1] http://ziproxy.sourceforge.net
--
PacketDam: a cost-effective
software solution
Hi
Can I know any selection of Linux routers except cisco / juniper?
They are reliable and have good support provided
We would like to get one for testing.
Thank you
On Nov 22, 2011, at 8:05 AM, Ray Soucy wrote:
> As long as a static allocation can be billed as a premium service,
> most providers will unfortunately do it.
Exactly. ISPs are in business to make as much money as they can - go figure.
For myself, having a static IP is the least of my concerns
On Tue, Nov 22, 2011 at 10:16:56AM -0500, Jay Ashworth wrote:
> - Original Message -
> > From: "Brett Frankenberger"
>
> > The typical implementation in a modern controller is to have a separate
> > conflict monitor unit that will detect when conflicting greens (for
> > example) are displ
- Original Message -
> From: "Brett Frankenberger"
> The typical implementation in a modern controller is to have a separate
> conflict monitor unit that will detect when conflicting greens (for
> example) are displayed, and trigger a (also separate) flasher unit that
> will cause the sig
On Mon, Nov 21, 2011 at 10:21 AM, Seth Mos wrote:
> What is bewildering to me is that each time the system establishes a new
> PPPoE session to the ISP they assign a different IPv6 prefix via
> delegation together with a differing IPv4 address for the WAN.
> Is this going to be forward for other
On Mon, Nov 21, 2011 at 11:16:14PM -0500, Jay Ashworth wrote:
>
> Precisely. THe case in point example these days is traffic light
> controllers.
>
> I know from traffic light controllers; when I was a kid, that was my dad's
> beat for the City of Boston. Being a geeky kid, I drilled the guys i
On Mon, 21 Nov 2011 14:24:48 PST, "andrew.wallace" said:
> If NSA had no signals information prior to the attack, this should be a wake
> up call for the industry.
Actually, it should be a wake up call whether or not NSA had signals
information. However, it's pretty obvious that the entire SCADA
Scott's point is very true! Motivation will help you go very far,
much farther than certs/knowledge alone. As a soon to be
college-grad, be ready for the initial disappointment, :-), even
though you'll have your CCNP, you have no real experience, so you'll
start at the entry level. That's not a
On Monday 21 Nov 2011 20:27:55 Owen DeLong wrote:
> I suspect that mDNS/Rendezvous will become much more widespread in
> the IPv6 household and will become the primary service discovery
> mechanism. It actually works quite well and is relatively resilient to
> either frequent renumbering or the il
Nathan Eisenberg writes:
> What does Joe Sixpack do at home with a /48 that he cannot do with a
> /56 or a /60?
What does Joe's ISPack save the missing bits for?
Bjørn
74 matches
Mail list logo
