Fwd: Serious Cloudflare bug exposed a potpourri of secret customer data

(h/t to Richard Forno) After you're done reading the Ars Technica article excerpted and linked below, you may also want to read: Cloudflare Reverse Proxies Are Dumping Uninitialized Memory https://news.ycombinator.com/item?id=13718752 and, as background: CloudFlare, We

Re: Cellular enabled console server

Netcomm NWL‑25‑02 Verizon LTE Router paired with a DLI SS20 gives you access to 20 serial ports natively from the NWL, without the use of USB or an intermediate technology between the router, end device and LTE interface thus signifinactly reducing the potential for an LTE communications failure,

RE: Akamai Contact

Thanks, Tim! ☺ E-mail sent. Kind Regards, Shon Elliott, KK6TOO Level 3 IP/Routing/Security Network Engineer [unwired-new-logo] (559) 476-9463 – Cell (559) 261- x 129 – Office (559) 943-1025 – Direct selli...@getunwired.com

Akamai Contact

Hi NANOG, Is there anyone that has any contact information for someone in Akamai's Abuse department or if anyone from Akamai is monitoring NANOG that could get in touch with me off-list, please? Thank you. Kind Regards, Shon Elliott, KK6TOO

Weekly Routing Table Report

This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, MENOG, SAFNOG, SdNOG, BJNOG, CaribNOG and the RIPE Routing WG. Daily listings are sent to

Re: Software for network modelling / documentation / GIS

Hey, that's really interesting! I'm from Portugal, so the language isn't a problem ;) >From the overview, it seems to be more focused on the passive infra, but perhaps there may be room for developing a campus side and active equipments. I didn't find a way to access the demo, but I'll get in

Re: SHA1 collisions proven possisble

On Feb 24, 2017, at 12:04 PM, Vincent Bernat wrote: > ❦ 23 février 2017 21:16 -0500, "Patrick W. Gilmore" : > >> A couple things will make this slightly less useful for the attacker: >> 1) How many people are not going to keep a copy? Once both docs are

Re: Software for network modelling / documentation / GIS

I’ve worked with providers that use it. I don’t know the pricing details, other than the providers were spending thousands of dollars a year just for software maintenance. But these organizations had hundreds of POPs. The software vendor likely charges based on capacity. -mel > On Feb 24,

Re: Software for network modelling / documentation / GIS

There is the Giiro: http://pop-ba.rnp.br/GTGIIRO Despite the content is in Brazilian Portuguese, it may work well to use Google Translator to read the overview. The software developed was funded by the Brazilian NREN. The software is maintained by a team of research and development. Alex >

Re: SHA1 collisions proven possisble

❦ 23 février 2017 21:16 -0500, "Patrick W. Gilmore"  : > A couple things will make this slightly less useful for the attacker: > 1) How many people are not going to keep a copy? Once both docs are be > found to have the same hash, well, game over. But if a

Re: SHA1 collisions proven possisble

❦ 23 février 2017 19:28 -0500, Jon Lewis  : >>> cost! However this in no way invalidates SHA-1 or documents signed by >>> SHA-1. >> >> We negotiate a contract with terms favorable to you. You sign it (or more >> correctly, sign the SHA-1 hash of the document). >> >> I then

[NANOG-announce] NANOG 70 CFP Open

NANOG Community, The NANOG Program Committee is excited to announce that we are now accepting proposals for all sessions at NANOG 70 in Bellevue, WA, June 5-7 2017. Below is a summary of key details from the Call For Presentations on

Re: Software for network modelling / documentation / GIS

On 02/24/2017 03:52 AM, Mel Beckman wrote: > This tool is not cheap, but I believe it can handle all the physical plant > inventory and provisioning objectives you listed: > > http://synchronoss.com/wp-content/uploads/spatialNET.pdf > Judging from the description on the PDF, that does seem to be

Re: Cellular enabled console server

In a message written on Fri, Feb 24, 2017 at 10:08:52AM -0600, Ben Bartsch wrote: > NANOG - Are any of you running a console server to access your network > equipment via a serial connection at a remote site? If so, what are you > using and how much do you like it? I have a project where I need

Re: Cellular enabled console server

Hi, > NANOG - Are any of you running a console server to access your network > equipment via a serial connection at a remote site? If so, what are you > using and how much do you like it? I have a project where I need to stand > up over 100 remote sites and would like a backdoor to the console

Re: Cellular enabled console server

I use https://www.lantronix.com/products/lantronix-slb/ for small sites but that looks like overkill for what you are doing. The Lantronix SLB882 has auto transfer switching (ATS) power management with port control for remote power management. On Fri, Feb 24, 2017 at 10:08 AM, Ben Bartsch

Re: Cellular enabled console server

I have been using a Sprint 3G modem to a Mikrotik (IP stuff for my use, but you can just as easily use the serial port for your needs). I pay $10/mo for a few hundred megabytes/mo. None of the Mikrotiks have 4 console ports, but you can buy 4 of them cheap. Josh Luthman Office: 937-552-2340

Cellular enabled console server

NANOG - Are any of you running a console server to access your network equipment via a serial connection at a remote site? If so, what are you using and how much do you like it? I have a project where I need to stand up over 100 remote sites and would like a backdoor to the console just to be

Re: Software for network modelling / documentation / GIS

That actually seems nice! I tried a quick demo of the Pro version and it has a distinct DCIM-like feel. Still not sure it can place things e.g. on a floor plant but perhaps there's a way to integrate with some API. The community version does lack multiple useful features, though. I'll have to

Re: Software for network modelling / documentation / GIS

On 02/24/2017 03:58 AM, Hugo Slabbert wrote: > None of these necessarily get to your ideal state, but at least get > you going wrt discovery for semi-dynamic documentation. Thank you for the suggestions. I've used Netdisco in the past, older 1.x version. It was nice and useful. I've gone ahead

Re: SHA1 collisions proven possisble

* valdis kletnieks: > We negotiate a contract with terms favorable to you. You sign it (or more > correctly, sign the SHA-1 hash of the document). > > I then take your signed copy, take out the contract, splice in a different > version with terms favorable to me. Since the hash didn't change,

Re: SHA1 collisions proven possisble

On 23 February 2017 at 20:59, Ca By wrote: > On Thu, Feb 23, 2017 at 10:27 AM Grant Ridder > wrote: > > > Coworker passed this on to me. > > > > Looks like SHA1 hash collisions are now achievable in a reasonable time > > period > >