Re: Jenkins amplification

>>> good golly, so glad everyone's enterprise is a hard candy version of same. >>> no need for these remote workers, or discontiguous offices, or >>> 'internet centric workforces'. >> >> VPN. > > I love it when my home network gets full access to the corporate network! make things simpler and L2

EVPN multicast route (multi home case ) implementation / deployment information

Folks Wondering if there is any known implementation of EVPN multihome multicast routes which are defined in https://tools.ietf.org/html/draft-ietf-bess-evpn-igmp-mld-proxy-04 there is some change planned in NLRI , we want to make sure to have solution which does work well with existing implemen

Re: Jenkins amplification

https://en.wikipedia.org/wiki/PfSense In November 2017, a World Intellectual Property Organization panel found that Netgate, the copyright holder of pfSense, had been using the domain opnsense.com in bad faith to discredi

Re: Jenkins amplification

On Mon, Feb 3, 2020 at 2:34 PM Matt Harris wrote: > > On Mon, Feb 3, 2020 at 12:50 PM Christopher Morrow < > morrowc.li...@gmail.com> wrote: > >> >> Sorry, to be a little less flippant and a bit more productive: >> "I don't think every remote endpoint needs full access (or even some >> compromi

Re: Jenkins amplification

Jean, Do you have facts to support this claim? Signed, A happy pfSense user. On Mon, Feb 3, 2020, 12:42 PM Jean | ddostest.me via NANOG wrote: > Netgate bought Pfsense and they already started to destroy it. > > You should consider to switch to Opnsense. > > On 2020-02-03 14:34, Matt Harris

Re: Jenkins amplification

Netgate bought Pfsense and they already started to destroy it. You should consider to switch to Opnsense. On 2020-02-03 14:34, Matt Harris wrote: fSense on a VM with relatively minimal resources running your VPNs works very well

Re: Jenkins amplification

On 2/3/20 10:48 AM, Christopher Morrow wrote: Sorry, to be a little less flippant and a bit more productive: "I don't think every remote endpoint needs full access (or even some compromise based on how well you can/can't scale your VPN box's policies) access to the internal network. I think

Re: Jenkins amplification

On Mon, Feb 3, 2020 at 12:50 PM Christopher Morrow wrote: > > Sorry, to be a little less flippant and a bit more productive: > "I don't think every remote endpoint needs full access (or even some > compromise based on how well you can/can't scale your VPN box's > policies) access to the interna

Re: Jenkins amplification

On Mon, Feb 3, 2020 at 1:55 PM Sabri Berisha wrote: > > - On Feb 3, 2020, at 10:35 AM, Christopher Morrow morrowc.li...@gmail.com > wrote: > > > On Mon, Feb 3, 2020 at 1:26 PM William Herrin wrote: > > >> VPN. > > > > I love it when my home network gets full access to the corporate network!

Re: Jenkins amplification

On Mon, Feb 3, 2020 at 12:50 PM Christopher Morrow wrote: > On Mon, Feb 3, 2020 at 1:35 PM Christopher Morrow Matt Harris|CIO 816-256-5446|Direct Looking for something? Helpdesk Portal|Email Support|Billing Portal We build and deliver innovative IT solutions. > wrote: > > > > On Mon, Feb 3, 202

Re: Jenkins amplification

- On Feb 3, 2020, at 10:35 AM, Christopher Morrow morrowc.li...@gmail.com wrote: > On Mon, Feb 3, 2020 at 1:26 PM William Herrin wrote: >> VPN. > > I love it when my home network gets full access to the corporate network! Most places I've worked at issue company controlled laptops with co

Re: Jenkins amplification

On Mon, Feb 3, 2020 at 1:35 PM Christopher Morrow wrote: > > On Mon, Feb 3, 2020 at 1:26 PM William Herrin wrote: > > > > On Mon, Feb 3, 2020 at 10:24 AM Christopher Morrow > > wrote: > > > On Mon, Feb 3, 2020 at 11:45 AM Harald Koch wrote: > > > > Jenkins, like a zillion other developer-orient

Re: The curious case of 159.174.0.0/16

- On Feb 1, 2020, at 1:54 PM, Pavel Lunin plu...@plunin.net wrote: Hi Pavel, > On Wednesday, January 29, 2020 5:15 PM, Sabri Berisha > wrote: > >> I'm surprised about the lack of response from FT/DT though. > > And now multiply this by 3, because DT and ARIN are no better. I appreciate yo

Re: Jenkins amplification

On Mon, Feb 3, 2020 at 1:26 PM William Herrin wrote: > > On Mon, Feb 3, 2020 at 10:24 AM Christopher Morrow > wrote: > > On Mon, Feb 3, 2020 at 11:45 AM Harald Koch wrote: > > > Jenkins, like a zillion other developer-oriented tools, should never be > > > deployed Internet-facing. > > > Reflect

Re: Jenkins amplification

On Mon, Feb 3, 2020 at 10:24 AM Christopher Morrow wrote: > On Mon, Feb 3, 2020 at 11:45 AM Harald Koch wrote: > > Jenkins, like a zillion other developer-oriented tools, should never be > > deployed Internet-facing. > > Reflection attacks inside an enterprise are handled by HR. :) > > good goll

Re: Jenkins amplification

On Mon, Feb 3, 2020 at 11:45 AM Harald Koch wrote: > > Jenkins, like a zillion other developer-oriented tools, should never be > deployed Internet-facing. > > Reflection attacks inside an enterprise are handled by HR. :) good golly, so glad everyone's enterprise is a hard candy version of same.

RE: Starting to Drop Invalids for Customers

Lukas, CSCvc84848 Will keep you in the loop too, Lukas. Regards, Jakob. -Original Message- From: Lukas Tribus Sent: Monday, February 3, 2020 12:43 AM To: Mark Tinka ; Jakob Heitz (jheitz) Cc: nanog@nanog.org Subject: Re: Starting to Drop Invalids for Customers Hello, On Tue, 14 Jan

Re: Recommended DDoS mitigation appliance?

Hi ! I was looking around (a couple years ago) for mitigation appliances (Riorey, Arbor, F5 and so on) but the best and almost affordable solution I found was Incapsula/Imperva. https://docs.imperva.com/bundle/cloud-application-security/page/introducing/network-ddos-monitoring.htm Basically,

Re: Jenkins amplification

Jenkins, like a zillion other developer-oriented tools, should never be deployed Internet-facing. Reflection attacks inside an enterprise are handled by HR. :) -- Harald Koch c...@pobox.com

Jenkins amplification

FYI https://nvd.nist.gov/vuln/detail/CVE-2020-2100 A nice description: https://mobile.twitter.com/Foone/status/1223063275996213248 May you live in interesting times. Do not postpone a software update if Jenkins is deployed somewhere in your network. -- Töma

Re: Starting to Drop Invalids for Customers

Hello, On Tue, 14 Jan 2020 at 07:21, Mark Tinka wrote: > On 13/Jan/20 21:53, Jakob Heitz (jheitz) wrote: > > Mark, > > > > Thanks for bringing this up again. > > I remember this from nearly 3 years ago when Randy brought it up. > > A bug was filed, but it disappeared in the woodwork. > > I have