let's hope that this action didn't harm anyone - particularly a
vulnerable person who might have an emergency system using IP to send
alerts
On Mon, 3 Jun 2024 at 01:22, Josh Luthman wrote:
>
> >And then when it became clear that the issue wasn't being addressed, they
> >forcibly turned off
> We operate over 1000 switches in our data centers, and hardware failures that
> require a switch swap are common enough where the speed of swap starts to
> matter to some extent. We probably swap a switch or two a month.
having operated a network of over 2000 switches, where we would see
not just how it handles IPv4 - these things don't even do proper WiFi
- meaning no happy joy for lots of students on campus where 802.1X
wifi is provisioned
alan
hi,
> Go ahead and read your v4 address over the phone and then do the same with
> your v6 address. Which is easier? I do understand all about these addresses
> both being binary underneath ( I've been doing this for over 30 years now).
> However it is much easier to communicate using four
hi,
the old UK reverse name notation actually comes from some sensible
ideas - firstly from the big-endian processing methods - but also the
most important part of the address
comes first - ideal for global routing decisions early. who cares
about the actual hostname , get to the actual TLD ;-)
hi,
have seen and suffered from same. nearby strikes can cause enough
surge to fry things. best solution - air-gaps where possible between
devices (eg fibre to link switches), surge protectors on ethernet
cables where needed (eg feeds from Access points) - and if the APs
have external antennae
hi,
do you have any of the WLC settings on such as dynamic power
assignment (which allows the controller to work out neighbour cell
coverage
and reduce the signal to stop much overlap). which 5GHz channels are
being used - if you're using those in DFS space then RADAR detection
means that DAC
hi,
use Direct Access PAC file for clients to get the right endpoints.
Apply QoS to that traffic - and use that same PAC file to feed the IP
ranges into your QoS
rules on the firewall/router ?
alan
On Mon, 8 Jul 2019 at 17:15, Joe Yabuki wrote:
>
> Hi all,
>
> How do you deal with QoS for
hi,
> Just ran into packetstream.io:
Had a quick look but doesn't seem to mention Blockchain at all -
therefore it can't be that good! ;-)
alan
when i was last on a proper working multicast-enabled UK university
network, could pick up the BBC streams (TV and radio) using VLC :)
alan
hi,
another prediction would be that your internet connection (and most devices
in house) connected by 5G - maybe with some local
WiFi - 802.11ax - if theres still spectrum left after the LTE groups have
taken it all for aforementioned 5G purposes...
legacy devices, still around for another
as already said - this can be covered with adequate processes and
management (even so far as, not doing your job right? time
for HR...). however, there are many ways to ensure that random ports arent
doing anything other than what they should be doing - most of these
are L2 security features -
real ones send such formulae as LaTeX attachments - where their recipients
can have a simple plugin to view/display it inline (then save to
edit/modify etc).
HTML is horrible for formula...but at least I guess a little better than MS
Word.
alan
hi,
thank-you Dario for your input and response from Cisco PSIRT - very
useful and welcome.
alan
+1 for the APC kit :)
alan
https://www.theregister.co.uk/2018/04/26/hyperoptics_zte_routers/
yet another ZTE issue . :(
alan
thats probably a key part of the experiment - to find locations and
systems where 1.1.1.1 is trashed.
it should be routable and its about time that vendors stopped messing
around in that space - hopefully this is
one of the sticks that prods people to start to behave - at which
point 1.0.0.0/8
exactly.
intercept/inject? why. an ISP can just run its own standard DNS
servers on 8.8.8.8 and 8.8.4.4 and point
their customers to those - they own their routing space, they can just
route to those locallyso anyone thinking they
can avoid their ISP by choosing some other addresses are
Scout Aircheck G2 is quite nifty - but a lot of tools out there are
only just a little bit above what you can do with a decent Android
phone (one with 802.11a/b/g/n/ac chipset) and
WiFiAnalyzer ! :)
alan
if you're already slurping the commercial koolaid (support contracts,
someone to blame etc etc) - then Aruba Clearpass?
(otherwise local homebrew with FreeRADIUS core or PacketFence as
FOSSOTS ;-) )
alan
Commercial, or free? For commercial route explorer should do the job, for
free, run eg quagga or such with relevant actions on logs.
alan
i'm sure theres plenty of aerial in europe. usually carried on e.g.
the top messenger cable on pylons - given i've attended talks about
the issues of fixing such fibre after storms in Scotland :)
On 1 September 2017 at 20:52, Rod Beck wrote:
> I don't think
Yes. But don’t just put in coordinates... Put in other details and use a
standard separator
alan
Hi,
Hi,
>Put it another way: you bring home a NEST and the first thing you the
>expert might do is read the net to figure out which ports to open. Are
>you really going to not open those ports?
Put onto its own isolated vlan with only internet access. Unfortunately no
basic routers that are
Hi,
>At which point the 3GS was almost 5 years old (having originally been
>released in June 2009) and had been already superseded by the iPhone 4,
>4S, 5 and 5S/5C.
But the release of and presence of those phones does not make the older phone
suddenly stop working. As noted, the phone might
hi,
>From: NANOG on behalf of Mike Hammett
>
>Sent: 27 September 2016 16:30
>Cc: nanog@nanog.org
>Subject: Re: Krebs on Security booted off Akamai network after DDoS attack
>proves pricey
>
>You must not support end users.
haha...i read that wrong.
>“Unfortunately because it was human >error we weren’t prepared for it,”
>Holmes said.
"But it's elementary!" Watson retorted
:)
alan
As per other statements of such seen elsewhere online, do you have examples or
code which will allow the recovery of passwords in a radius exchange? Yes, the
shared secret mechanism is widely stated as 'weak' but actively attacked?
alan
+1 for Statseeker. Ease of use etc (price depends on eg site size etc). Can do
lots on just one mid server unlike some other bloaty solutions out there. But
we also still use MRTG for some local bespoke measurements
PS you can get a free Eval of statseeker. Obnote, don't work for them just a
Um. You don't have an option for old copper plants. This stuff gives you
2.5gig or 5gig on cat5/cat5e (depending on distance).
If you can do 10g you really shouldn't be carrying about this stuff. In the
optical world just jump to using 10Gig (where you can)
alan
For the sake of security of all internet connected hosts - especially in this
new era of even more IOT junk , security updates, firmware and new OS updates
should be granted libre data rates so that users who keep their devices updated
are not penalised.
as for carriers pipes...will, if
You're assuming that people are only using phones with their SIM - those that
use a mifi dongle and thus view content on a tablet or laptop will notice
We could rate limit traffic from YouTube to 1.5mbps and let the adaptive
streaming knock the steam to 480p bit our users with 100mbit
>RouterOS is an existing product by MikroTik
Yes but this was an announcement about freerouter. If RouterOS has an
announcement to make they can send their own email ;)
alan
The host has to support it... I've only seen the cisco anyconnect client add
such support to the host
alan
I'm surprised that noone of the home wifi router folk haven't cornered the
market on that one in terms of client separation. Most people don't need the
devices to talk to each other so by default all ports on different VLANs ..
192.168.0-8.x etc
Internet of things security out of the box. Web
No. CentOS follows RedHat. They backport fixes to older versions rather than
put the new version out. It appears that have aversion to new feature and just
want to put the fixes onto the older versions. So that 9.9.4 probably has 60%
of the changes that the diff of 9.9.4 has to 9.9.8 . This
Indeed. They just need more places across the world hosting Anchors :)
alan
What, like RIPE NCC ? :)
alan
There's also probably a large number of people gnashing their teeth that all of
these compromised sites have been so readily identified by a very basic spam
scam. A massive waste of opportunity for real black hats
alan
I was looking out for the sub-Reddit thread ;)
alan
Aye. It was an amusing anecdote/joke about their poor wording/pitch. I didn't
see it as some sales thingguess others are having a stressful day or got
out of bed the wrong side today :/
alan
'should have largely the same vantage point ...'
That's *exactly* one of the functions of these probes. It's very interesting
what they can find out. Never assume (you know the rest of that...)
alan
One of the small microPC solutions. Depending on what you want to test (eg
bandwidth) you may find platforms like raspberrypi too limited. Intel NUC or
LIVA platforms?
https://www.perfsonar.net/deploy/hardware-selection/low-cost-hardware/
alan
Yes. Next gen firewalls stop that kind of game ;)
alan
Great summary of the thread
No-one using remote control robots with video feed etc for working in these
environments then? Plans to? ;)
alan
>It's just text at the bottom of your email.
1 often a very large amount of text - in this case the legalese was something
like 10x longer than the comment!
2 its pointless. Its not enforceable and doesn't mean anything.
Shall i put a chapter of war and peace at the end of my emails? You
'QoS problems are to be expected' . Uh?
Don't you put QoS into place just to ensure that the minimum bandwidth you need
to ensure critical services (such that your voice traffic is not impeded for
example) are NOT affected across your WAN links when there are big globs of
data banging around?
2 mbit is still more than 32 bit ;)
alan
No. They should just ask, with the best geek intonation, whether this
place still is stuck with 32-bit Internet
I'm sure they'd gladly report that their Internet is 24 mbit and not just 32
bit
;)
alan
There was signing of NDAs
Which you obviously read and follow to the letter ;)
alan
I do feel sorry for you unix/linux users having a problem in year 2038
fortunately I get another ~ 8 years... my Amiga
gets its first big problem in 2046 ;-)
http://web.archive.org/web/19981203142814/http://www.amiga.com/092098-y2k.html
alan
PS if i get to see the 2078 issue I'll be old
'We plan to use DHCPv6 rather than SLAAC for a variety of reasons'
Care to elaborate on the reasons? Due to client support we have both. In fact
we had SLAAC for many years and just 2 years ago we added DHCPv6 ..that was to
ensure fuller client support (since windows and OSX amongst others
'Don't learn by heart that which you can look up.' apart from enough
basics to get you up and connected so that you CAN look things up! ;)
There's a whole debate about the education system and learning things by rote
that can be looked up. In many sectors you have reference tomes. ..some
+1 for CWNP courses. The CWNA and CWDP cover RF quite well too you'll pick
up most of what's needed. ..imho most of the vendor specific courses only
benefit is to tell you how to manage their control plane. Which button to
click on the interface etc ;)
alan
54 matches
Mail list logo