Re: 600,000 routers bricked

let's hope that this action didn't harm anyone - particularly a vulnerable person who might have an emergency system using IP to send alerts On Mon, 3 Jun 2024 at 01:22, Josh Luthman wrote: > > >And then when it became clear that the issue wasn't being addressed, they > >forcibly turned off

Re: Rack rails on network equipment

> We operate over 1000 switches in our data centers, and hardware failures that > require a switch swap are common enough where the speed of swap starts to > matter to some extent. We probably swap a switch or two a month. having operated a network of over 2000 switches, where we would see

Re: Gaming Consoles and IPv4

not just how it handles IPv4 - these things don't even do proper WiFi - meaning no happy joy for lots of students on campus where 802.1X wifi is provisioned alan

Re: IPv6 Pain Experiment

hi, > Go ahead and read your v4 address over the phone and then do the same with > your v6 address. Which is easier? I do understand all about these addresses > both being binary underneath ( I've been doing this for over 30 years now). > However it is much easier to communicate using four

Re: IPv6 Pain Experiment

hi, the old UK reverse name notation actually comes from some sensible ideas - firstly from the big-endian processing methods - but also the most important part of the address comes first - ideal for global routing decisions early. who cares about the actual hostname , get to the actual TLD ;-)

Re: Protecting 1Gb Ethernet From Lightning Strikes

hi, have seen and suffered from same. nearby strikes can cause enough surge to fry things. best solution - air-gaps where possible between devices (eg fibre to link switches), surge protectors on ethernet cables where needed (eg feeds from Access points) - and if the APs have external antennae

Re: Cisco wifi signal fluctuations

hi, do you have any of the WLC settings on such as dynamic power assignment (which allows the controller to work out neighbour cell coverage and reduce the signal to stop much overlap). which 5GHz channels are being used - if you're using those in DFS space then RADAR detection means that DAC

Re: QoS for Office365

hi, use Direct Access PAC file for clients to get the right endpoints. Apply QoS to that traffic - and use that same PAC file to feed the IP ranges into your QoS rules on the firewall/router ? alan On Mon, 8 Jul 2019 at 17:15, Joe Yabuki wrote: > > Hi all, > > How do you deal with QoS for

Re: Packetstream - how does this not violate just about every provider's ToS?

hi, > Just ran into packetstream.io: Had a quick look but doesn't seem to mention Blockchain at all - therefore it can't be that good! ;-) alan

Re: Multicast traffic % in enterprise network ?

when i was last on a proper working multicast-enabled UK university network, could pick up the BBC streams (TV and radio) using VLC :) alan

Re: Proving Gig Speed

hi, another prediction would be that your internet connection (and most devices in house) connected by 5G - maybe with some local WiFi - 802.11ax - if theres still spectrum left after the LTE groups have taken it all for aforementioned 5G purposes... legacy devices, still around for another

Re: Application or Software to detect or Block unmanaged swicthes

as already said - this can be covered with adequate processes and management (even so far as, not doing your job right? time for HR...). however, there are many ways to ensure that random ports arent doing anything other than what they should be doing - most of these are L2 security features -

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

real ones send such formulae as LaTeX attachments - where their recipients can have a simple plugin to view/display it inline (then save to edit/modify etc). HTML is horrible for formula...but at least I guess a little better than MS Word. alan

Re: Catalyst 4500 listening on TCP 6154 on all interfaces

hi, thank-you Dario for your input and response from Cisco PSIRT - very useful and welcome. alan

Re: Remote power cycle recommendations

+1 for the APC kit :) alan

Re: China Showdown Huawei vs ZTE

https://www.theregister.co.uk/2018/04/26/hyperoptics_zte_routers/ yet another ZTE issue . :( alan

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

thats probably a key part of the experiment - to find locations and systems where 1.1.1.1 is trashed. it should be routable and its about time that vendors stopped messing around in that space - hopefully this is one of the sticks that prods people to start to behave - at which point 1.0.0.0/8

Re: Yet another Quadruple DNS?

exactly. intercept/inject? why. an ISP can just run its own standard DNS servers on 8.8.8.8 and 8.8.4.4 and point their customers to those - they own their routing space, they can just route to those locallyso anyone thinking they can avoid their ISP by choosing some other addresses are

Re: Wi-Fi Analyzer

Scout Aircheck G2 is quite nifty - but a lot of tools out there are only just a little bit above what you can do with a decent Android phone (one with 802.11a/b/g/n/ac chipset) and WiFiAnalyzer ! :) alan

Re: Alternatives to ISE?

if you're already slurping the commercial koolaid (support contracts, someone to blame etc etc) - then Aruba Clearpass? (otherwise local homebrew with FreeRADIUS core or PacketFence as FOSSOTS ;-) ) alan

Re: OSPF Monitoring Tool

Commercial, or free? For commercial route explorer should do the job, for free, run eg quagga or such with relevant actions on logs. alan

Re: Moving fibre trunks: interruptions?

i'm sure theres plenty of aerial in europe. usually carried on e.g. the top messenger cable on pylons - given i've attended talks about the issues of fixing such fibre after storms in Scotland :) On 1 September 2017 at 20:52, Rod Beck wrote: > I don't think

RE: SNMP syslocation field for GPS coordinates, and use with automation tools

Yes. But don’t just put in coordinates... Put in other details and use a standard separator  alan

Re: Spitballing IoT Security

Hi, Hi, >Put it another way: you bring home a NEST and the first thing you the >expert might do is read the net to figure out which ports to open. Are >you really going to not open those ports? Put onto its own isolated vlan with only internet access. Unfortunately no basic routers that are

Re: Spitballing IoT Security

Hi, >At which point the 3GS was almost 5 years old (having originally been >released in June 2009) and had been already superseded by the iPhone 4, >4S, 5 and 5S/5C. But the release of and presence of those phones does not make the older phone suddenly stop working. As noted, the phone might

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

hi, >From: NANOG on behalf of Mike Hammett > >Sent: 27 September 2016 16:30 >Cc: nanog@nanog.org >Subject: Re: Krebs on Security booted off Akamai network after DDoS attack >proves pricey > >You must not support end users. haha...i read that wrong.

Re: Don't press the big red buttom on the wall!

>“Unfortunately because it was human >error we weren’t prepared for it,” >Holmes said. "But it's elementary!" Watson retorted :) alan

Re: Cisco 2 factor authentication

As per other statements of such seen elsewhere online, do you have examples or code which will allow the recovery of passwords in a radius exchange? Yes, the shared secret mechanism is widely stated as 'weak' but actively attacked? alan

Re: mrtg alternative

+1 for Statseeker. Ease of use etc (price depends on eg site size etc). Can do lots on just one mid server unlike some other bloaty solutions out there. But we also still use MRTG for some local bespoke measurements PS you can get a free Eval of statseeker. Obnote, don't work for them just a

Re: Equipment Supporting 2.5gbps and 5gbps

Um. You don't have an option for old copper plants. This stuff gives you 2.5gig or 5gig on cat5/cat5e (depending on distance). If you can do 10g you really shouldn't be carrying about this stuff. In the optical world just jump to using 10Gig (where you can) alan

Re: Binge On! - get your umbrellas out, stuff's hitting the fan.

For the sake of security of all internet connected hosts - especially in this new era of even more IOT junk , security updates, firmware and new OS updates should be granted libre data rates so that users who keep their devices updated are not penalised. as for carriers pipes...will, if

Re: Binge On! - get your umbrellas out, stuff's hitting the fan.

You're assuming that people are only using phones with their SIM - those that use a mifi dongle and thus view content on a tablet or laptop will notice We could rate limit traffic from YouTube to 1.5mbps and let the adaptive streaming knock the steam to 480p bit our users with 100mbit

Re: announcement of freerouter

>RouterOS is an existing product by MikroTik Yes but this was an announcement about freerouter. If RouterOS has an announcement to make they can send their own email ;) alan

Re: MACsec to edge hosts

The host has to support it... I've only seen the cisco anyconnect client add such support to the host alan

RE: Nat

I'm surprised that noone of the home wifi router folk haven't cornered the market on that one in terms of client separation. Most people don't need the devices to talk to each other so by default all ports on different VLANs .. 192.168.0-8.x etc Internet of things security out of the box. Web

Re: Advance notice - H-root address change on December 1, 2015

No. CentOS follows RedHat. They backport fixes to older versions rather than put the new version out. It appears that have aversion to new feature and just want to put the fixes onto the older versions. So that 9.9.4 probably has 60% of the changes that the diff of 9.9.4 has to 9.9.8 . This

Re: EyeBall View

Indeed. They just need more places across the world hosting Anchors :) alan

Re: EyeBall View

What, like RIPE NCC ? :) alan

Re: The spam is real

There's also probably a large number of people gnashing their teeth that all of these compromised sites have been so readily identified by a very basic spam scam. A massive waste of opportunity for real black hats alan

Re: Why is NANOG not being blacklisted like any other provider that sent 500 spam messages in 3 days?

I was looking out for the sub-Reddit thread ;) alan

RE: Static IPs

Aye. It was an amusing anecdote/joke about their poor wording/pitch. I didn't see it as some sales thingguess others are having a stressful day or got out of bed the wrong side today :/ alan

Re: RIPE atlas probes

'should have largely the same vantage point ...' That's *exactly* one of the functions of these probes. It's very interesting what they can find out. Never assume (you know the rest of that...) alan

Re: Inexpensive probes for automated bandwidth testing purposes

One of the small microPC solutions. Depending on what you want to test (eg bandwidth) you may find platforms like raspberrypi too limited. Intel NUC or LIVA platforms? https://www.perfsonar.net/deploy/hardware-selection/low-cost-hardware/ alan

Re: Recent trouble with QUIC?

Yes. Next gen firewalls stop that kind of game ;) alan

Re: Ear protection

Great summary of the thread No-one using remote control robots with video feed etc for working in these environments then? Plans to? ;) alan

Re: Extraneous "legal" babble--and my reaction to it.

>It's just text at the bottom of your email. 1 often a very large amount of text - in this case the legalese was something like 10x longer than the comment! 2 its pointless. Its not enforceable and doesn't mean anything. Shall i put a chapter of war and peace at the end of my emails? You

RE: Windows 10 Release

'QoS problems are to be expected' . Uh? Don't you put QoS into place just to ensure that the minimum bandwidth you need to ensure critical services (such that your voice traffic is not impeded for example) are NOT affected across your WAN links when there are big globs of data banging around?

Re: Hotels/Airports with IPv6

2 mbit is still more than 32 bit ;) alan

Re: Hotels/Airports with IPv6

No. They should just ask, with the best geek intonation, whether this place still is stuck with 32-bit Internet I'm sure they'd gladly report that their Internet is 24 mbit and not just 32 bit ;) alan

Re: Any Verizon datacenter techs about?

There was signing of NDAs Which you obviously read and follow to the letter ;) alan

Re: REMINDER: LEAP SECOND

I do feel sorry for you unix/linux users having a problem in year 2038 fortunately I get another ~ 8 years... my Amiga gets its first big problem in 2046 ;-) http://web.archive.org/web/19981203142814/http://www.amiga.com/092098-y2k.html alan PS if i get to see the 2078 issue I'll be old

Re: Android (lack of) support for DHCPv6

'We plan to use DHCPv6 rather than SLAAC for a variety of reasons' Care to elaborate on the reasons? Due to client support we have both. In fact we had SLAAC for many years and just 2 years ago we added DHCPv6 ..that was to ensure fuller client support (since windows and OSX amongst others

Re: eBay is looking for network heavies...

'Don't learn by heart that which you can look up.' apart from enough basics to get you up and connected so that you CAN look things up! ;) There's a whole debate about the education system and learning things by rote that can be looked up. In many sectors you have reference tomes. ..some

Re: WiFi courses/vendors recommendation

+1 for CWNP courses. The CWNA and CWDP cover RF quite well too you'll pick up most of what's needed. ..imho most of the vendor specific courses only benefit is to tell you how to manage their control plane. Which button to click on the interface etc ;) alan