I'm looking for recommended protocols to use for testing intrusion
detection and maybe also firewall logging.
Basically I need some kind of protocol that it's ok to discard traffic
for in a production network, so I can be sure that the various systems
that should be detecting it and generating alar
Another really useful skill is knowing what it looks like to be a
customer / end user of one of those networks. Sure, it's fun to crank
obscure BGP load-balancing techniques, but you also need to know where
the industry as a whole is going technically and business-wise. Tier
1s sell to Tier 2s, b
On Wed, Nov 30, 2011 at 1:18 PM, Mark Blackman wrote:
> ... and I'm not sure why SLAAC wanted more than 48 bits.
One reason IPv6 addresses are 128 bits long instead of 40, 48, 64 or
80 is because converting from IPv4 to IPv6 is really painful and we
don't want to ever have to do it again in the f
On Tue, Nov 29, 2011 at 3:46 AM, Dmitry Cherkasov wrote:
> Currently I research on IPv6 provisioning systems and I need to decide
> whether the ability to use longer then /64 prefixes should be
> supported in them or not. If we restrict user to using /64 per network
> we need to have convincing re
On Mon, Oct 31, 2011 at 6:23 AM, Brian Johnson wrote:
> For clarity it's really bad for ISPs to block ports other than 25 for the
> purposes of mail flow control... correct?
Yes, correct. If you're using another mail submission port, you're
connecting to a mail service that has the responsibilit
There are several models for where the MTA lives in an ISP environment
- MTA at customer, connects to destination via Port 25.
- MUA at customer, MTA at ISP, connects to destination via Port 25.
- MTA at customer, ISP transparently forces connection through ISP
MTA, then connects to destination via
Friends of mine recently bought a large traditionally-designed house.
The former "servant's quarters" are now the server room.
So should monthly IPv6 day be the same week as Microsoft Patch Tuesday? :-)
On Sun, Apr 17, 2011 at 8:00 AM, Jay Ashworth wrote:
> The TV master control facility in which I'm working presently does it
> by doing overlapping 10 hour shifts; it takes 10 people to have 2 on-shift
> at all times. You work 6 hours with one person, and 4 with the other.
My brother-in-law once
> Variable scheduling of staff is often deemed more fair, but I think it makes
> things less stable. People are constantly having to change their life.
Rotating shifts between daytime and nighttime is a horrible thing to
do to your workers, both for their health and their attention span.
Full-tim
On 2/1/11, Chuck Anderson wrote:
> What would your recommended solution be then for disconnected
> networks? Every home user and enterprise user requests GUA directly
> from their RIR/NIR/LIR at a cost of hunderds of dollars per year or
> more?
A typical home user will have a /56 of GUA, or mayb
On 1/24/11, Andy Ashley wrote:
> Im looking for a little advice about DSL circuits in New York,
> specifically at 111 8th Ave.
> Going to locate a console server there for out-of-band serial management.
> The router will need connectivity for remote telnet/ssh access from the NOC.
How much bandwi
On 1/26/11, Owen DeLong wrote:
> And if your servers behind the LB aren't prepared for it,
> you lose a LOT of logging data, geolocation capabilities,
> and some other things if you go that route.
Of course, anybody expecting a current IPv4 geolocation service to
provide accurate information over
On 1/28/11, andrew.wallace wrote:
> We should be asking the Egyptians to stagger the return of services so that
> infrastructure isn't affected, when connectivity is deemed to be allowed to
> come back online.
Well, yeah, it has to be done carefully, otherwise the first guy to
turn on an E1 line
On Fri, Dec 3, 2010 at 9:35 AM, Leo Bicknell wrote:
> - Ratio needs to be dropped from all peering policies. It made sense
> back when the traffic was two people e-mailing each other. It was
> a measure of "equal value". However the net has evolved. In the
> face of streaming audio and vide
On Sat, Sep 25, 2010 at 5:17 PM, Matthew Walster wrote:
>> Plenty of people sell p2p caches but they all work using magic, smoke and
>> mirrors.
Somehow that seems appropriate for gaming networks; maybe add some
swords or old Gandalf boxes.
In general distributing gaming software isn't going to
On Sat, Sep 18, 2010 at 2:34 AM, JC Dill wrote:
> Jack Bates wrote:
>> And yet, I'm pretty sure there are providers that have different pipes for
>> business than they do for consumer, and probably riding some of the same
>> physical medium. This creates saturated and unsaturated pipes, which is j
Sorry, fat-fingered something when I was trying to edit.
On Fri, Sep 17, 2010 at 2:12 PM, Bill Stewart wrote:
> On Tue, Sep 14, 2010 at 6:51 PM, Steven Bellovin wrote:
>> No, they bought AT&T, which [...] But yes, SBC is the controlling piece of
>> the new AT&T.
On Tue, Sep 14, 2010 at 6:51 PM, Steven Bellovin wrote:
> No, they bought AT&T, which [...] But yes, SBC is the controlling piece of
> the new AT&T.
>
> As for the two /8s -- not quite. Back in the 1980s, AT&T got 12/8. We soon
> learned that we couldn't make good use of it, since multiple l
On Thu, Jun 17, 2010 at 6:52 AM, James Smith
wrote:
> we're in the process of building a DR site.
Assume for purposes of discussion that all the vendors have equivalent
quality equipment with approximately equivalent features.
I can think of four occasions you'd need a DR center
1 - Practicing y
I'm getting three different behaviours from Firefox
- I have the page open in a tab. The tab header is in Arabic script.
(And the page itself renders fine in Arabic.)
- When I go to that tab, the main Firefox window title shows boxes
(i.e. "don't have the font for this.")
- When I go to that tab,
Back when I was on that side of the house, if you bought transit from
7018 and were managing your own routers, you got your choice of BGP or
static, and BGP could have full routes, our-customer routes, default
routes, and maybe some other variants. No charge for any of those
options, but if you wa
> On Mon, 3 May 2010 14:12:45 -0400
> Bill Bogstad wrote:
>> Like many people, I can't justify the expense of "commercial" IP
>> connectivity for my residence. As a result, I deal with dynamic IP ..
On Mon, May 3, 2010 at 11:27 AM, Gregory Edigarov
wrote:
> Holly shit... Where do you live? In U
On Mon, Apr 26, 2010 at 7:20 AM, Stephen Sprunk wrote:
> The vast majority of residential customers have a single subnet, so they
> can get by just fine using IPv6 link-local addresses. The vanishingly
> small percentage that have multiple subnets are presumably savvy enough
> to set up ULA-R ad
On Tue, Apr 27, 2010 at 3:24 PM, Owen DeLong wrote:
>> Here's an exercise. Wipe a PC. Put it on that cable modem with no
>> firewall. Install XP on it. See if you can get any service packs installed
>> before the box is infected.
> 1. Yes, I can. I simply didn't put an IPv4 address on
Hmm, fat fingered that.
> If you're trying to balance inbound re
If you're trying to balance inbound requests, use a DNS load balancer.
--
Thanks; Bill
Note that this isn't my regular email account - It's still experimental so far.
And Google probably logs and indexes eve
On Thu, Apr 15, 2010 at 2:05 PM, Bill Lewis wrote:
> Group,
>
> Since I'm told that DSL aggregation / mux is currently not possible, we
> are looking at doing stream splitting via a technology like FatPipe
> uses. Anyone have this in production usage? Or something similar?
It depends very much on
On Tue, Apr 13, 2010 at 9:12 PM, Tony Varriale wrote:
> > From: "Bill Stewart"
> > Be careful using 3845s for 100 Mbps connections or above
> The 3825 says 179mbps on their spec sheet. Not sure where you are getting
> your numbers but they are way off.
> Al
On Mon, Apr 12, 2010 at 10:55 AM, Dylan Ebner wrote:
> However, this router also has 2 100mb connections from local lans that it is
> also terminiating.
> For our 100mb metro e connections we use 3845s. The 100 mb service terminates
> into NM-GEs, which have a faster throughput than the hwics.
One really good thing about spam was that,
before it became a big problem,
all Usenet / Internet discussions had a risk of
devolving into "libertarians vs. socialists" flamewars,
but that got replaced by "*%^&%*& spammers",
and eventually we got that nice little checklist
as a way to quiet even tho
>>> Isn't there an automatic allocation for those of us who have legacy IP
>>> space. If not, is ARIN saying we have to pay them a fee to use IP6?
>>> Isn't this a disincentive for us to move up to IP6?
If you're a very small company looking for larger than /32, maybe it's an issue.
If you're a me
On Mon, Apr 5, 2010 at 10:51 AM, Steven Bellovin wrote:
> On Apr 5, 2010, at 1:43 52PM, valdis.kletni...@vt.edu wrote:
>> Steve is talking mid-80s pricing, not mid-90s. By '93 or so, the fact
>> that Ethernet was becoming ubiquitous had already forced the price down.
>
> Yup. 10 years earlier, a
On Fri, Apr 2, 2010 at 8:36 AM, Eliot Lear wrote:
> On 4/2/10 2:09 PM, Robert E. Seastrom wrote:
>>
>> So, what are you having your up-and-coming NOC staff read?
>
> Practice of System and Network Administration by Limoncelli, Hogan, and
> Challup. I may be biased, being married to Hogan.
Chalu
On Thu, Apr 1, 2010 at 5:00 AM, Joe Greco wrote:
> And on that note, I enclose the following, which was rejected by the RFC
> Editor, but seems relevant to this discussion, so here's the draft.
Well of course it was rejected - using 257/8 sets the Evil Bit - you
need to make that block Reserved.
>> it seems to me that we'll have widespread ipv4 for +10 years at least,
> How many 10 year old pieces of kit do you have on your network?
> Ten years ago we were routing appletalk and IPX. Still doing that now?
Ten years ago I was still telling a few customers that Novell Netware had
supported
You're either going to have to sell them on future-proofing or
"We're sailing off the edge of the world in two years,
there be dragons there, train your folks now."
Remember that there are two IPv6 transitions
- introducing IPv6 and forcing some people onto it
- getting rid of IPv4 after IPv6 supp
- Beers (the main server got to be "anchor", which made our ex-Navy
boss happy and seemed more professional than some others
- Mountains, mostly volcanic
- Psychoactive chemicals ("the database is on speed, the development
project's on prozac...)
- Friends at Princeton used quarks ("Up is down toda
Maybe I'm dense, but I don't see the problem. One of the great things
about IPv6's address space being mindbogglingly large is that there's
plenty of it to experiment with. If the ITU wants an RIR-sized block
to do RIR-like work, so what? If they wanted a /2 or /4 I'd be
concerned, or if there w
On Tue, Feb 23, 2010 at 11:46 AM, Paul Stewart
wrote:
> The problem is that a user on this box appears to be launching high
> traffic DOS attacks from it towards other sites. These are UDP based
> floods that move around from time to time - most of these attacks only
> last a few minutes.
Do the
On Tue, Feb 16, 2010 at 8:02 PM, Kevin Oberman wrote:
> It's mostly the obvious places. Oddly, Fogo de Chao, a churrascaria
> that opened a year ago is missing from the list as is my personal
By the way, Fogo de Chao is a very strange place to eat if you're a vegetarian.
I once went to their Dall
On Tue, Feb 2, 2010 at 12:04 AM, wrote:
> That is one long protect path. Yikes.
There be mountains in the way, with deserts in between, and not a lot
of people to justify diversity or railroads and highways to run it
along.
Not many carriers have more than one fiber route across Arizona and
New
On Wed, Jan 27, 2010 at 1:19 PM, Igor Gashinsky wrote:
> 1) ping-ponging of packets on Sonet/SDH links
> 2) ping sweep of death
...
> For most people, using /127's will be a lot operationaly easier then
> maintain those crazy ACLs, but, like I said before, YMMV..
I'm in the /112 camp - it's not g
On Thu, Jan 21, 2010 at 5:13 PM, George Bonser wrote:
> Some of that water is dirtier than the rest. I wouldn't want to be the
> person who gets 1.2.3.0/24
I'd guess that 1.1.1.1 and 2.2.2.2 are probably much more widely used.
At least 1.1.1.0/24 should be reserved by IANA or somebody.
--
--
On Wed, Jan 13, 2010 at 9:37 PM, Warren Kumari wrote:
> I can now place a checkbox in the "Is there a firewall?" column of the
> audit.
In most cases, you can check the same box if you use an appropriately
designed stateless firewall
instead of an inappropriate stateful firewall.(Not always,
A password recovery method I've found very frustrating is to use the
serial number or similar value that's on a label on the bottom of the
equipment. It's just fine for desktop hardware - but for rack-mounted
gear, it's not uncommon to find out that you need this information
*after* somebody's rac
On Tue, Dec 15, 2009 at 7:46 AM, Eric J Esslinger wrote:
> So in any case, due to customer privacy concerns we feel we can't do that.
If you don't want to handle email for the long-obsolete customer
accounts, but just don't want to send that mail to anybody else, it's
pretty easy to run a teergru
On Sun, Dec 6, 2009 at 2:56 PM, Sean Donelan wrote:
> In particular, what anti-forgery/security controls should network operators
> implement and check; and what anti-forgery/security controls should network
> operators not implement or check?
Depends a bit on whether you're counting inbound-mail
Hi, Paul - I share your dislike of DNS services that break the DNS
model for profit in ways that break applications.
For instance, returning the IP address of your company's port-80 web
server instead of NXDOMAIN
not only breaks non-port-80-http applications, it also breaks the
behaviour that brows
If you're a consumer broadband provider, and you use a DNS blackhole
list so that any of your subscribers who tries to reach
bigbank1.fakebanks.example.com gets redirected to
fakebankwebsitelist.sipc.gov, you might be able to claim that you
complied with the law, though the law's aggressive enough
On Mon, Oct 19, 2009 at 7:07 PM, Nathan Ward wrote:
> On 20/10/2009, at 3:02 PM, Bill Stewart wrote:
>> plus want the ability to take their address
>> space with them when they change ISPs (because there are too many
>> devices and applications that insist on having ha
If you've got an addressing system with enough bits that you don't
have to start stealing them, it makes sense to pick some boundary
length between
our-problem : their-problem
128 bits is long enough, and changing protocols is nasty enough, that
it should let you Never Have To Do It
It's not a technical question, it's a political one, so feel free to
squelch this for off-topicness if you want.
Technically, broadband is "faster than narrowband", and beyond that
it's "fast enough for what you're trying to sell"; tell me what you're
trying to sell and I'll tell you how fast a con
On Thu, May 28, 2009 at 9:55 AM, Ric Messier wrote:
> Here is the Qwest link mentioned, by the way, in case anyone else is
> interested.
>
> http://stat.qwest.net/statqwest/perfRptIndex.jsp
The equivalent AT&T network performance portal page is
http://www.att.com/ipnetwork and various pages link
> You have RFC3041 and similar techniques, stateless autoconfig, and a
> variety of other general things that make it really awful for the default
> ethernet network size to be something besides a /64.
...
> I would definitely prefer to see a /56, or maybe a /48, handed out
> today.
When I first s
On Fri, Apr 24, 2009 at 7:27 AM, Frank Bulk wrote:
> So what were you doing than, RFC 1483?
Back when I worked with AT&T's business-market DSL folks,
used RFC 1483 rather than annoy customers with PPPoE,
and we provided ATM to lots of CLECs that did the same.
(I don't know what the current ILEC c
On Fri, Mar 13, 2009 at 2:15 PM, wrote:
> After all, you didn't *really* care that the IP was assigned to
> a computer belonging to Herman Munster, 1313 Mockingbird Lane. What you
> actually *wanted* was for somebody (preferably Covad) to hand Herman a clue.
Yeah. I miss the days that you cou
On Sun, Feb 8, 2009 at 11:42 PM, Joel Jaeggli wrote:
> FD00::/8
>
> ula-l rfc 4139
s/4139/4193/
--
Thanks; Bill
Note that this isn't my regular email account - It's still experimental so far.
And Google probably logs and indexes everything you send it.
On Fri, Feb 6, 2009 at 7:12 PM, Matthew Moyle-Croft
wrote:
> Jack Bates wrote:
> > Dynamic or static; how does this alter the state of the routing table?...
> Dynamic assigned addresses mean that the BRAS the customer terminates on can
> hand out a range out of a pool assigned to it. This means
On Tue, Feb 3, 2009 at 5:43 PM, Steve Bertrand wrote:
> What I was hoping for (even though I'm testing something that I know
> won't work) is that I can break something so I could push v4 traffic
> over a v6-only core.
>
> Is there _any_ way to do this (other than NAT/tunnel etc)?
If you can push
>> Which standard are you referring to? AFAIK, nothing above 1500 is
>> standardised
I've had two different kinds of customer requests for jumbo frames
- customers that want very large frames for performance reasons;
Many ethernet switches support 9000 or more, some don't,
and some technolog
On Wed, Jan 14, 2009 at 12:56 PM, Murphy, Jay, DOH
wrote:
> In your humble opinion, which transmission method is more efficient, packet
> or cell? ...
> Trying to make a decision on the transport mode for cost, delay, jitter, ROI,
> etcetera.
It really depends on what your applications are.
I'
At least in the US, satellite use is fairly limited compared to fiber
and copper,
mainly in the following areas
- TV broadcast
- Data and voice to remote areas (a few hundred Alaska villages,
some connectivity up to oil drilling areas in Alaska, though
there's also fiber,
plus some Internet i
On Mon, Jan 5, 2009 at 4:11 PM, Roland Dobbins wrote:
> In my experience, once one has an understanding of the performance envelopes
> and has built a lab which contains examples of the functional elements of
> the system (network infrastructure, servers, apps, databases, clients, et.
> al.), one
Assuming that what you're getting from Verizon is copper and not FIOS,
there should be a number of small to medium-sized ISPs that will provide you
with Layer 3 Internet Service using that copper.
It will cost you a few dollars a month more, but not a lot more,
and you'll not only have more chance
Data centers in used nuclear bunkers aren't new - www.thebunker.net
has done that for a decade in the UK. They found that having a
cool-looking site made it easy to sell to bankers who wanted
reassurance about physical security, and at least with the computer
technology of the time it was easy to
ple.net/faq/port25blocking"
or some similarly useful message as opposed to just dropping the packets.
I've toned down my vehemence about the blocking issue a bit -
there's enough zombieware out there that I don't object strongly to an ISP
that has it blocked by default but makes
On 10/16/07, Justin M. Streiner <[EMAIL PROTECTED]> wrote:
> > The effort someone would spend figuring out if 204/4 is reachable and
> > not-pain-inducing in their infrastructure is better spent figuring out how
> > to
> > make IPv6 work within their sphere of responsibilities.
> I agree. The cu
67 matches
Mail list logo
