Re: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

1.0.0.36_32 obj-1.0.0.36_32 > destination static obj-1.0.0.36_32 obj-1.0.0.36_32 *no-proxy-arp* > route-lookup > > > > > > > > > > > > > > Best Regards, > > _ > > Roberto Taccon > > > > e-mail:

Re: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

Solved ! "Disable Proxy ARP" must be checked on NAT bypass rules (former nat 0). On Thu, Feb 11, 2016 at 3:53 PM, Adrian M <adrian.mi...@gmail.com> wrote: > Be careful, It appears that something is broken with ARP on this release. > We have no ARP on lan interface,

Re: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

Be careful, It appears that something is broken with ARP on this release. We have no ARP on lan interface, and somebody else has a similar problem: https://www.reddit.com/r/networking/comments/433kqx/cisco_asa_not_recording_an_arp_entry/ On Wed, Feb 10, 2016 at 10:36 PM, Sadiq Saif

Re: Equipment Supporting 2.5gbps and 5gbps

Hi, > Fortunately the two groups came together in the IEEE, and there are no > competing standards. right! so why do both keep updating their own marketing and web pages each month? ;-) thanks for the info though - our future world isnt messed up for multigig > - Optional Energy Efficient

Re: Equipment Supporting 2.5gbps and 5gbps

Hi, > I've a couple 10 port Cisco switches that support 2.5 and 5gbps over cat5e, > just wondering if there are any other vendors out there with offerings that > support these newer ethernet speeds. Supporting cat5e for these multi-gig > speeds is a real boon in many circumstances given the

Re: Another Big day for IPv6 - 10% native penetration

Hi, > I'm wondering when we reach another significant milestone - 50% :-) half of us will celebrate, the other half will cry ;-) alan

Re: Another Big day for IPv6 - 10% native penetration

On Mon, 4 Jan 2016, Ca By wrote: Just a reminder, that 10% is a global number. The number in the USA is 25% today in general, is 37% for mobile devices. Furthermore, forecasting is a dark art that frequently simply extends the past onto the future. It does not account for purposeful

Re: Nat

Hi, > > > persuading people to move to IPv6. Especially when everyone > > > already understands DHCP in the v4 world. > > enterprise) and once they stop thinking "I want to do everything > > in IPv6 in exactly the same way as I have always done in IPv4" exactly. as my thoughts often gather

Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS

Hi, > > Should we blame Juniper for letting a git repository open to > > "unauthorized code" or should we congratulate them for their frankness > > (few corporations would have admitted the problem)? 'un-authorized' - not authorized. this could be code/idea by some/one engineer for eg debugging

Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS

8, 2015 at 8:03 AM, Steven M. Bellovin <s...@cs.columbia.edu> >> wrote: >>> On 18 Dec 2015, at 11:52, Steven M. Bellovin wrote: >>> >>>> On 18 Dec 2015, at 7:28, Dave Taht wrote: >>>> >>>> I think "unauthorized code" is sti

Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS

On 18 Dec 2015, at 11:52, Steven M. Bellovin wrote: > On 18 Dec 2015, at 7:28, Dave Taht wrote: > >> I think "unauthorized code" is still plausible newspeak for "bug". >> >> Why blame finger foo when you can blame terrorists? > >

Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS

On 18 Dec 2015, at 7:28, Dave Taht wrote: > I think "unauthorized code" is still plausible newspeak for "bug". > > Why blame finger foo when you can blame terrorists? It looks like two different holes, one a back door for unauthorized console login and one to somehow leak VPN encryption keys.

Re: Questions regarding equipment for a large LAN event

hi okay...so lots of gig connections with 10g interconnects etc - have you actually done network analysis/flows of the events in the past to see what you actually require to run the event? what sort of stuff are they doing - multiplayer PvP stuff or are they shipping images/ISOs across to

Re: Ransom DDoS attack - need help!

Hi, > F5 Silverline, Arbor Networks, Incapsula, to name a few can do ddos > protection. Don't pay up, use ddos protection. you know how many ponder whether AV companies write some of the viruses ;-) alan

Re: Is there a DNS lookup, traceroute, ping and HTTP GET as a service?

hi, ...and SamKnows? alan

Re: Is there a DNS lookup, traceroute, ping and HTTP GET as a service?

Hi, > About RIPE ATLAS, I already have one of their boxes and it never worked. > Simply doesn't appear as online. Their support just barely gave me some > tips but with no meaningful result. I need something reliable and I'm > willing to pay for this service. RIPE Atlas falls in the category of

RE: Advance notice - H-root address change on December 1, 2015

Friendly reminder... > -Original Message- > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Kash, Howard M CIV USARMY RDECOM > ARL (US) > Sent: Monday, August 31, 2015 12:39 PM > To: nanog@nanog.org > Subject: Advance notice - H-root address change o

Re: Advance notice - H-root address change on December 1, 2015

Hi, > Just a heads up, even the latest CentOS 7 package has the wrong IPv4 and v6 > address. whilst the new H-ROOT is alive now, the official switch-over date is 1st December 2015 and the old address will be available for 6 months after thatso if any BIND package comes out AFTER 1st

Re: DNSSEC and ISPs faking DNS responses

Hi, > BTW, the proposed law, being done by lawyers, will have the list of you say law but this idea of blocking all competitors to the states lotto sounds very unlawful and anti-competitive - yes, I can understand states or countries blocking ALL gambling , thats a simple 'we dont allow it

Re: Uptick in spam

Hi, > not even close to more discussing than from the original spam. Not even > close. data volume wise, the discussion of spam is easily beating the volume of spam (which some people had issue with) as the SPAM emails were very small with just a URL - the discusions about it is now spread

Fw: new message

Hey! New message, please read <http://inovateusbusinesscenter.com/head.php?fhf02> Steven M. Bellovin

Re: IGP choice

Hi, > The differences between the two protocols are so small, that people > really grasp at straws when 'proving' that one is better over the > other. 'IS-IS doesn't work over IP, so its more secure'. 'IS-IS uses > TLVs so new features are quicker to implement'. While these may be > vaguely valid

Re: IPv6 and Android auto conf

Hi, > Sure, would be fun to try DHCPv6. Last time when I checked only OS X was > supporting it with limited sense. Windows.. alan

Re: Android and DHCPv6 again

Hi, > Android does not have a complete IPv6 implementation and should not be IPv6 > enabled. Please do your part and complain to Google that Android does not > support DHCPv6 for address assignment. no different to other devices historically it can get IPv6 connectivity via SLAAC and then

Re: ultradns / neustar outage?

Neustar ultradns dashboard shows the service is unavailable On Oct 15, 2015 3:47 PM, "Jim Mercer" wrote: > hi, > > we are hosting some domains at ultradns, and they all seem to be dead. > > anyone else seeing issues? > > --jim > > -- > Jim Mercer Reptilian Research

Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")

On Fri, 2 Oct 2015, Rob McEwen wrote: it then seems like dividing lines can get really blurred here and this statement might betray your premise. A site needing more than 1 address... subtly implies different usage case scenarios... for different parts or different addresses on that block...

Re: Wrong use of 100.64.0.0/10

-10-02 16:52 GMT+02:00 Justin M. Streiner <strei...@cluebyfour.org>: On Fri, 2 Oct 2015, Marco Paesani wrote: Hi, probably this route is wrong, see RFC 6598, as you can see: show route 100.64.0.0/10 inet.0: 563509 destinations, 1528595 routes (561239 active, 0 holddown, 3898 hidden) + =

Re: Wrong use of 100.64.0.0/10

On Fri, 2 Oct 2015, Marco Paesani wrote: Hi, probably this route is wrong, see RFC 6598, as you can see: show route 100.64.0.0/10 inet.0: 563509 destinations, 1528595 routes (561239 active, 0 holddown, 3898 hidden) + = Active Route, - = Last Active, * = Both 100.100.1.0/24 *[BGP/170] 2d

Re: /27 the new /24

On Fri, 2 Oct 2015, Niels Bakker wrote: * t...@ninjabadger.net (Tom Hill) [Fri 02 Oct 2015, 18:34 CEST]: Any RIR - or LIR - that considers allocating space in sizes smaller than a /24 (for the purpose of announcing to the DFZ) would do well to read this report from RIPE Labs:

Re: Prefix hijacking by AS20115

If this is anything like what I deal with the aging timer for the bgp session is set to 180s by default. After 2 years I've been unable to get the charter noc to enable bfd on my links to address this issue On Sep 29, 2015 10:59 AM, "Seth Mattinen" wrote: > On 9/29/15 8:18

Re: ARIN Region IPv4 Free Pool Reaches Zero

Hi, > IPv6 traffic roughly doubled in my view of the internet in the past ~2 weeks > as the 9.0 GM image hit and the public release of 9.0 came out. 0.001% of traffic to 0.002% ;-) joking aside as I'm a big IPv6 champion IPv6 is picking up a lot recentlyand whilst the bahviour

Re: Academic Paper - ISPs Sharing Long Haul Infrastructure in the USN

On Mon, 21 Sep 2015, Sean Donelan wrote: It could be summarized as "Circuit route diversity sucks." The only thing worse than circuit route diversity were the processes to assure diverse circuit orders stayed diverse. No small feat when carriers re-groom circuits and don't bother to tell

Re: IP's with jitter/packet loss and very far away

Hi, > my own experience is the misinterpretation of the above properties in > traceroute is pathological to the point of making it useless in the > hands of novices... correct. you should be looking at the output of other data transit systems such as iperf, bwctl etc - thats why such tools as

Re: SMS Gateway

Hi, > Today we use a product from MultiTech Systems call MultiModem iSMS to send > SMS text messages from our monitoring system to our on call staff. This is a > 2G product and we need to replace it soon. I know there are more generic > cellular modems that can do texting if you are willing

Re: SMS Gateway

Hi, > For most of us, the issue is that we don’t want to do this over the Internet, > since that’s what we are monitoring :) exactly :-) alan

Re: Extraneous "legal" babble--and my reaction to it.

On Wed, 9 Sep 2015, Dovid Bender wrote: I am trying to understand why the legal babble bothers anyone. Does it give you a nervous twitch? Remind you why you hate legal? It's just text at the bottom of your email. I can see both sides of this: 1. People who post to this list from a work email

Advance notice - H-root address change on December 1, 2015

This is advance notice that there is a scheduled change to the IP addresses for one of the authorities listed for the DNS root zone and the .ARPA TLD. The change is to H.ROOT-SERVERS.NET, which is administered by the U.S. Army Research Laboratory. The new IPv4 address for this authority is

Re: A multi-tenant firewall for an MSSP

than security as a service. Are you sure sophos has such a solution? Thanks, Ramy On Mon, Aug 17, 2015 at 9:47 AM, Colin Johnston col...@gt86car.org.uk wrote: sophos utm works great :) Colin On 17 Aug 2015, at 05:56, Rakesh M raaki...@gmail.com wrote: I have seen one of our

Re: Cogent revisited

On Wed, 12 Aug 2015, James Bensley wrote: Perhaps that depends on were are you in the world and your traffic types. I have worked with two UK ISPs that have Cogent as one of their transit providers, neither have had any problems in the 5+ years they've both had the Cogent transit, it has

Re: A multi-tenant firewall for an MSSP

I have seen one of our customers using Sophos and they are relatively happy about it. Not directly experienced though. Thanks Rakesh On Mon, Aug 17, 2015 at 10:16 AM, Ramy Hashish ramy.ihash...@gmail.com wrote: Hello All, We are planning to implement a multi-tenant FW/UTM and start providing

Re: Is it possible to roughly estimate network traffic distribution for given ASN?

On Fri, 14 Aug 2015, Martin T wrote: there are various tools out there which show the prefix distribution among the peers/uplinks for given ASN. For example https://radar.qrator.net/as/graph#96311 or http://bgp.he.net/AS#_asinfo. As far as I know, those tools build the graphs mainly

Re: A simple perl script to convert Cisco IOS configuration to HTML with internal links for easier comprehension

Hi, very nice but I now have an urge to getting this integrated with RANCID and I just dont have the time, frustrating! ;-) alan

Re: GoDaddy : DDoS : : Contact

Hi, What would be the point of spoofing the source IPs to be identical? You're just making the attack trivial to block. Plus you could never do any kind of TCP session attack, since you can't complete a handshake. I would have to call this sort of attack a LAAADDoS (Lame Attempt At A

RE: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours

, Justin M. Streiner wrote: You're certainly free to block whatever traffic you wish, but your customers might not appreciate a heavy-handed approach to stopping bad traffic at the gates.

Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours

On Mon, 20 Jul 2015, Colin Johnston wrote: blocking to mitigate risk is a better trade off gaining better percentage legit traffic against a indventant minor valid good network range. There are bound to be an awful lot of babies in that bathwater you're planning to throw out. You're

Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers

Load balancers can also be used like this, while maintaining redundancy (assuming HA LB config). Terminate SSL/TLS on the LB and run plain-text to the application/appliance. As long as the load balancer is in an acceptable part of the network. --Will On 7/17/15 1:59 PM, Michael O Holstein

Re: M$ no v6 or just me?

Hi, however...this revelation is shocking...my users can access www.microsoft.com material via IPv6?? turn this filth off!! ;-) alan

Re: M$ no v6 or just me?

Hi, And there isn't its your DNS ;-) host e10088.dspb.akamaiedge.net e10088.dspb.akamaiedge.net has address 104.70.251.201 e10088.dspb.akamaiedge.net has IPv6 address 2a02:26f0:cb:2a4::2768 e10088.dspb.akamaiedge.net has IPv6 address 2a02:26f0:cb:29a::2768 alan

Re: M$ no v6 or just me?

Hi, No. My DNS (using the roots) gets it right. ;-) so if you choose google DNS you dont see the right stuff..in which case its your DNS and not microsoft or Akamai not doing IPv6 ;-)same true for OpenDNS? likely... alan

Re: Overlay broad patent on IPv6?

Hi, It is a stupid idea if you ask me, ..and thus, based on most of the current technology patents out there, perfectly patentable. dont worry, the rest of the internet will probably need something like this in the future... and whats happened here is some coffee-room tech chat or water

Re: Hotels/Airports with IPv6

Hi, I've done fairly extensive testing, and IPv6 support, while pretty solid on the carrier side, is still iffy on WiFi. Both iOS and Android have various reliability problems with IPv6 and WiFi, mostly related to acquiring a DNS address or maintaining a connection while roaming. Combine

RE: another tilt at the Verizon FIOS IPv6 windmill

On Mon, 13 Jul 2015, Paul B. Henson wrote: Seems to be a lot less noise on this iteration of the shake fist at Verizon's lack of IPv6 thread, I guess everybody is pretty much burned out and given up 8-/. Verizon should just update their IPv6 status page with a link to hurricane electric's

Re: Overlay broad patent on IPv6?

Hi, This is actually a good idea. Roll out an IPV6 only network and only pass out an IPV4 address if it's needed based on actual traffic. yes...shame someones applied for a patent on that! ;-) alan

Re: another tilt at the Verizon FIOS IPv6 windmill

On Sun, 12 Jul 2015, Paul B. Henson wrote: I think it's been about a year and a half since I last looked (and cried) at the status of FIOS IPv6. As far as I can tell, there's been no new official news since 2013. We're deploying IPv6 at the university I work at, so IPv6 at home is moving from

Re: Route leak in Bangladesh

On Tue, 30 Jun 2015, Matsuzaki Yoshinobu wrote: Randy Bush ra...@psg.com wrote A friend in AS58587 confirmed that this was caused by a configuration error - it seems like related to redistribution, and they already fixed that. 7007 all over again. do not redistribute bgp into igp. do not

Re: ARIN just subdivided their last /17, /18, /19, /20, /21 and /22. Down to only /23s and /24s now. : ipv6

On Tue, 30 Jun 2015, Ricky Beam wrote: The death of Novell NetWare (and their transitioned to IP) killed it the enterprise. Games adopting IP for network play killed it in the home. Ultimately, it sucks as a WAN protocol, so the internet was built using this new fangled IP thing. There are

Re: Route leak in Bangladesh

On Tue, 30 Jun 2015, Sandra Murphy wrote: On Jun 30, 2015, at 10:39 AM, Justin M. Streiner strei...@cluebyfour.org wrote: At a minimum, AS-PATH filtering of outgoing routes to just your ASN(s) and your downstream customer ASNs. Whether this is done manually, built using AS-SETs from your

Re: ARIN just subdivided their last /17, /18, /19, /20, /21 and /22. Down to only /23s and /24s now. : ipv6

Hi, I knew several people who built their career path on the assumptions of IPX. Ouch. or DECnet ;-) alan

Re: How long will it take to completely get rid of IPv4 or will it happen at all?

Hi, I just ran a tcpdump looking for NTP packets going to 128.173.14.71. In 90 minutes, I got hits from 330 unique IP addresses, including some that were chatty enough to indicate there were dozens of hosts behind a NAT. ah yes. the joy of the usual 2 scenarios 1) your IP got used in some

Re: Any Verizon datacenter techs about?

On Sun, 28 Jun 2015, chris wrote: I cant say much about other incumbents but i have been in alot of vz co's in nj/nyc and Its very rare to see any humans in a CO anymore even in ones in really dense metro areas The majority of ILEC COs I've seen are unstaffed these days, save for the rare

Re: Open letter to Level3 concerning the global routing issues on June 12th

On Sat, 13 Jun 2015, Mark Tinka wrote: For peering and customers, we set a default prefix limit value for IPv4 and IPv6. We only change this if the peer/customer informs us that they will announce a lot more than what we've configured. We add some % to cover for sudden growth, but not too much

Re: Android (lack of) support for DHCPv6

Hi, Ok, let's see how that goes, even among the few people on this thread. Question for everyone on this thread that has said that DHCPv6 NA is a requirement: suppose that Android supported stateful DHCPv6 addressing, requested a number of addresses, and did not use any of them if the

Re: Android (lack of) support for DHCPv6

Hi, No, the premise is that from a user's point of view, DHCPv6-only networks what about DHCPv6 for IPv6 and DHCP for IPv4 - the client should still be able to pick up an IPv6 addressinstead of forcing the only option to be SLAAC ? alan

Re: Android (lack of) support for DHCPv6

Hi, Asking for more addresses when the user tries to enable features such as tethering, waiting for the network to reply, and disabling the features if the network does not provide the necessary addresses does not seem like it would provide a good user experience. talking of the user

Re: eBay is looking for network heavies...

On Mon, 8 Jun 2015, Yardiel D. Fuentes wrote: This discussion is always reminisced of questions such as: Why would I want to learn Algebra or Calculus in college ? or why would I want to go to college at all ? .. the student argues that calculus or college is hardly ever used, if at all, in a

Re: Android (lack of) support for DHCPv6

Hi, supporting DHCPv6 seems to be that mobile networks don't need it, but that totally ignores 802.11 which is equally important. ...and what about 802.3 for those Android boxes/systems on the wired? :-) I would hope we're past the religious arguments of SLAAC vs DHCPv6 but it seems like

Re: Android (lack of) support for DHCPv6

Hi, Agreed - apparently the solution is to implement SLAAC + DNS advertisements *AND* DHCPv6. Because you need SLAAC + DNS advertisements for Android, and you need DHCPv6 for Windows. Windows has been dealing with SLAAC for ages...and OSX... DHCPv6 is relatively new in that arena...

Re: Android (lack of) support for DHCPv6

Hi, and we wonder at the pitiful ipv6 deployment. if more network admins actually did network stuff then IPv6 deployment would be plentiful and we could even start the discussion about turning off IPv4 ;-) alan

Re: most accurate geo-IP source to build country-based access lists

Hi, Have you thought about application layer tests - e.g. is the client's character set/language set to Swedish? Has the user identified himself/herself/henself as living in or being from Sweeden? ...just waiting for someone to suggest checking their web cookies to see what area they've got

Re: eBay is looking for network heavies...

On Mon, 8 Jun 2015, Jeroen van Aart wrote: On 06/05/2015 06:38 PM, Mike Hale wrote: We need a pool on what percentage of readers just googled traceroute. Don't learn by heart that which you can look up. In this day and age where knowledge about every subject imaginable is a 5 second (to a

Re: most accurate geo-IP source to build country-based access lists

Hi, 2. There are no Russian soldiers in Crimea eh? we know there are as it got annexed last year. I think you meant There are no Russian soldiers in Ukraine ? alan

RE: eBay is looking for network heavies...

On Sun, 7 Jun 2015, Joshua Riesenweber wrote: As someone studying their first CCIE (RS), I sometimes find these kind of discussions disheartening. They come up every now and again, and the opinions seem vary anywhere between 'a good interview tool' and 'less than worthless'. [snip] Does a

Re: gmail security is a joke

On Thu, 28 May 2015, Rich Kulawiec wrote: I think this (Bill's) is a very good practice. It's not that difficult to enumerate the name of every pro sports team in the US, the 100 most popular dog names, the 200 most common street names, etc. This attack can be mitigated by limiting

Re: Galaxy S6 is IPv6 on all US National Mobile carriers

On Mon, 13 Apr 2015, Stephen Frost wrote: I'm still wondering when they're going to teach the Verizon FIOS people about the IPv6 goodness... I've been barking up that three for nearly the past three years. No definite answers thus far, other than the ONTs deployed in many customer

RE: 802.11 based WISP hardware

and grounding. Proper installation makes a big difference no matter what you use. Kenneth M. Chipps Ph.D. -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jason Lixfeld Sent: Friday, March 27, 2015 6:00 AM To: NANOG Subject: 802.11 based WISP hardware Hi all, I’m

RE: 802.11 based WISP hardware

. They haven't pursued FCC certification for 5150 - 5350 or 5470 - 5725. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com - Original Message - From: Kenneth M. Chipps Ph.D. chi...@chipps.com To: NANOG nanog@nanog.org Sent: Friday, March 27, 2015 6:40:35 AM

Re: Getting hit hard by CHINANET

On Mon, 23 Mar 2015, Ca By wrote: Having your upstream apply a permanent udp bw policer, say 5 or 10x busy hour baseline, works well for this. Many upstreams will not do that, particularly on a permanent basis. They might do something temporarily to deal with an incident, but many of the

Re: Usage Graphing per Subnet

On Wed, 18 Feb 2015, Methsri Wickramarathna wrote: My company has 3 upstream providers and we are serving more than 400 customers ..In that case we have to manage our upstream capacity... When considering capacity managing normally we just transfer a /24 from congested Up stream provider to

Re: Intrusion Detection recommendations

On Fri, 13 Feb 2015, Rich Kulawiec wrote: On Fri, Feb 13, 2015 at 02:45:46PM -0600, Rafael Possamai wrote: I am a huge fan of FreeBSD, but for a medium/large business I'd definitely use a fairly well tested security appliance like Cisco's ASA. Closed-source software is faith-based security.

Re: Intellectual Property in Network Design

On 12 Feb 2015, at 3:12, Skeeve Stevens wrote: Hi all, I have two perspectives I am trying to address with regard to network design and intellectual property. 1) The business who does the design - what are their rights? 2) The customer who asked for the rights from a consultant My personal

Re: MultiMode Fiber Connectivity... (850nm) Power Question

On Wed, 11 Feb 2015, Faisal Imtiaz wrote: I was looking for feedback on the following question:- When connecting two MM SFP/SFP+/XFP 's together...(short range). What should be the best practice receive power range ? SX (1G) / SR (10G) / SR10 (100G) gear generally has a receive threshold

Any recommendations for FXS/FXO hardware with Cisco Unified CME

with Sipura/Linksys. I have had good results with Audiocodes+Asterisk, but not in the Cisco PBX environment. Does anyone have boots-on-the-ground knowledge of good analog gateway choices that play very nicely with Cisco PBX? jms -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Senior

Re: Any recommendations for FXS/FXO hardware with Cisco Unified CME

authenticate each other with certificates) for both HTTPS provisioning and for SIP signalling. jms -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Senior Partner, Opus One Phone: +1 520 324 0494 j...@opus1.comhttp://www.opus1.com/jms

Re: Cisco Nexus

On Mon, 2 Feb 2015, Brandon Ewing wrote: On Mon, Feb 02, 2015 at 12:51:04PM -0600, David Bass wrote: The n2k ToR is not a great design for user or storage interfaces if most of your traffic is east/west. It is great as a low cost ilo/drac/choose your oob port, or if most of your traffic is

Re: IPv6 allocation plan, security, and 6-to-4 conversion

On Fri, 30 Jan 2015, Tore Anderson wrote: For many folks, that's easier said than done. Think about it: If everyone could just dual-stack their networks, they might as well single-stack them on IPv4 instead; there would be no point whatsoever in transitioning to IPv6 for anyone. I re-read

Re: IPv6 allocation plan, security, and 6-to-4 conversion

On Fri, 30 Jan 2015, Eric Louie wrote: If you assign a customer IPv6 space only, a translation mechanism is needed to allow that customer to reach Internet destinations that only speak IPv4 today. There's no way around that. What IPv6 to IPv4 translation mechanisms are available for networks

Re: IPv6 allocation plan, security, and 6-to-4 conversion

On Fri, 30 Jan 2015, Eric Louie wrote: It also sounds like the Internet (aka the upstream/Tier 1 carriers) don't want me to advertise anything longer than my /32 into BGPv6. Is that true? (I'm getting that from the spamming comments made by others) Am I supposed to be asking ARIN for a /32

Re: Office 365 Expert

on spreadsheets. jms -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Senior Partner, Opus One Phone: +1 520 324 0494 j...@opus1.comhttp://www.opus1.com/jms

Re: How do I handle a supplier that delivered a faulty product?

On Tue, 16 Dec 2014, Baldur Norddahl wrote: Zhone reversed their stance on this and put everything on finding a fix. Now we have a working firmware that moves data at line speed with no need to put limits on downloads. Everyone are happy now. The 2301 with new firmware is performing as expected

Re: Charging fee for BGP prefix per /24?!

On Wed, 10 Dec 2014, Yucong Sun wrote: It is not the same thing though. In my case, they just say we want you to buy our IP, if you don't and want use you own Arin allocated IP blocks through bgp, then we got to charge you anyway! Are they charging per /24 (assuming IPv4 here...), or per

Re: ARIN's RPKI Relying agreement

Hello, On 12/4/2014 2:33 PM, Andrew Gallo wrote: On 12/4/2014 11:22 AM, William Herrin wrote: Understood and good point. I've heard rumblings of setting up a non-ARIN TAL, though I wonder what the value is in separating RPKI from the registry. Wouldn't this put us in the same position

Re: ARIN's RPKI Relying agreement

Hello, On 12/4/2014 2:33 PM, Andrew Gallo wrote: On 12/4/2014 11:22 AM, William Herrin wrote: Understood and good point. I've heard rumblings of setting up a non-ARIN TAL, though I wonder what the value is in separating RPKI from the registry. Wouldn't this put us in the same position

Re: How do I handle a supplier that delivered a faulty product?

On Tue, 25 Nov 2014, Miles Fidelman wrote: If it doesn't deliver to spec, that certainly seems like a warranty claim, followed by a lawsuit (yes - talk to a lawyer). Also, define large shipment and total dollars involved. You might be able to take them to small claims court (much simpler

Level3 NOC contact

Could a NOC engineer from Level3 contact me off list? I am having issues out of Dallas on a circuit with traffic on your network -- Latency above 100ms --- My peer claims the issue is fixed but I am still seeing the same problem -- Thanks *Nathan Mallory* *Network Engineer* Opelika Power

Re: Level3 NOC contact

A NOC engineer has reached out -- Thanks for the quick response *Nathan Mallory* *Network Engineer* Opelika Power Services 600 Fox Run Pkwy Opelika, Al 36801 Office: (334) 705-1601 On Fri, Nov 21, 2014 at 10:29 AM, N M digitallysto...@gmail.com wrote: Could a NOC engineer from Level3

Re: A case against vendor-locking optical modules

On Mon, 17 Nov 2014, Jérôme Nicolle wrote: What are other arguments against vendor lock-in ? Is there any argument FOR such locks (please spare me the support issues, if you can't read specs and SNMP, you shouldn't even try networking) ? Did you ever experience a shift in a vendor's position

Re: A case against vendor-locking optical modules

On Mon, 17 Nov 2014, Jérôme Nicolle wrote: Is it unrealistic to hope for enough salesmen pressure on the corporate ladder to make such moronic attitude be reversed in the short term ? No salesperson is likely to do that for you. They know only to well that eliminating vendor lock-in means

Re: A case against vendor-locking optical modules

On Mon, 17 Nov 2014, valdis.kletni...@vt.edu wrote: On Mon, 17 Nov 2014 15:34:50 -0500, Justin M. Streiner said: No salesperson is likely to do that for you. They know only to well that eliminating vendor lock-in means they will lose sales on artificially costly optics from $vendor

RE: Cisco CCNA Training (Udemy Discounted Training)

Since there was some interest in the Udemy CCNA training, I'll risk forwarding these additional discounts: Remember that this is ONLY for the month of NOVEMBER! *** CCNA Course is now $24 with coupon code: THANKS24 https://www.udemy.com/the-complete-ccna-200-120-course/?couponCode=THANKS24

Re: Kind of sad

On Wed, 12 Nov 2014, Sholes, Joshua wrote: I concur. I was recently an admin/ITSO for a defense contractor, and from a network logging standpoint it is VERY difficult to tell the difference between what you posted and a really subtle social-engineering-enabled attack--and EVERY attacker these

<    1   2   3   4   5   6   7   8   >