On Sat, 9 Jun 2001 [EMAIL PROTECTED] wrote:
This is disturbing. I
was more
disturbed by the reported saying somethinb to the
effect The
security issues have been resolved and the system is
now totally
secure. Why is such a critical system as power grid
even
PUBLICLY accessible.
It's
On Sat, 9 Jun 2001, J wrote:
Load testing is fine. The unit we have saturates around 300Mbits/sec. Captus
Any freeware tools to do load testing?
like to see a CSU/DSU connection so I could plant it at MCI or something to
prevent DoS traffic
from getting to my facilitiy.
Huh, why would
I would definitely check that out again. $74k for an IP330 is ridiculous.
The only possible way it could get that high is if they were also adding in
a support contract and software licensing. Are you sure you were speaking
directly to Nokia or was it a reseller? Do you remember who it was
Is there anyway to make traceroute show any additional
devices/nodes, like
bridges ?
James
__
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35
a year! http://personal.mail.yahoo.com/
-
[To unsubscribe, send mail to
Is there anyway to make traceroute show any additional devices/nodes, like
bridges ?
James
_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
unsubscribe
Hi all,
I was wondering if there was a mailling list dedicated to the Cisco PIX
firewall ?
Regards,
Jerome.
__
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3,
On Sun, 10 Jun 2001, Saint James wrote:
Is there anyway to make traceroute show any additional devices/nodes,
like bridges ?
Traceroute is a layer 3 only tool, ie will only show IP routers.
--
Mikael Abrahamssonemail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED]
Does RFC-1483 resolve the ATMARP issue of host impersonation described in RFC 2225?
Find the best deals on the web at AltaVista Shopping!
http://www.shopping.altavista.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
unsubscribe firewalls in the body of the message.]
Hi James,
A traceroute is done on the layer 3 level (IP) whereas a bridge is a layer 2
device (MAC layer), unaware of layer 3 information. So a traceroute will
only show you layer 3 info, and not layer 2. So the answer is no, only layer
3 devices like routers will show up in a traceroute, not
On Sun, 10 Jun 2001 [EMAIL PROTECTED] wrote:
Egress filtering at border points is appropriate for leaf networks.
Which is exactly what I'm proposing.
Many ISPs, though, also ferry third-party traffic between their
peering points; it would be inappropriate for them to accept traffic
what about the military? and sensitive federal entities.
the way these hardened top secret places seem to get cracked
I can't for the life of me figure out what utilities, air traffic
control, emergency services, and military systems are doing on a
public network.
Communications costs and
Egress filtering at border points is appropriate for leaf networks.
Many ISPs, though, also ferry third-party traffic between their
peering points; it would be inappropriate for them to accept traffic
that an egress rule elsewhere will prevent them from delivering.
This isn't to day that
No. Bridges do not, in the networking sense, route traffic, and
need not have addresses (even at layer 2) let alone names.
On 10 Jun 2001, at 3:39, james wrote:
Is there anyway to make traceroute show any additional
devices/nodes, like bridges ?
James
-
[To unsubscribe, send mail to
There are 6 or 8 top-level peering points around the country; two
of them are within 10 miles or so of me -- Nasa Ames and MAE West.
David Gillett
On 9 Jun 2001, at 22:09, Carl E. Mankinen wrote:
Goto 55 marietta in Atlanta and you will see a large peering
arrangement. Lot's of fiber
The original point was that a leaf network might find itself sued if it allows
packets to leave with a bogus source IP address. Perhaps we should write-up a RFC
about leaf networks restricting outgoing packets with egress filtering. It wouldn't
completely stop DDoS but it would make the
Is the any any any rule in both directions?? What are
you seeing in the logs when you attempt to make these
connections?? Please provide more information for a
specific fix to your problem.
PK
--- Patrick James [EMAIL PROTECTED] wrote:
Hi,
I have a FW1 version 4.1 SP2 installation on WinNT
what are layer 1 and layer 4 type devices?
are there any tools to probe such devices since traceroute only
works on layer 3?
On Sun, 10 Jun 2001, Rene Wijninga wrote:
Hi James,
A traceroute is done on the layer 3 level (IP) whereas a bridge is a layer 2
device (MAC layer), unaware of layer
Wow, lots of things to think about
I see J's point of putting a DoS stopper at my upstream provider. We're
running a pair of T1's right now, with another pair for failover. From one
perspective, all it would take to effectively DoS us is 3Mbits/sec of
traffic. I generate that when I fart.
On 10 Jun 2001 10:00:41 -0400, Gary Flynn wrote:
I can't for the life of me figure out what utilities, air traffic
control, emergency services, and military systems are doing on a
public network.
There are good ways to do this, but they require using only secure OSs
that aren't
On Sun, 10 Jun 2001, Zachary Uram wrote:
what are layer 1 and layer 4 type devices?
Do a search for OSI model.
http://www.lex-con.com/osimodel.htm
is probably a good link (just did a quick search myself).
This is BASIC knowledge for anyone in networking, very basic. They mention
this in the
Hi,
When we refer to layer 2 and layer 3 devices we are referring to the OSI 7
layer model, you wont see any devices at layer 1 as this is the physical
layer, i.e. the cable electrical signals are passed along or the fibre that
light is transmitted across, layer 4 is the transport layer which
On 10 Jun 2001, Michael T. Babcock wrote:
They're usually on the PSTN too, don't forget. This isn't an entrance
for worms, etc, but its how most of them get cracked -- phone calls.
Public System Telephone Network?
this is known as phreaking yes?
[EMAIL PROTECTED]
Blessed are those who
I get a number of 'bounced' messages from people on the firewall
list every day. Other lists I am on shield me from such annoying
bounces so why can't this list? Does everyone else get these
bounced messages? Perhaps switch the list to a genuine LISTSERV
with bounce filtering before posts relayed
One thing about egress filtering which I noted recently.
If the leaf node is using VPN software, you may be in for a surprise!
At least one major vendor of VPN client software performs the Virtual
functions by re-writing the source address of the packet:
Mobile PC: -A-
VPN Gateway: -B-
On 10 Jun 2001 11:59:22 -0700, R B wrote:
But seriously, while the Captus box may keep that from making the leap from
my CSU to network, what good is it if my T1's are saturated? I'm running
GigE internally; why do I care about 3 or 4 Mbits of traffic, DoS or not?
Yes, we definetely require
On 09 Jun 2001 21:25:21 +0100, Alex O'Neill wrote:
FYI
TCP/IP is actually 2 protocols each working at a different layer
Yes, people forget that TCP/IP is more accurately TCP over IP, not
TCP or IP.
A good routing book is useful too -- there is a lot of stuff happening
in the background that
On 10 Jun 2001 19:08:49 -0400, Zachary Uram wrote:
Public System Telephone Network?
Yes.
this is known as phreaking yes?
What you're thinking of is ... but no. There are many secure sites with
direct-dial modem lines into their computers for external support or
backdoor access. They also
On 10 Jun 2001 19:30:08 -0400, Zachary Uram wrote:
I get a number of 'bounced' messages from people on the firewall
list every day. Other lists I am on shield me from such annoying
bounces so why can't this list? Does everyone else get these
bounced messages? Perhaps switch the list to a
Hi,
I have a FW1 version 4.1 SP2 installation on WinNT 4.0 SP6. My network is a
simple one where I have couple of servers on the LAN and a Router, the FW1
pretty sits between the LAN Servers and the Router. I configured the proper
NAT and security policy settings absolutely no problem with
On Sun, Jun 10, 2001, at 09:59:16 -0400, Paul D. Robertson wrote:
Once again, I'm stressing that end-user network filtering be the
major point of egress filtering, not ISP networks.
[ ObDisclaimer: i work for a company offering a DDoS product. ]
simple egress filters at the edge, unicast
30 matches
Mail list logo