Application layer firewalls have existed for at least 6 years.
Make that 15
I suspect that claiming to that they existed farther back than 1990 would
require careful debate about the functionality.
Taking it at its most general: a boundary barrier service that mediated
particular
At 02:08 AM 14-09-05 +, [EMAIL PROTECTED] wrote:
And reported Oct 2004:
http://www3.nationalgeographic.com/ngm/0410/feature5/?fs=www7.nationalgeographic.com
-Hank
threat models for huricanes are different that earthquakes.
(or is that one of those disaster+geography
On Wed, 14 Sep 2005, Roy Badami wrote:
Perhaps because most telnet clients will attempt telnet option
negotiation?
No they won't. I don't have any copies of BSD to hand from before 1987,
but even then Berkeley Telnet would not do unsolicited option negotiation
if you specified a port number.
Hi,
How could load on multiple BGP peer links be balanced
automatically?
The situation we are facing:
---|
| Service provider|
| |
--R1R2---
|\
On 9/14/05, Mike Tancsa [EMAIL PROTECTED] wrote:
Port 587?
Not everyone implements that. You would make a large part of the
internet unreachable via email
vinyl# telnet mx2.mail.yahoo.com 587
Trying 67.28.114.36...
telnet: connect to address 67.28.114.36: Connection refused
Trying
As everyone else has said, fiber is best, but if that is not an option...
We have had good luck using these:
http://www.hyperlinktech.com/web/hgln_cat6.php
Trancievers will work as well, but that is a more expensive option.
Nothing is going to protect you from a direct strike.
Jerry
Todd Vierling [EMAIL PROTECTED] writes:
Seriously, though, that's exactly what you're describing, and about what I'd
suggest in a no-other-option scenario -- but if it's possible to pull fiber
through the conduits, it would probably be far less expensive long term, or
even medium term if
anyway, this has been some good discussion, and 2 more people are now on
shim6 :)
I've always wondered why NANOGers refer to Internet resources
in this way. Do NANOG members not know what a URL is?
Perhaps it is because the WWW was invented long after the
Internet was and, as you know, there
In message [EMAIL PROTECTED], Robert E.Seastrom writes:
Todd Vierling [EMAIL PROTECTED] writes:
Seriously, though, that's exactly what you're describing, and about what I'd
suggest in a no-other-option scenario -- but if it's possible to pull fiber
through the conduits, it would probably be
does anyone else find it highly odd and
worrisome that they're sending emails to alert FEMA of a crisis,
instead of, I don't know - phone calls? if I'm a federal agency and I
require FEMA's resources immediately, I'm going to pick up the phone
and call them; not fire off an email marked
At 07:28 AM 14/09/2005, Suresh Ramasubramanian wrote:
On 9/14/05, Mike Tancsa [EMAIL PROTECTED] wrote:
Port 587?
Not everyone implements that. You would make a large part of the
internet unreachable via email
vinyl# telnet mx2.mail.yahoo.com 587
Trying 67.28.114.36...
telnet: connect to
On Wed, 14 Sep 2005 08:44:16 -0400
Steven M. Bellovin [EMAIL PROTECTED] wrote:
In message [EMAIL PROTECTED], Robert E.Seastrom writes:
Todd Vierling [EMAIL PROTECTED] writes:
Seriously, though, that's exactly what you're describing, and about what
I'd
suggest in a
In message [EMAIL PROTECTED], Marshall Eubanks writes:
My direct experience with running long-distance underground cable is
dated -- let's put it like this; we were dealing with RS-232 -- but the
countermeasures to a direct strike on copper cables don't seem to have
improved nearly
threat models for huricanes are different that earthquakes.
(or is that one of those disaster+geography equations?)
For one thing, if you use natural-gas powered gensets,
you are virtually guaranteed to go off-line after an
earthquake. For another, after an earthquake you will
have to be
There's not much left to interpretation and preferences here, aside
from the choice of medium to be used. I should also add that some of the
advice that has been posted in this thread, as well-meaning and thoughtful as it
has been, has been downright dangerous to follow.
If one is going to run
re: what did your electricians say ...
Back to lurking in a moment, but I should note that fire and safety code issues
are so shrouded in matters of locality and jurisdiction, at times, and bound up
in industry and governmental standards that are so esotric in nature, that the
typical electrical
Speaking on Deep Background, the Press Secretary whispered:
re: what did your electricians say ...
Back to lurking in a moment, but I should note that fire and safety code
issues
are so shrouded in matters of locality and jurisdiction, at times, and bound
up
in industry and
On Tuesday 13 September 2005 03:24 pm, R.P. Aditya wrote:
Anyone have recommendations (tested/practical is best :-)?
First bond the cable shield to earth at the entry point in both buildings.
Second use a Tripplite DNET-1 at both buildings. make sure you have a single
point ground terminal
Does anyone know what the story is with Cogent and L3? I noticed that my
Cogent site (IN NY) is using a path to one of my providers (IN NJ) via
asia as opposed to the local and preferred L3 peer. After several days I
was finally told that L3 and Cogent are working through some peering
[Wow, operational content - thank you!]
On Sep 14, 2005, at 6:24 AM, Joe Shen wrote:
How could load on multiple BGP peer links be balanced
automatically?
The situation we are facing:
---|
| Service provider|
|
Is the connectivity with 1 provider or 3 separate provider? The diagram
and wording would seem like its the same.
Patrick W. Gilmore wrote:
[Wow, operational content - thank you!]
On Sep 14, 2005, at 6:24 AM, Joe Shen wrote:
How could load on multiple BGP peer links be balanced
On Wed, Sep 14, 2005 at 01:41:32PM -0400, Joseph Nuara wrote:
Does anyone know what the story is with Cogent and L3? I noticed that my
Cogent site (IN NY) is using a path to one of my providers (IN NJ) via
asia as opposed to the local and preferred L3 peer. After several days I
was finally
On Tue, 13 Sep 2005 20:24:51 +, R.P. Aditya [EMAIL PROTECTED] said:
I have a bunch of cat5 buried about 1 ft below the surface
connecting multiple buildings on a campus (short runs) and lightning
strikes nearby have caused surges along one or more of the cables
and burnt out switch
Everyone,
Does anyone have a reference point for commonly blocked ports?
We have a list, some reactive and some proactive, however we need to remove
ports that are no longer a threat and add new ones as they are published.
Thanks
luke
On Wed, 14 Sep 2005 14:42:56 CDT, Luke Parrish said:
We have a list, some reactive and some proactive, however we need to remove
ports that are no longer a threat and add new ones as they are published.
All ports that are open are threats, at least potentially. What you *should*
be doing is:
- Original Message Follows -
From: Luke Parrish [EMAIL PROTECTED]
To: nanog@merit.edu
Subject: commonly blocked ISP ports
Date: Wed, 14 Sep 2005 14:42:56 -0500
Everyone,
Does anyone have a reference point for commonly blocked
ports?
We have a list, some reactive and some
Not quite looking for tips to manage my network and ACL's or if should or
should not be blocking, more looking for actual ports that other ISP's are
blocking and why.
For example:
port 5 worm 2.5
port 67 virus 8.2
At 03:12 PM 9/14/2005, [EMAIL PROTECTED] wrote:
On Wed, 14 Sep 2005
On Wednesday 14 September 2005 15:41, Luke Parrish wrote:
Not quite looking for tips to manage my network and ACL's or if should or
should not be blocking, more looking for actual ports that other ISP's are
blocking and why.
For example:
port 5 worm 2.5
port 67 virus 8.2
Probably not
On Wednesday 14 September 2005 15:41, Luke Parrish wrote:
Not quite looking for tips to manage my network and ACL's or if
should or
should not be blocking, more looking for actual ports that other
ISP's are
blocking and why.
seems to me this is the wrong question... a default
In message [EMAIL PROTECTED], Aditya writes:
The short-term solution seems to be using the APC PNET1s/Tripplite
DNET1/etc. in each unit and tying them to the water main as an
inexpensive, immediate step while funds are allocated for conduit,
labor etc..
If I recall correctly, the National
A couple of decent barometers:
http://www.dshield.org/topports.php
and:
http://www.mynetwatchman.com/default.asp
- ferg
-- Luke Parrish [EMAIL PROTECTED] wrote:
Not quite looking for tips to manage my network and ACL's or if should or
should not be blocking, more looking for actual
There is only one port worth blocking:
Block port 80 (http)
All other ports might be in use for redirected ssh, telnet, ftp, ...
Blocking port 80 will keep windows people from accidently clicking nonsense.
:)
Kind regards,
Peter and Karin Dambier
Luke Parrish wrote:
Everyone,
Does
Steven M. Bellovin wrote:
In message [EMAIL PROTECTED], Aditya writes:
The short-term solution seems to be using the APC PNET1s/Tripplite
DNET1/etc. in each unit and tying them to the water main as an
inexpensive, immediate step while funds are allocated for conduit,
labor etc..
seems to me this is the wrong question... a default security
posture (network or system, isp or enterprise or any type of
entity) should be: if it's not explicitly allowed, it's denied.
apologies, i see the original poster was talking about a
*backbone*... my mind was on
On Tue, Sep 13, 2005 at 11:09:54PM -0700, Dave Crocker wrote:
Application layer firewalls have existed for at least 6 years.
Make that 15
I suspect that claiming to that they existed farther back than 1990 would
require careful debate about the functionality.
Taking it at its most
Joseph S D Yao [EMAIL PROTECTED] writes:
Dave,
I think the mail gateways back when the various networks were being put
together into an internet had as their functional purpose unifying
disparate networks. On the contrary, a firewall has as its purpose
partitioning a network that
In message [EMAIL PROTECTED], Joseph S D Yao writes
:
On Tue, Sep 13, 2005 at 11:09:54PM -0700, Dave Crocker wrote:
I think the mail gateways back when the various networks were being put
together into an internet had as their functional purpose unifying
disparate networks. On the contrary, a
All,
I saw this evening that CentralNic had added *.uk.com to point to
itself.
I thought this was of operational interest considering the effect
Verisign sitefinder had.
(Sorry Martin, no offence intended)
So I guess the question to us all is: how will this affect our networks
as a whole?
Or
I saw this evening that CentralNic had added *.uk.com to point to
itself.
Why should anyone care? It's just one of ten million dot-com domains.
So will ICANN act on this?
Of course not.
CentralNIC also runs the uk.com, us.com, eu.com and de.com domains.
Well, OK, they run four out of ten
On Sep 14, 2005, at 10:50 PM, John Levine wrote:
I saw this evening that CentralNic had added *.uk.com to point to
itself.
Why should anyone care? It's just one of ten million dot-com domains.
Perhaps the original poster is thinking of .co.uk?
BTW: I have a * on a couple of my personal
On 15/09/05, Jim McBurnett [EMAIL PROTECTED] wrote:
I saw this evening that CentralNic had added *.uk.com to point to
itself.
uk.com is just another consumer ISP, it is not a second level TLD like co.uk is.
So I guess the question to us all is: how will this affect our networks
as a
41 matches
Mail list logo
