Re: [AFMUG] OT: Vmware Vs Xen
Xenserver 6.5 is pretty neat, all the management is done via a Windows app, but it is Xen on the back end. Free if you don't need support, and supports live migrations and storage migrations out of the box. ~Duncan On 11/20/2015 9:14 AM, David wrote: I am doing a home brew vmhost at home and I am tossing around using XEN vs Vmware like I use at the office. From what I gather of Xen alot is done within the CLI but I am looking for a client like VMware host client that will give me the gui interface to manage host on XEN Any ideas or thoughts are welcome --
Re: [AFMUG] GigE Testing
If your success rate is pretty good couldn't you just test multiple units at one time. Just use your current testing procedure, but more units daisy chained in a row. If data transmits through multiple units successfully then all of the units in that row must be good. ~Duncan On 8/17/2015 1:01 PM, Chuck McCown wrote: Surge suppressors. For data throughput. One of several tests. *From:* Josh Luthman mailto:j...@imaginenetworksllc.com *Sent:* Monday, August 17, 2015 2:00 PM *To:* af@afmug.com mailto:af@afmug.com *Subject:* Re: [AFMUG] GigE Testing What are you testing exactly? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Aug 17, 2015 3:55 PM, Chuck McCown ch...@wbmfg.com mailto:ch...@wbmfg.com wrote: I am wondering if I got a GigE managed switch, could I see some phy data speeds by looking at its management interface? *From:* Sterling Jacobson mailto:sterl...@avative.net *Sent:* Monday, August 17, 2015 1:54 PM *To:* af@afmug.com mailto:af@afmug.com *Subject:* Re: [AFMUG] GigE Testing Probably two laptops, doesn’t need to be anything fancy, my 2006 Lenovo X60 with GigE port does the full 950Mbps TCP. *From:*Af [mailto:af-boun...@afmug.com mailto:af-boun...@afmug.com] *On Behalf Of *Chuck McCown *Sent:* Monday, August 17, 2015 1:52 PM *To:* af@afmug.com mailto:af@afmug.com *Subject:* [AFMUG] GigE Testing Demand for our GigE surge suppressor has been growing such that I am now limited by my test station throughput. Any ideas on how to test a GigE device go-nogo without buying more big dollar testers (which I currently use)? It needs to be fast and show speeds in both directions. Have considered just putting up a GigE switch and plugging the surge suppressor into two ports and seeing if they light. But that sounds pretty cheap and dirty. Want to see numbers. A laptop talking to another laptop with iperf may end up being the solution. Not sure if there are GigE USB NICS so I could do it all on one laptop or not. Any other ideas?
Re: [AFMUG] how much to worry about SSDP vulnerable customers
We have seen DDOS attacks using port 1900 which max out the customers upload. This isn't terrible for our network, but the customers connection doesn't work very well. We generally don't block ports, but I made an exception for 1900 and 5351. We block UDP traffic inbound to these ports. The chances of DDOS/abuse is too high, and it is documented as a port used for UPnP and NAT-PMP which is not supposed to be public. The chances of any other service using these is pretty low. We've not had any complaints. On 5/18/2015 9:18 AM, Ken Hohhof wrote: I finally started getting ShadowServer reports which are nice. One thing I notice is that about 5% of customers still have routers with SSDP (the discovery protocol for UPnP) exposed on the WAN side. This despite the fact that I scanned the network earlier this year and sent notices to every single customer with this vulnerability. It tells me very few did anything about it. Most of these are DLink DIR-615 routers, and except for the very last version of that router, there is no FW update, their only solution is to disable UPnP in the menus. Apparently that's too difficult for customers. My question: is this serious enough to worry about? Should I just wait for those DLink routers (or their owners) to die? I guess another solution would be to block ports 1900/2049/5783 but these might be legitimately in use as ephemeral ports and I don't like blocking high numbered ports.
Re: [AFMUG] Ether channel 2 different sized links
Can the Dragonwave use mulitple ethernet ports as separate bridges? If you can configure separate bridge ports you might be able to set up an 4 channel etherchannel and direct 2 over the 600 meg link and 1 on each of the 300 meg links. On 4/14/2015 3:23 PM, Sam Lambie wrote: We currently have a Dragonwave Dual Mounted 2+0 PTP setup that is Ether channeled with Cisco switches. Currently each radio link is at 300 mbps. Easy to Ether channel as they are the same sized pipe. Once you get into links of differing throughput, then Ether Channel will fill up to the smallest pipe and the rest is wasted. In the the next month, we are going to install another 2+0 link in the same direction that should have up to 1.2 gb aggregate on that link alone. And 600 mbps on the DW link. So my question is how to essentially bond both links of differing sizes without wasting wireless throughput. Is there something better than Ether channel?
Re: [AFMUG] 477 tract/block info
In google earth right click on the track_## node in Places, go to the Style,Color tab and click Share style, Then change the area Opacity to much less or 0. Lines will still show up of the census tract info. On 2/26/2015 9:20 PM, Glen Waldrop wrote: Thanks! I downloaded those, but as you said, they were completely white. I'd had enough today and put it away until after coffee in the morning. The opacity settings will be the first thing I check. - Original Message - From: Duncan Scott dsc...@onlinenw.com To: af@afmug.com Sent: Thursday, February 26, 2015 7:24 PM Subject: Re: [AFMUG] 477 tract/block info I found the following: http://transition.fcc.gov/form477/Geo/visualizing_census_tracts_in_google_earth.pdf Which links to http://www2.census.gov/geo/tiger/KML/2010_Proto/ download the one that correspondes to your state number (first 2 digits of tract number) This contains a bunch of KML files that will draw borders and label tract info into google earth. While the automation is great this is the easiest way I've found to manually turn a given address into a Tract number. They came up all white in google earth but just lower the opacity on the area and they work really well. Click in a given block to get the tract info. On 2/26/2015 9:03 AM, Glen Waldrop wrote: I've been spinning my wheels for days now, 477 help line is typical government/Microsoft answer, technically correct, practically useless. How do I get the block/tract info? I've got maps, I've got programs, been through the 477 paperwork of the past, none of the numbers I get add up to 15 digits. Getting a little irritated at this point. Thanks guys.
Re: [AFMUG] 477 tract/block info
I found the following: http://transition.fcc.gov/form477/Geo/visualizing_census_tracts_in_google_earth.pdf Which links to http://www2.census.gov/geo/tiger/KML/2010_Proto/ download the one that correspondes to your state number (first 2 digits of tract number) This contains a bunch of KML files that will draw borders and label tract info into google earth. While the automation is great this is the easiest way I've found to manually turn a given address into a Tract number. They came up all white in google earth but just lower the opacity on the area and they work really well. Click in a given block to get the tract info. On 2/26/2015 9:03 AM, Glen Waldrop wrote: I've been spinning my wheels for days now, 477 help line is typical government/Microsoft answer, technically correct, practically useless. How do I get the block/tract info? I've got maps, I've got programs, been through the 477 paperwork of the past, none of the numbers I get add up to 15 digits. Getting a little irritated at this point. Thanks guys.
Re: [AFMUG] private company Instant Messaging
We run ejabberd on a small debian vm and use Gajim or Pandion for the client. Ejabberd is configured to automatically show all users in the contact list. Chat rooms work pretty well in addition to the IM functionality. On 10/27/2014 7:26 PM, Eric Kuhnke via Af wrote: run your own internal irc server in private IP space, set users up with shell accounts that can only run irssi. On Mon, Oct 27, 2014 at 6:08 AM, Paul McCall via Af af@afmug.com mailto:af@afmug.com wrote: Anybody have suggestions on a good IM program to use for internal use? Not a fan of having any of the commercial ones being used by employees because its too tempting for them to use to talk with their friends. We have a No-IM policy and people respect that so looking for a good one I can just run internally for own quick communication Paul McCall, Pres. PDMNet / Florida Broadband 658 Old Dixie Highway Vero Beach, FL 32962 772-564-6800 office 772-473-0352 cell www.pdmnet.com http://www.pdmnet.com/ pa...@pdmnet.net mailto:pa...@pdmnet.net
Re: [AFMUG] ObamaCare
Item 1 only works if you require that people have coverage. Otherwise lots of people will wait until they have a significant medical issue and then go buy coverage. I'm skeptical that 2 or 3 would have any effect on costs. 4. So much for state rights... I have an alternate list: 1. Make it illegal for companies to provide health care. This is the root of the problem and has all sorts of negative effects. ~Duncan On 10/9/2014 8:56 AM, Glen Waldrop via Af wrote: The best idea would have been simple and cheap. 1)Don’t let insurance companies keep people with existing conditions out. 2)Beef up review of bad doctors and get rid of them 3)Pass Tort reform and limit lawyers from suing for excessive malpractice amounts 4)Get rid of state regulations on health insurance and let insurers sell all over the country Rory Well said. - Original Message - *From:* Rory Conaway via Af mailto:af@afmug.com *To:* af@afmug.com mailto:af@afmug.com *Sent:* Thursday, October 09, 2014 10:10 AM *Subject:* Re: [AFMUG] ObamaCare The big mistake of the public was that Obamacare was about bringing down health costs. That was a complete lie. Obamacare was a wealth transfer from the rich to the poor. Then it was burdened by the political correctness bug making everyone pay for every service everyone else needed such as pregnancy coverage for 60 year old women. Throw in the corruption and inefficiency of any government program, and there was no way it was going to be cheaper. What they thought was that they could squeeze doctors and hospitals even further on costs than Medicare and Medicaid already had. What they ended up with is 50% of the hospitals not taking it and some of them going out of business, doctors leaving the profession in droves, and small practices having to be bought up by bigger practices or simply go out of business. The problem was that Obamacare never covered the malpractice costs and subsequent insurance costs which are really driving medical care costs up along with the uninsured and illegal alien population burdening the hospitals with uncollectible debt. The consequences of Obamacare have been far more devastating short term and long term than anyone ever thought of (Dodd—Frank and U.S. tax policy comes into play here also). Small businesses stopped hiring and modified their workforces by letting go full-time employees and moving them to part-time. This has resulted in 75% of all new jobs being part time instead of full time which means that those workers are now on Obamacare if anything. These aren’t the people subsidizing everyone else. Businesses kept workforces at 50 employees, started hiring more contractors, or simply let people go to avoid being forced into buying health care. Even worse, with the costs of health care going up, companies are dropping what health care they had and letting those employees move to Obamacare or cutting the health care insurance that they had back. And everyone keeps touting the “great” systems of health care in Canada and Europe. Those systems are fine if you have the flu but if you need an MRI, it could take months. If you have cancer late in life, I suggest your will is ready. It’s easier to get an MRI for your dog. And when the money runs out in a fiscal year for a specific treatment, you wait until the next fiscal year for that treatment. In Europe, they have lottery’s to see the dentist and if you don’t get picked, hopefully you get picked the next time. Everyone keeps saying that this was a Republican idea. It was actually an idea by the Heritage Foundation and supported by many Republicans, even Newt Gingrich. That doesn’t mean it was ever a good idea, it just means Republican politicians pander to their constituents to stay in office as much as Democratic politicians at the taxpayers’ expense. The best idea would have been simple and cheap. 1)Don’t let insurance companies keep people with existing conditions out. 2)Beef up review of bad doctors and get rid of them 3)Pass Tort reform and limit lawyers from suing for excessive malpractice amounts 4)Get rid of state regulations on health insurance and let insurers sell all over the country Rory *From:*Af [mailto:af-boun...@afmug.com] *On Behalf Of *Paul McCall via Af *Sent:* Thursday, October 09, 2014 7:11 AM *To:* af@afmug.com *Subject:* Re: [AFMUG] ObamaCare Jeremy, I am glad this worked out well for you financially. Most people have been very unhappy with the effect of this, and in then we ALL pay for any costs that are lowered, subsidized etc. Financially for this country as a whole, today and in the future, Obamacare is a disaster. There is NO free lunch system that doesn’t
Re: [AFMUG] DDoS via Dlink DIR-655 router?
This is related to SSDP / UPNP and is a UDP amplification attack similar to the DNS and SNMP UDP attacks. Basically someone forges an IP source on a udp packet and sends it to port 1900 on the router and the router sends some larger amount of data back to the forged ip. This port should not be enabled on the WAN interface, the router should only be listening on the WAN, but it appears several vendors have this issue. There may be a firmware patch, or turning of UPNP may fix the issue. The shadowservers reports will give you reports of open UDP ports on your network that can be used for amplification attacks. https://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwork ~Duncan On 9/26/2014 10:41 AM, Bill Prince via Af wrote: Got a report from someone that had traced a DDoS attack coming from one of our subscribers. It claimed the IP was going out on port 1900 to various and sundry IPs as part of a distributed attack. I ran a torch on the IP, and sure enough, a bunch of connections were going out on port 1900. Talked to the customer, and eliminated all their PCs/phones/etc. one by one, at which point it was only their Dlink router connected to the net. Turning it off stopped the outbound traffic. Just to be sure, we re-connected the customer's wired PC, and no traffic. So at this point, it appears that there was some sort of malware loaded on their Dlink. It's a DIR-655. Anyone else seeing this? Seen it? Other comments?