Re: looking for documents describing frequent causes for line cuts
thanks! also amusing: http://blog.lafayetteprofiber.com/2008/06/nutria-ratsand-fiber.html http://news.techeye.net/internet/internet-attacked-by-bears#.TnZXk5rhOv8.reddit but I'm looking for something slightly more efficacious than anecdotal. off-list replies (and, why not, some of them are really funny) anecdotes are welcome. On Fri, May 17, 2013 at 8:00 PM, staticsafe m...@staticsafe.ca wrote: On 5/17/2013 22:16, Kyle Creyts wrote: has anyone come by documents containing some statistics regarding leading causes for cuts in fiber, power, cable lines? I seem to remember one which included % cuts due to equipment failure, maintenance, weather, rodents, boring, car accidents, etc. but alas, I cannot find it in my archives. On an amusing note: http://blog.level3.com/level-3-network/the-10-most-bizarre-and-annoying-causes-of-fiber-cuts/ -- staticsafe O ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post - http://goo.gl/YrmAb Don't CC me! I'm subscribed to whatever list I just posted on. -- Kyle Creyts Information Assurance Professional BSidesDetroit Organizer
Re: looking for documents describing frequent causes for line cuts
Here's one I came across from Southern Telecom that seems to give some hard numbers on incidents they've experienced with their fibre lines being severed. Hope this is useful for your needs. Link: http://www.southern-telecom.com/AFL%20Reliability.pdf On Sat, May 18, 2013 at 5:03 AM, Kyle Creyts kyle.cre...@gmail.com wrote: thanks! also amusing: http://blog.lafayetteprofiber.com/2008/06/nutria-ratsand-fiber.html http://news.techeye.net/internet/internet-attacked-by-bears#.TnZXk5rhOv8.reddit but I'm looking for something slightly more efficacious than anecdotal. off-list replies (and, why not, some of them are really funny) anecdotes are welcome. On Fri, May 17, 2013 at 8:00 PM, staticsafe m...@staticsafe.ca wrote: On 5/17/2013 22:16, Kyle Creyts wrote: has anyone come by documents containing some statistics regarding leading causes for cuts in fiber, power, cable lines? I seem to remember one which included % cuts due to equipment failure, maintenance, weather, rodents, boring, car accidents, etc. but alas, I cannot find it in my archives. On an amusing note: http://blog.level3.com/level-3-network/the-10-most-bizarre-and-annoying-causes-of-fiber-cuts/ -- staticsafe O ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post - http://goo.gl/YrmAb Don't CC me! I'm subscribed to whatever list I just posted on. -- Kyle Creyts Information Assurance Professional BSidesDetroit Organizer -- Ryan Gard
Vpn tunnel Asa 5505 to fortigate 60c
Hi nanog, I have a fortigate 60c connecting a vpn tunnel to an asa 5505. I have the connection setup, but it will not connect because unfortunately the isp at the fortigate end decided to give us a 192.168.13/24 address. Now what I'd like to know is if there is any way to get this vpn connection to work through a pat connection until the isp resolves this issue? Thank you for any help. Zane Sent from Samsung mobile
Re: CDN server log
Djamel, If you are looking for a CDN log trace to do academic research work on say, caching algorithms, please be straightforward about your needs and someone (including myself) might be able to help. If your purposes are commercial, asking for free data won't likely get you far. If you're trying to turn the data into money expect to pay someone for it. On May 16, 2013, at 10:33 AM, Michal Krsek mic...@krsek.cz wrote: Hi Djamel, I'm not sure what you are looking for. There is variety of CDN content and popularity is being driven by users and designers. If you have CDN that serves pictures, you get most hits on design pictures, for paid VoD, you get most hits on free trailers. For CatchTV tup you get most hits on new arrivals of popular content. It also depends on geo distribution. Global CDNs get different coverage than regional ones. For live transmissions, you get a lot of content when covering big sports events. For adult based content CDN ... you can imagine ... Just talking in general, having no permission to provide any log. With kind regards Michal Dne 16.5.2013 15:16, Djamel Sadok napsal(a): Hi Pete, I do not use a CDN I am only interested in analyzing content popularity in logs. These could be anonymized. Djamel On Wed, May 15, 2013 at 3:55 PM, Pete Mastin pmas...@internap.com wrote: Hi djamel. If I understand your question - you should take a look at what sawmill offers. Many of our clients use this product to analyze our cdn produced logs. http://www.sawmill.net/ Sent from my iPhone On May 15, 2013, at 10:30 AM, Djamel Sadok ja...@cin.ufpe.br wrote: Hi, Anyone knows of any public CDN server log trace. I am looking for object popularity, hit rate information, ... Thanks, Djamel
Re: Vpn tunnel Asa 5505 to fortigate 60c
What is the public peer address on the ISP end? On May 18, 2013 8:15 AM, akurenath akuren...@hotmail.com wrote: Hi nanog, I have a fortigate 60c connecting a vpn tunnel to an asa 5505. I have the connection setup, but it will not connect because unfortunately the isp at the fortigate end decided to give us a 192.168.13/24 address. Now what I'd like to know is if there is any way to get this vpn connection to work through a pat connection until the isp resolves this issue? Thank you for any help. Zane Sent from Samsung mobile
Re: Remote Hands Nation-Wide?
We do. Worldwide, in fact. On Fri, 17 May 2013, Aaron C. de Bruyn wrote: I recall a message a while back about a company that offered remote hands nation-wide, but my Google-Fu is failing me. Any pointers? We basically need to find coverage for eastern Washington State and all of Oregon. -A -- Brandon Ross Yahoo AIM: BrandonNRoss +1-404-635-6667ICQ: 2269442 Schedule a meeting: https://doodle.com/brossSkype: brandonross
Re: Remote Hands Nation-Wide?
Looking for someone who can do remote hands in the LN3 Savvis data center email me off list with rate and availability. Would essentially need someone to rack/stack do basic cable runs and initial switch/router/server setup. No real technical skills required. Sent from my iPhone On May 18, 2013, at 1:06 PM, Brandon Ross br...@pobox.com wrote: We do. Worldwide, in fact. On Fri, 17 May 2013, Aaron C. de Bruyn wrote: I recall a message a while back about a company that offered remote hands nation-wide, but my Google-Fu is failing me. Any pointers? We basically need to find coverage for eastern Washington State and all of Oregon. -A -- Brandon Ross Yahoo AIM: BrandonNRoss +1-404-635-6667ICQ: 2269442 Schedule a meeting: https://doodle.com/brossSkype: brandonross
Re: Remote Hands Nation-Wide?
On Fri, 17 May 2013, Aaron C. de Bruyn wrote: I recall a message a while back about a company that offered remote hands nation-wide, but my Google-Fu is failing me. I seem to recall discussion of someone running something like a remote hands have/need blog/message board, but my Google-fu is failing me at the moment. It was a good idea, but I don't know if it ever took off. I remember there being sites for coordinating remote hands/volunteer efforts after 9/11, Katrina, and Sandy, but I haven't been able to find one that is more general in nature. jms
Re: Looking for Netflow analysis package
On 5/17/13, Scott Weeks sur...@mauigateway.com wrote: owned resources. So don't. Set up an SSH tunnel over port 80 to your home server and access your non-paragraph-sized-signature email account from home. There's a million ways to do things and still follow corporate rules... The disclaimer requirements seem dumb, but not entirely unreasonable -- we should just tolerate them. As for spam... no good there. I would caution against taking the advise of setting up a SSH tunnel to follow corporate rules. In some cases, that might be subverting the intended affects of corporate rules. The outgoing SSH session (or any encrypted session or tunnel) to an unapproved non-company resource could still be a policy violation in some organizations; where they don't already have a firewall that identifies SSH protocol traffic regardless of TCP port, it is essentially firewall circumvention. The same goes for other encrypted or obscured remote access protocols such as VPNs, IP traffic tunnels, VNC over port 80. The defeat of e-mail/other network activity usage monitoring, may impact archiving of mail or compliance with banking, (or other) regulations. Since the SSH session is encrypted, the company's super-expensive Data Leak Protection software suite may be unable to analyze the outgoing traffic flow over the network. It _might_ be a harmless SSH session to post to a mailing list; OR it might instead be a covert channel for exfiltrating corporate data. The channel is encrypted... how can you prove the difference? How can the organization prove that its employees aren't siphoning customer data out of the database, to satisfy compliance with privacy laws? In orgs with different priorities, or that haven't addressed certain risks, it might be OK. But there will be organizations where it definitely is not OK, so we should just tolerate the spurious disclaimers. scot -- -JH
Re: Looking for Netflow analysis package
On Fri, 17 May 2013 10:02:53 -0700, John Starta said: Do you believe that Brent wrote the disclaimer attached to his message? Despite y/our opinions of such disclaimers, legal counsel in some companies still mandate their automatic attachment on all outbound messages. The only means of avoiding them is to subscribe to mailing lists from a personal e-mail account. There's another way. Educate the technology-challenged people who mandated the disclaimer. pgpO2dM_vQDYV.pgp Description: PGP signature
High throughput bgp links using gentoo + stipped kernel
Hello Everyone, We are running: Gentoo Server on Dual Core Intel Xeon 3060, 2 Gb Ram Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet Controller (rev 06) Ethernet controller: Intel Corporation 82573E Gigabit Ethernet Controller (rev 03) 2 bgp links from different providers using quagga, iptables etc We are transmitting an average of 700Mbps with packet sizes upwards of 900-1000 bytes when the traffic graph begins to flatten. We also start experiencing some crashes at that point, and not have been able to pinpoint that either. I was hoping to get some feedback on what else we can strip from the kernel. If you have a similar setup for a stable platform the .config would be great! Also, what are your thoughts on migrating to OpenBSD and bgpd, not sure if there would be a performance increase, but the security would be even more stronger? Kind Regards, Nick
Re: Vpn tunnel Asa 5505 to fortigate 60c
Almost all firewalls support NAT-T, which allows for using a private IP address on the outside of the firewall (which is translated to a routable public IP address before it gets on the Internet). You will need UDP 500 (for IKE) and UDP 4500 (for IPsec NAT-T) open, so no devices between the firewalls can block those ports. I know the ASA supports this, because I have setup customers with private IP addresses on their ASAs in certain circumstances. I'm not familiar enough with the Fortinet equipment, but you may need to turn on a NAT-T feature. HTH, Fred Reimer On 5/18/13 11:13 AM, akurenath akuren...@hotmail.com wrote: Hi nanog, I have a fortigate 60c connecting a vpn tunnel to an asa 5505. I have the connection setup, but it will not connect because unfortunately the isp at the fortigate end decided to give us a 192.168.13/24 address. Now what I'd like to know is if there is any way to get this vpn connection to work through a pat connection until the isp resolves this issue? Thank you for any help. Zane Sent from Samsung mobile