RE: UPnP/IPv6 support in home routers?

2017-12-11 Thread Keith Medcalf 

UPnP is the spawn of Beelzebub.

Implementation by Bugs Bunny's maroons for use by other maroons is ok, I 
suppose, as long as those of us who are not maroons can turn the evil off.

However, if those maroons start whining about all the crap that happened to 
them because they enabled UPnP they better to be able to take the "I told you 
so you stupid maroon" in stride as a perfectly adequate and entirely correct 
statement of fact.

---
The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
lot about anticipated traffic volume.


>-Original Message-
>From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Fernando
>Gont
>Sent: Monday, 11 December, 2017 05:23
>To: NANOG
>Subject: UPnP/IPv6 support in home routers?
>
>Folks,
>
>Anyone can comment on the UPnP support for IPv6 in home routers?
>
>Those that I have checked have UPnP support for IPv4, but not for
>IPv6
>-- even when the home router does otherwise support IPv6.
>
>Looking at UPnP itself, it seems to allow opening holes at the IGD,
>but
>on a fully-specified (local ip, local port, remote ip, remote port)
>basis, which kind of sucks -- as one would want to be able to
>whitelist
>all ports for a given IP address, or at least (local ip, local port).
>
>Thanks!
>
>Best regards,
>--
>Fernando Gont
>SI6 Networks
>e-mail: fg...@si6networks.com
>PGP Fingerprint:  31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

Re: Packets Broker (aka: WAN Accelerator (aka: Congestion Algorithms (aka: You call yourself a network engineer?) )

2017-12-11 Thread Selphie Keller 
I have some good success with kcptun - https://github.com/xtaci/kcptun it's
designed to handle problematic links.

On 11 December 2017 at 17:34, Alain Hebert  wrote:

> Hi,
>
> We're used to fix Long Fat Network issues ourself...
>
> But I'm stuck in a case where we need to transparently proxy TCP
> connections to apply congestion algorithms (cubic, htcp, etc) since some of
> our newer customers are ... well ... refusing to acknowledge that reality.
>
> Any good lead for a 1U platform averaging ~10Gbps of throughput, that
> isn't some PC hack in a box?
>
> ( off-lists would be nice, unless you think that could be useful to
> others )
>
> Thanks for your time.
>
> --
> -
> Alain Hebertaheb...@pubnix.net
> PubNIX Inc.
> 50 boul. St-Charles
> 
> P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
> Tel: 514-990-5911  http://www.pubnix.netFax: 514-990-9443
>
>

Packets Broker (aka: WAN Accelerator (aka: Congestion Algorithms (aka: You call yourself a network engineer?) )

2017-12-11 Thread Alain Hebert 

    Hi,

We're used to fix Long Fat Network issues ourself...

    But I'm stuck in a case where we need to transparently proxy TCP 
connections to apply congestion algorithms (cubic, htcp, etc) since some 
of our newer customers are ... well ... refusing to acknowledge that 
reality.


    Any good lead for a 1U platform averaging ~10Gbps of throughput, 
that isn't some PC hack in a box?


    ( off-lists would be nice, unless you think that could be useful to 
others )


    Thanks for your time.

--
-
Alain Hebertaheb...@pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911  http://www.pubnix.netFax: 514-990-9443

RE: quake3-master-getservers:

2017-12-11 Thread Edwin Pers 
https://nmap.org/nsedoc/scripts/quake3-master-getservers.html

I'd nuke the entire environment from orbit, no telling what other nasty 
surprises they left for you

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Richard
Sent: Sunday, December 10, 2017 1:36 PM
To: nanog@nanog.org
Subject: quake3-master-getservers:

     NANOG group, at a client site who was complaining of having their Active 
Directory passwords changed every week. Found a PPTP which had been put in 
place by a ex employee. Fixed that.

     I have no idea what a master-get servers is.

     If anyone can ping me-off-list to educate me a bit more, please do.

     Sincerely, Richard

Re: UPnP/IPv6 support in home routers?

2017-12-11 Thread valdis . kletnieks 
On Mon, 11 Dec 2017 09:23:11 -0300, Fernando Gont said:

> Anyone can comment on the UPnP support for IPv6 in home routers?
>
> Those that I have checked have UPnP support for IPv4, but not for IPv6
> -- even when the home router does otherwise support IPv6.

Well, there's a bit of a problem there.

Near as I can tell, to get IPv6 support you need to use IGDv2.

Unfortunately, if you want your Xbox or Playstation to be able
to work, you need to be using IGDv1.

Guess what almost everybody chooses to do?

(Been there, done that - had to rebuild miniupnpd for OpenWRT/Lede
because it built with v2 by default)


pgpbmIgiZLAw1.pgp
Description: PGP signature

UPnP/IPv6 support in home routers?

2017-12-11 Thread Fernando Gont 
Folks,

Anyone can comment on the UPnP support for IPv6 in home routers?

Those that I have checked have UPnP support for IPv4, but not for IPv6
-- even when the home router does otherwise support IPv6.

Looking at UPnP itself, it seems to allow opening holes at the IGD, but
on a fully-specified (local ip, local port, remote ip, remote port)
basis, which kind of sucks -- as one would want to be able to whitelist
all ports for a given IP address, or at least (local ip, local port).

Thanks!

Best regards,
-- 
Fernando Gont
SI6 Networks
e-mail: fg...@si6networks.com
PGP Fingerprint:  31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492