Re: Webmail / IMAPS software for end-user clients in 2016
>From AfterLogic you may use the following webmail clients: - without calendar -> WebMail-lite PHP - with personal calendar -> WebMail PHP - with calendar and full sharing exchange style -> Aurora On Tue, Jun 14, 2016 at 8:50 PM, Guillaume Tournatwrote: > Zimbra is a full featured groupware server. I don't think you can just use > the webmail part with existing IMAP server. > > So it doesn't fulfill requirements stated by initial poster. > > > > > Le 13 juin 2016 à 21:24, Greg Sowell a écrit : > > > > +1 for Zimbra > > > >> On Sun, Jun 12, 2016 at 12:53 PM, Jim Lucas wrote: > >> > >> June 8 2016 6:08 PM, "Eric Kuhnke" wrote: > >>> If you had to put up a public facing webmail interface for people to > use, > >>> and maintain it for the foreseeable future (5-6 years), what would you > >> use? > >>> > >>> Roundcube? > >>> https://roundcube.net > >>> > >>> Rainloop? > >>> http://www.rainloop.net > >>> > >>> Something else? > >>> > >>> Requirements: > >>> Needs to be open souce and GPL, BSD or Apache licensed > >>> > >>> Email storage will be accessed via IMAP/TLS1.2 > >>> > >>> Runs on a Debian based platform with apache2 or nginx > >>> > >>> Desktop browser CSS and mobile device CSS/HTML functionality on 4" to > 7" > >>> size screens with Chrome and Safari > >> > >> I work for an ISP, and recently we were faced with the same dilemma. We > >> knew that our RoundCube was rather old and needed a facelift. We > started > >> looking at new clients what I came across RainLoop. > >> > >> IMO RoundCube still doesn't have a decent working mobile theme. > >> > >> I went ahead and installed RainLoop on my personal server. Configuration > >> was a breeze. The interface is very nice. And the mobile layout is very > >> slick. > >> > >> I did come across a problem with displaying emails and when I emailed > >> their support email, they were very quick to respond. And within 24 > hors > >> they were able to write a fix for my specific issue and build a new > release > >> for me to download and test. > >> > >> I think that says something for their support team. > >> > >> Even if my office doesn't adopt RainLoop, I will continue using it on > my > >> personal server for the forsee able future. > >> > >> -- > >> Jim Lucas > >> C - 5414085189 > >> H - 5413234219 > >> http://cmsws.com > > > > > > > > -- > > > > GregSowell.com > > TheBrothersWISP.com > >
Re: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability
In previous release 9.1(6) this line was ok: nat (inside,outside) source static obj-1.0.0.36_32 obj-1.0.0.36_32 destination static obj-1.0.0.36_32 obj-1.0.0.36_32 In 9.1.(7) wasn't working anymore, so the solution was to add *no-proxy-arp *at the end: nat (inside,outside) source static obj-1.0.0.36_32 obj-1.0.0.36_32 destination static obj-1.0.0.36_32 obj-1.0.0.36_32 *no-proxy-arp* On Mon, Feb 15, 2016 at 1:48 PM, Roberto <robe...@ipnetworks.it> wrote: > Hello, > > > > excuse me for this direct email: but about the > https://www.reddit.com/r/networking/comments/433kqx/cisco_asa_not_recording_an_arp_entry/ > > > > " > > upgraded from 9.0(5) to 9.1(7) > > " > > > > Solved ! > > "Disable Proxy ARP" must be checked on NAT bypass rules (former nat 0). > > > > > > > > are you indicating for example > > that previously on 9.0(5) was: > > nat (inside,outside) source static obj-1.0.0.36_32 obj-1.0.0.36_32 > destination static obj-1.0.0.36_32 obj-1.0.0.36_32 route-lookup > > > > and now on 9.1(7) is: > > nat (inside,outside) source static obj-1.0.0.36_32 obj-1.0.0.36_32 > destination static obj-1.0.0.36_32 obj-1.0.0.36_32 *no-proxy-arp* > route-lookup > > > > > > > > > > > > > > Best Regards, > > _ > > Roberto Taccon > > > > e-mail: robe...@ipnetworks.it > > mobile: +39 340 4751352 > > fax: +39 045 4850850 > > skype: roberto.taccon > > > > -Messaggio originale- > Da: NANOG [mailto:nanog-boun...@nanog.org] Per conto di Adrian M > Inviato: lunedì 15 febbraio 2016 10.06 > A: nanog@nanog.org > Oggetto: Re: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and > IKEv2 Buffer Overflow Vulnerability > > > > Solved ! > > "Disable Proxy ARP" must be checked on NAT bypass rules (former nat 0). > > > > On Thu, Feb 11, 2016 at 3:53 PM, Adrian M <adrian.mi...@gmail.com> wrote: > > > > > Be careful, It appears that something is broken with ARP on this release. > > > We have no ARP on lan interface, and somebody else has a similar problem: > > > > > > https://www.reddit.com/r/networking/comments/433kqx/cisco_asa_not_reco > > > rding_an_arp_entry/ > > > > > > > > > > > > On Wed, Feb 10, 2016 at 10:36 PM, Sadiq Saif <li...@sadiqs.com> wrote: > > > > > >> Update your ASAs folks, this is a critical one. > > >> > > >> > > >> Forwarded Message > > >> Subject: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 > > >> and > > >> IKEv2 Buffer Overflow Vulnerability > > >> Date: Wed, 10 Feb 2016 08:06:51 -0800 > > >> From: Cisco Systems Product Security Incident Response Team > > >> <ps...@cisco.com> > > >> Reply-To: ps...@cisco.com > > >> To: cisco-...@puck.nether.net > > >> CC: ps...@cisco.com > > >> > > >> Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer > > >> Overflow Vulnerability > > >> > > >> Advisory ID: cisco-sa-20160210-asa-ike > > >> > > >> Revision 1.0 > > >> > > >> For Public Release 2016 February 10 16:00 GMT (UTC) > > >> > > >> + > > >> +- > > >> > > >> > > >> Summary > > >> === > > >> > > >> A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and > > >> IKE version 2 (v2) code of Cisco ASA Software could allow an > > >> unauthenticated, remote attacker to cause a reload of the affected > > >> system or to remotely execute code. > > >> > > >> The vulnerability is due to a buffer overflow in the affected code area. > > >> An attacker could exploit this vulnerability by sending crafted UDP > > >> packets to the affected system. An exploit could allow the attacker > > >> to execute arbitrary code and obtain full control of the system or to > > >> cause a reload of the affected system. > > >> > > >> Note: Only traffic directed to the affected system can be used to > > >> exploit this vulnerability. This vulnerability affects systems > > >> configured in routed firewall mode only and in single or multiple > > >> context mode. This vulnerability can be triggered by IPv4 and IPv6 > > >> traffic. > > >> > > >> Cisco has released software updates that address this vulnerability. > > >> This advisory is available at the following link: > > >> > > >> http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ > > >> cisco-sa-20160210-asa-ike > > >> > > >> > > >> > > >> ___ > > >> cisco-nsp mailing list cisco-...@puck.nether.net > > >> https://puck.nether.net/mailman/listinfo/cisco-nsp > > >> archive at http://puck.nether.net/pipermail/cisco-nsp/ > > >> > > >> > > >> > > > >
Re: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability
Solved ! "Disable Proxy ARP" must be checked on NAT bypass rules (former nat 0). On Thu, Feb 11, 2016 at 3:53 PM, Adrian M <adrian.mi...@gmail.com> wrote: > Be careful, It appears that something is broken with ARP on this release. > We have no ARP on lan interface, and somebody else has a similar problem: > > https://www.reddit.com/r/networking/comments/433kqx/cisco_asa_not_recording_an_arp_entry/ > > > > On Wed, Feb 10, 2016 at 10:36 PM, Sadiq Saif <li...@sadiqs.com> wrote: > >> Update your ASAs folks, this is a critical one. >> >> >> Forwarded Message >> Subject: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and >> IKEv2 Buffer Overflow Vulnerability >> Date: Wed, 10 Feb 2016 08:06:51 -0800 >> From: Cisco Systems Product Security Incident Response Team >> <ps...@cisco.com> >> Reply-To: ps...@cisco.com >> To: cisco-...@puck.nether.net >> CC: ps...@cisco.com >> >> Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer >> Overflow Vulnerability >> >> Advisory ID: cisco-sa-20160210-asa-ike >> >> Revision 1.0 >> >> For Public Release 2016 February 10 16:00 GMT (UTC) >> >> +- >> >> >> Summary >> === >> >> A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and >> IKE version 2 (v2) code of Cisco ASA Software could allow an >> unauthenticated, remote attacker to cause a reload of the affected >> system or to remotely execute code. >> >> The vulnerability is due to a buffer overflow in the affected code area. >> An attacker could exploit this vulnerability by sending crafted UDP >> packets to the affected system. An exploit could allow the attacker to >> execute arbitrary code and obtain full control of the system or to cause >> a reload of the affected system. >> >> Note: Only traffic directed to the affected system can be used to >> exploit this vulnerability. This vulnerability affects systems >> configured in routed firewall mode only and in single or multiple >> context mode. This vulnerability can be triggered by IPv4 and IPv6 >> traffic. >> >> Cisco has released software updates that address this vulnerability. >> This advisory is available at the following link: >> >> http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike >> >> >> >> ___ >> cisco-nsp mailing list cisco-...@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ >> >> >> >
Re: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability
Be careful, It appears that something is broken with ARP on this release. We have no ARP on lan interface, and somebody else has a similar problem: https://www.reddit.com/r/networking/comments/433kqx/cisco_asa_not_recording_an_arp_entry/ On Wed, Feb 10, 2016 at 10:36 PM, Sadiq Saifwrote: > Update your ASAs folks, this is a critical one. > > > Forwarded Message > Subject: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and > IKEv2 Buffer Overflow Vulnerability > Date: Wed, 10 Feb 2016 08:06:51 -0800 > From: Cisco Systems Product Security Incident Response Team > > Reply-To: ps...@cisco.com > To: cisco-...@puck.nether.net > CC: ps...@cisco.com > > Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer > Overflow Vulnerability > > Advisory ID: cisco-sa-20160210-asa-ike > > Revision 1.0 > > For Public Release 2016 February 10 16:00 GMT (UTC) > > +- > > > Summary > === > > A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and > IKE version 2 (v2) code of Cisco ASA Software could allow an > unauthenticated, remote attacker to cause a reload of the affected > system or to remotely execute code. > > The vulnerability is due to a buffer overflow in the affected code area. > An attacker could exploit this vulnerability by sending crafted UDP > packets to the affected system. An exploit could allow the attacker to > execute arbitrary code and obtain full control of the system or to cause > a reload of the affected system. > > Note: Only traffic directed to the affected system can be used to > exploit this vulnerability. This vulnerability affects systems > configured in routed firewall mode only and in single or multiple > context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. > > Cisco has released software updates that address this vulnerability. > This advisory is available at the following link: > > http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike > > > > ___ > cisco-nsp mailing list cisco-...@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > >
Re: ddos attacks
Hi, You can also test WANGUARD, http://www.andrisoft.com/ for DDoS detection and BGP triggered blackholing. On Thu, Dec 19, 2013 at 11:32 AM, Eugeniu Patrascu eu...@imacandi.netwrote: Hi, You can also take a look at http://www.packetdam.com/ for DDoS protection. Eugeniu On Thu, Dec 19, 2013 at 10:53 AM, Tore Anderson t...@fud.no wrote: * James Braunegg Of course for any form of Anti DDoS hardware to be functional you need to make sure your network can route and pass the traffic so you can absorb the bad traffic to give you a chance cleaning the traffic. So in order for an Anti-DDoS appliance to be functional the network needs to be able to withstand the DDoS on its own. How terribly useful. Tore
Re: Level3 (3356/3549) changes routing policy
Better to use communities instead. On Aug 2, 2012 11:34 AM, Fredy Kuenzler kuenz...@init7.net wrote: From my observation Level3 has recently changed their routing policy. It seems that 3356 always prefers customer prefixes of 3549, regardless of the AS path length. Example (seen from 3356): 3549_13030_[Customer1]_[**Customer2] is preferred over 2914_[Customer1]_[Customer2] Considering that both 2914 and 3549 are peers of 3356, and 13030 is a customer of 3549, 3356 seems to give higher local-pref on the longer AS-path, likely to increase traffic and revenue of their sister network 3549. Certainly it's common practice to overrule the BGP4 default behaviour, and widely used by smaller networks. Still I'm surprised that it happened obviously rather undetected, at least, to my knowledge, Level3 did implement it silently and hasn't published an official statement or customer announcement, which I think, would have been fair, at least. Considering that Level3 3356 and 3549 are by far the largest networks globally this decision must have a large impact on traffic flows and, of course money flows. Maybe the BGP monitoring experts (aka Renesys et al) can shed some light? -- Fredy Künzler Init7 / AS13030
Re: Proxy Server
pfSense has everything: proxy (squid), firewall, bw-management, captive portal and a very nice web interface for management: www.pfsense.org
MikroTik strikes again ?
MikroTik strikes again ? %BGP-6-ASPATH: Long AS path ... 39412 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 received from : More than configured MAXAS-LIMIT aut-num: AS39625 as-name: ARANEO-AS descr: Omni-Araneo's AS number org: ORG-OSTW3-RIPE import: from AS12968 action pref=100; accept ANY export: to AS12968 announce AS39625 import: from AS39412 action pref=100; accept ANY export: to AS39412 announce AS39625 admin-c: TW1273-RIPE tech-c: TW1273-RIPE mnt-by: AS12968-MNT mnt-routes: AS12968-MNT source: RIPE # Filtered