Re: Webmail / IMAPS software for end-user clients in 2016

[Adrian M]

>From AfterLogic you may use the following webmail clients:

- without calendar -> WebMail-lite PHP
- with personal calendar -> WebMail PHP
- with calendar and full sharing exchange style -> Aurora

On Tue, Jun 14, 2016 at 8:50 PM, Guillaume Tournat 
wrote:

> Zimbra is a full featured groupware server. I don't think you can just use
> the webmail part with existing IMAP server.
>
> So it doesn't fulfill requirements stated by initial poster.
>
>
>
> > Le 13 juin 2016 à 21:24, Greg Sowell  a écrit :
> >
> > +1 for Zimbra
> >
> >> On Sun, Jun 12, 2016 at 12:53 PM, Jim Lucas  wrote:
> >>
> >> June 8 2016 6:08 PM, "Eric Kuhnke"  wrote:
> >>> If you had to put up a public facing webmail interface for people to
> use,
> >>> and maintain it for the foreseeable future (5-6 years), what would you
> >> use?
> >>>
> >>> Roundcube?
> >>> https://roundcube.net
> >>>
> >>> Rainloop?
> >>> http://www.rainloop.net
> >>>
> >>> Something else?
> >>>
> >>> Requirements:
> >>> Needs to be open souce and GPL, BSD or Apache licensed
> >>>
> >>> Email storage will be accessed via IMAP/TLS1.2
> >>>
> >>> Runs on a Debian based platform with apache2 or nginx
> >>>
> >>> Desktop browser CSS and mobile device CSS/HTML functionality on 4" to
> 7"
> >>> size screens with Chrome and Safari
> >>
> >> I work for an ISP, and recently we were faced with the same dilemma. We
> >> knew that our RoundCube was rather old and needed a facelift.  We
> started
> >> looking at new clients what I came across RainLoop.
> >>
> >> IMO RoundCube still doesn't have a decent working mobile theme.
> >>
> >> I went ahead and installed RainLoop on my personal server. Configuration
> >> was a breeze. The interface is very nice. And the mobile layout is very
> >> slick.
> >>
> >> I did come across a problem with displaying emails and when I emailed
> >> their support email, they were very quick to respond.  And within 24
> hors
> >> they were able to write a fix for my specific issue and build a new
> release
> >> for me to download and test.
> >>
> >> I think that says something for their support team.
> >>
> >> Even if my office doesn't adopt RainLoop,  I will continue using it on
> my
> >> personal server for the forsee able future.
> >>
> >> --
> >> Jim Lucas
> >> C - 5414085189
> >> H - 5413234219
> >> http://cmsws.com
> >
> >
> >
> > --
> >
> > GregSowell.com
> > TheBrothersWISP.com
>
>

Re: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

[Adrian M]

In previous release 9.1(6) this line was ok:
nat (inside,outside) source static obj-1.0.0.36_32 obj-1.0.0.36_32
destination static obj-1.0.0.36_32 obj-1.0.0.36_32

In 9.1.(7) wasn't working anymore, so the solution was to add *no-proxy-arp
*at the end:
nat (inside,outside) source static obj-1.0.0.36_32 obj-1.0.0.36_32
destination static obj-1.0.0.36_32 obj-1.0.0.36_32 *no-proxy-arp*

On Mon, Feb 15, 2016 at 1:48 PM, Roberto <robe...@ipnetworks.it> wrote:

> Hello,
>
>
>
> excuse me for this direct email: but about the
> https://www.reddit.com/r/networking/comments/433kqx/cisco_asa_not_recording_an_arp_entry/
>
>
>
> "
>
> upgraded from 9.0(5) to 9.1(7)
>
> "
>
>
>
> Solved !
>
> "Disable Proxy ARP" must be checked on NAT bypass rules (former nat 0).
>
>
>
>
>
>
>
> are you indicating for example
>
> that previously on 9.0(5) was:
>
> nat (inside,outside) source static obj-1.0.0.36_32 obj-1.0.0.36_32
> destination static obj-1.0.0.36_32  obj-1.0.0.36_32 route-lookup
>
>
>
> and now on 9.1(7) is:
>
> nat (inside,outside) source static obj-1.0.0.36_32 obj-1.0.0.36_32
> destination static obj-1.0.0.36_32 obj-1.0.0.36_32 *no-proxy-arp*
> route-lookup
>
>
>
>
>
>
>
>
>
>
>
>
>
> Best Regards,
>
> _
>
> Roberto Taccon
>
>
>
> e-mail: robe...@ipnetworks.it
>
> mobile: +39 340 4751352
>
> fax: +39 045 4850850
>
> skype: roberto.taccon
>
>
>
> -Messaggio originale-
> Da: NANOG [mailto:nanog-boun...@nanog.org] Per conto di Adrian M
> Inviato: lunedì 15 febbraio 2016 10.06
> A: nanog@nanog.org
> Oggetto: Re: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and
> IKEv2 Buffer Overflow Vulnerability
>
>
>
> Solved !
>
> "Disable Proxy ARP" must be checked on NAT bypass rules (former nat 0).
>
>
>
> On Thu, Feb 11, 2016 at 3:53 PM, Adrian M <adrian.mi...@gmail.com> wrote:
>
>
>
> > Be careful, It appears that something is broken with ARP on this release.
>
> > We have no ARP on lan interface, and somebody else has a similar problem:
>
> >
>
> > https://www.reddit.com/r/networking/comments/433kqx/cisco_asa_not_reco
>
> > rding_an_arp_entry/
>
> >
>
> >
>
> >
>
> > On Wed, Feb 10, 2016 at 10:36 PM, Sadiq Saif <li...@sadiqs.com> wrote:
>
> >
>
> >> Update your ASAs folks, this is a critical one.
>
> >>
>
> >>
>
> >>  Forwarded Message 
>
> >> Subject: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1
>
> >> and
>
> >> IKEv2 Buffer Overflow Vulnerability
>
> >> Date: Wed, 10 Feb 2016 08:06:51 -0800
>
> >> From: Cisco Systems Product Security Incident Response Team
>
> >> <ps...@cisco.com>
>
> >> Reply-To: ps...@cisco.com
>
> >> To: cisco-...@puck.nether.net
>
> >> CC: ps...@cisco.com
>
> >>
>
> >> Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer
>
> >> Overflow Vulnerability
>
> >>
>
> >> Advisory ID: cisco-sa-20160210-asa-ike
>
> >>
>
> >> Revision 1.0
>
> >>
>
> >> For Public Release 2016 February 10 16:00  GMT (UTC)
>
> >>
>
> >> +
>
> >> +-
>
> >>
>
> >>
>
> >> Summary
>
> >> ===
>
> >>
>
> >> A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and
>
> >> IKE version 2 (v2) code of Cisco ASA Software could allow an
>
> >> unauthenticated, remote attacker to cause a reload of the affected
>
> >> system or to remotely execute code.
>
> >>
>
> >> The vulnerability is due to a buffer overflow in the affected code area.
>
> >> An attacker could exploit this vulnerability by sending crafted UDP
>
> >> packets to the affected system. An exploit could allow the attacker
>
> >> to execute arbitrary code and obtain full control of the system or to
>
> >> cause a reload of the affected system.
>
> >>
>
> >> Note: Only traffic directed to the affected system can be used to
>
> >> exploit this vulnerability. This vulnerability affects systems
>
> >> configured in routed firewall mode only and in single or multiple
>
> >> context mode. This vulnerability can be triggered by IPv4 and IPv6
>
> >> traffic.
>
> >>
>
> >> Cisco has released software updates that address this vulnerability.
>
> >> This advisory is available at the following link:
>
> >>
>
> >> http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
>
> >> cisco-sa-20160210-asa-ike
>
> >>
>
> >>
>
> >>
>
> >> ___
>
> >> cisco-nsp mailing list  cisco-...@puck.nether.net
>
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
>
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> >>
>
> >>
>
> >>
>
> >
>

Re: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

[Adrian M]

Solved !
"Disable Proxy ARP" must be checked on NAT bypass rules (former nat 0).

On Thu, Feb 11, 2016 at 3:53 PM, Adrian M <adrian.mi...@gmail.com> wrote:

> Be careful, It appears that something is broken with ARP on this release.
> We have no ARP on lan interface, and somebody else has a similar problem:
>
> https://www.reddit.com/r/networking/comments/433kqx/cisco_asa_not_recording_an_arp_entry/
>
>
>
> On Wed, Feb 10, 2016 at 10:36 PM, Sadiq Saif <li...@sadiqs.com> wrote:
>
>> Update your ASAs folks, this is a critical one.
>>
>>
>>  Forwarded Message 
>> Subject: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and
>> IKEv2 Buffer Overflow Vulnerability
>> Date: Wed, 10 Feb 2016 08:06:51 -0800
>> From: Cisco Systems Product Security Incident Response Team
>> <ps...@cisco.com>
>> Reply-To: ps...@cisco.com
>> To: cisco-...@puck.nether.net
>> CC: ps...@cisco.com
>>
>> Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer
>> Overflow Vulnerability
>>
>> Advisory ID: cisco-sa-20160210-asa-ike
>>
>> Revision 1.0
>>
>> For Public Release 2016 February 10 16:00  GMT (UTC)
>>
>> +-
>>
>>
>> Summary
>> ===
>>
>> A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and
>> IKE version 2 (v2) code of Cisco ASA Software could allow an
>> unauthenticated, remote attacker to cause a reload of the affected
>> system or to remotely execute code.
>>
>> The vulnerability is due to a buffer overflow in the affected code area.
>> An attacker could exploit this vulnerability by sending crafted UDP
>> packets to the affected system. An exploit could allow the attacker to
>> execute arbitrary code and obtain full control of the system or to cause
>> a reload of the affected system.
>>
>> Note: Only traffic directed to the affected system can be used to
>> exploit this vulnerability. This vulnerability affects systems
>> configured in routed firewall mode only and in single or multiple
>> context mode. This vulnerability can be triggered by IPv4 and IPv6
>> traffic.
>>
>> Cisco has released software updates that address this vulnerability.
>> This advisory is available at the following link:
>>
>> http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike
>>
>>
>>
>> ___
>> cisco-nsp mailing list  cisco-...@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>
>>
>

Re: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

[Adrian M]

Be careful, It appears that something is broken with ARP on this release.
We have no ARP on lan interface, and somebody else has a similar problem:
https://www.reddit.com/r/networking/comments/433kqx/cisco_asa_not_recording_an_arp_entry/



On Wed, Feb 10, 2016 at 10:36 PM, Sadiq Saif  wrote:

> Update your ASAs folks, this is a critical one.
>
>
>  Forwarded Message 
> Subject: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and
> IKEv2 Buffer Overflow Vulnerability
> Date: Wed, 10 Feb 2016 08:06:51 -0800
> From: Cisco Systems Product Security Incident Response Team
> 
> Reply-To: ps...@cisco.com
> To: cisco-...@puck.nether.net
> CC: ps...@cisco.com
>
> Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer
> Overflow Vulnerability
>
> Advisory ID: cisco-sa-20160210-asa-ike
>
> Revision 1.0
>
> For Public Release 2016 February 10 16:00  GMT (UTC)
>
> +-
>
>
> Summary
> ===
>
> A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and
> IKE version 2 (v2) code of Cisco ASA Software could allow an
> unauthenticated, remote attacker to cause a reload of the affected
> system or to remotely execute code.
>
> The vulnerability is due to a buffer overflow in the affected code area.
> An attacker could exploit this vulnerability by sending crafted UDP
> packets to the affected system. An exploit could allow the attacker to
> execute arbitrary code and obtain full control of the system or to cause
> a reload of the affected system.
>
> Note: Only traffic directed to the affected system can be used to
> exploit this vulnerability. This vulnerability affects systems
> configured in routed firewall mode only and in single or multiple
> context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic.
>
> Cisco has released software updates that address this vulnerability.
> This advisory is available at the following link:
>
> http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike
>
>
>
> ___
> cisco-nsp mailing list  cisco-...@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>

Re: ddos attacks

[Adrian M]

Hi,

You can also test WANGUARD, http://www.andrisoft.com/ for DDoS detection
and BGP triggered blackholing.


On Thu, Dec 19, 2013 at 11:32 AM, Eugeniu Patrascu eu...@imacandi.netwrote:

 Hi,

 You can also take a look at http://www.packetdam.com/ for DDoS protection.

 Eugeniu


 On Thu, Dec 19, 2013 at 10:53 AM, Tore Anderson t...@fud.no wrote:

  * James Braunegg
 
   Of course for any form of Anti DDoS hardware to be functional you
   need to make sure your network can route and pass the traffic so you
   can absorb the bad traffic to give you a chance cleaning the
   traffic.
 
  So in order for an Anti-DDoS appliance to be functional the network
  needs to be able to withstand the DDoS on its own. How terribly useful.
 
  Tore
 
 

Re: Level3 (3356/3549) changes routing policy

[Adrian M]

Better to use communities instead.
On Aug 2, 2012 11:34 AM, Fredy Kuenzler kuenz...@init7.net wrote:

 From my observation Level3 has recently changed their routing policy. It
 seems that 3356 always prefers customer prefixes of 3549, regardless of the
 AS path length. Example (seen from 3356):

 3549_13030_[Customer1]_[**Customer2]

 is preferred over

 2914_[Customer1]_[Customer2]

 Considering that both 2914 and 3549 are peers of 3356, and 13030 is a
 customer of 3549, 3356 seems to give higher local-pref on the longer
 AS-path, likely to increase traffic and revenue of their sister network
 3549.

 Certainly it's common practice to overrule the BGP4 default behaviour, and
 widely used by smaller networks.

 Still I'm surprised that it happened obviously rather undetected, at
 least, to my knowledge, Level3 did implement it silently and hasn't
 published an official statement or customer announcement, which I think,
 would have been fair, at least.

 Considering that Level3 3356 and 3549 are by far the largest networks
 globally this decision must have a large impact on traffic flows and, of
 course money flows.

 Maybe the BGP monitoring experts (aka Renesys et al) can shed some light?

 --
 Fredy Künzler
 Init7 / AS13030

Re: Proxy Server

[Adrian M]

pfSense has everything: proxy (squid), firewall, bw-management,
captive portal and a very nice web interface for management:
www.pfsense.org

MikroTik strikes again ?

[Adrian M]

MikroTik strikes again ?

%BGP-6-ASPATH: Long AS path ... 39412 39625 39625 39625 39625 39625
39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625
39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625
39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625
39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625
39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625
39625 39625 39625 39625 39625 39625 39625 39625 39625 39625 39625
39625 39625 39625 39625 received from : More than configured
MAXAS-LIMIT

aut-num: AS39625
as-name: ARANEO-AS
descr:  Omni-Araneo's AS number
org: ORG-OSTW3-RIPE
import:  from AS12968 action pref=100; accept ANY
export:  to AS12968 announce AS39625
import:  from AS39412 action pref=100; accept ANY
export:  to AS39412 announce AS39625
admin-c: TW1273-RIPE
tech-c:  TW1273-RIPE
mnt-by:  AS12968-MNT
mnt-routes:  AS12968-MNT
source:  RIPE # Filtered