Re: IP Address Management IPAM software for small ISP
We migrated from excel to IPPLAN (fairly large corp. network, with 150+ global locations),very easy to setup and import data (CSV). Your cost to try it out is near $0 (only money spent is your own $hour). So far the only issue that we encounter now and then is with the search function, though we haven't had time to tshoot. Other than that I think it's a solid solution, and you can't beat the price :) -- Michael Gatti main. 949.371.5474 (UTC -8) On Dec 13, 2012, at 9:48 AM, Eric A Louie elo...@yahoo.com wrote: That is a superb suggestion, Aftab. I actually did a search through the archives for IPAM and IP address management and the results were ... unsatisfactory. Perhaps I used the wrong archive, and you direct me to an alternate: http://mailman.nanog.org/pipermail/nanog/ is the one I used. I've looked at IPPLan but have not installed it yet. Does anyone with direct experience with it care to share their view? Much appreciated, Eric From: Aftab Siddiqui aftab.siddi...@gmail.com To: Eric A Louie elo...@yahoo.com Cc: NANOG Operators' Group nanog@nanog.org Sent: Thu, December 13, 2012 2:10:24 AM Subject: Re: IP Address Management IPAM software for small ISP Kindly search the archives for many threads on the same subject, which should be the normal practice. nevertheless, IPPlan, PHPIP, PHPIPAM are good enough as per the need. The first one I assume should serve your purpose for both v4 and v6. Regards, Aftab A. Siddiqui On Thu, Dec 13, 2012 at 6:22 AM, Eric A Louie elo...@yahoo.com wrote: I'm looking for IPAM solutions for a small regional wireless ISP. There are 4 Tier 2 personnel and 2 NOC technicians who would be using the tool, and a small staff of engineers. They have regionalized IP addresses so blocks are local, but there are subnets that are global. don't care if it's a linux or windows solution. Need to be able to migrate from FreeIPdb (yes, I know, it's a dinosaur) We're not dealing with a lot now, but the potential for growth is pretty high. What are you using and how is it working for you? Much appreciated, Eric
Solutions for DoS DDoS
Hello Everyone, I'm assisting a non-profit organization to research solutions to secure their network from DOS/DDOS attacks. So far we have gone the route of discussing with their ISP's to see what solutions they have to offer, believing that the carriers are better positioned to block the attack from the source. I wanted to get the lists thoughts on our approach going the carrier route and/or hear about successful implementation of other solutions. Thanks, -- Michael Gatti 949.371.5474 (UTC -8)
Re: Increase of DOS attacks using TCP src and/or dst of 0
I just scanned through the last 48 hours of logs and did not find anything. We are peering with Level3 (AS 3549) and Verizon (AS 11486). -- Michael Gatti main. 949.371.5474 (UTC -8) On Mar 7, 2012, at 12:45 PM, Matthew Huff wrote: Anyone else see a massive increase of scanning/dos with TCP source and/or dst port of 0? We started seeing a massive increase today creating some issue with our firewalls. Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 aim: matthewbhuff| Fax: 914-460-4139
Re: WW: Colo Vending Machine
The Trendnet TU-S9 (works on 32 and 64bit), it uses the prolific chip and it's pretty cheap, making it fit for a vending machine. Trendnet could actually use the Franks Hot Sauce commercial on TV to advertise, the one that the old lady says I put that s$@t on everything. P.S.: I don't work for trendnet :) -- Michael Gatti main. 949.371.5474 (UTC -8) On Feb 17, 2012, at 10:59 AM, Bryan Irvine wrote: On Fri, Feb 17, 2012 at 10:55 AM, Leo Bicknell bickn...@ufp.org wrote: In a message written on Fri, Feb 17, 2012 at 01:35:15PM -0500, Jay Ashworth wrote: Please post your top 3 favorite components/parts you'd like to see in a vending machine at your colo; please be as specific as possible; don't let vendor specificity scare you off. USB-Serial adapters. Preferably selected so they are driverless on both OSX and Windows. :) The trick is to look for one that works on OpenBSD. If it works there, it will work on Windows, Mac, and Linux. YMMV. :-)
Re: WW: Colo Vending Machine
The 30lb sledge hammer should be in the parking lot in a enclosure with a front glass that reads Break in case of extreme frustration right next to the dumpster for recycling hardware. You could make a living just with that business, replacing the front glass. -- Michael Gatti main. 949.371.5474 (UTC -8) On Feb 17, 2012, at 12:06 PM, Peter Kristolaitis wrote: On 12-02-17 03:05 PM, Leigh Porter wrote: Did anybody say beer yet? Don't forget the 30lb sledgehammer for those times when, ah, percussive maintenance is the only possible solution. ;) (Might be a bit hard to fit into a vending machine though... maybe the colo staff could just rent one out...) - Pete
Skype in the Enterprise
Hello Everyone, I wanted to get the groups opinions/thought on how you would or currently handle users wanting or using Skype in the enterprise. Recently what has brought this to light was the fact that our firewalls started to deny/shun users randomly from access to the internet. After a couple of dozen packet captures and cross checking software installed on the clients machines we narrowed down the culprit to be Skype, which later we validated in Lab. What we saw was in random intervals all skype clients would send a burst of requests to the internet which would trigger the intrusion detection threshold of our security appliances. Given that there were no changes to those thresholds I am left to ask what caused this behavior to start, a software update or an update to the skype network (if it can be called that)? I am trying to educate myself a little more before facing the lynch mobs when I start advising on a solution. Thanks for taking the time, -- Michael Gatti main. 949.371.5474 (UTC -8)
Re: accessing multiple devices via a script
Hey did anyone mention Rancid..., just kidding I've used ciscocmd in the past, a little outdated but worth looking at (http://sourceforge.net/projects/cosi-nms/files/ciscocmd/) You might also have some fun writing your own expect scripts. -- Michael Gatti main. 949.371.5474 (UTC -8) On Jan 17, 2012, at 12:43 PM, Fabien Delmotte wrote: Hello, You can use also rancid. Regards Fabien Le 17 janv. 2012 à 20:44, Abdullah Al-Malki a écrit : Thank you all for your recommendations. I will sit this weekend and evaluate what fits into my requirements. Thanks all On Mon, Jan 16, 2012 at 5:05 AM, Rafael Rodriguez packetjoc...@gmail.comwrote: If your looking for something interactive, check out Mr. CLI Sent from my iPhone On Jan 15, 2012, at 12:52, Abdullah Al-Malki a.almalki1...@gmail.com wrote: Hi fellows, I am supporting a big service provider and sometimes I face this problem. Sometimes I want to access my customer network and want to extract some verification output show commands from a large number of devices. What kind of scripting solutions you guys are using this case. Appreciate the feedback, Abdullah
Re: Colocation providers and ACL requests
I tend to disagree somewhat, you really have to put some context around the request and convey that to your provider. If the request is please help me block this DDoS traffic so that I can contact the source as it's impacting my ability to do business I think that is a reasonable request as long as it's not a permanent solution. I have worked through similar incidents in some datacenter in Northern Virginia (Sterling, Ashburn) and all of them accommodated that request at no cost. -- Michael Gatti ekim.it...@gmail.com On Oct 27, 2011, at 8:09 PM, James Ashton wrote: Christopher, This is pretty common policy. Not many datacenters of any size is going to act differently. If you don't purchase this service then you will not get the service. They may be willing work work with you on black-holing problem IPs though. This is pretty common, but don't expect a filtering package without purchasing it. James - Original Message - From: Christopher Pilkington c...@0x1.net To: NANOG mailing list nanog@nanog.org Sent: Tuesday, October 25, 2011 2:43:00 PM Subject: Colocation providers and ACL requests Is it common in the industry for a colocation provider, when requested to put an egress ACL facing us such as: deny udp any a.b.c.d/24 eq 80 …to refuse and tell us we must subscribe to their managed DDOS product? -cjp
Re: [outages] News item: Blackberry services down worldwide, Egypt affected (not N.A.)
I have and totally get the point ... -- Michael Gatti cell.949.735.5612 ekim.it...@gmail.com (UTC-8) On Oct 12, 2011, at 9:12 AM, Leigh Porter wrote: -Original Message- From: -Hammer- [mailto:bhmc...@gmail.com] Sent: 12 October 2011 17:10 To: nanog@nanog.org Subject: Re: [outages] News item: Blackberry services down worldwide, Egypt affected (not N.A.) I have been witness to N+1 HUMAN failures but never a N+1 hardware failure or system/design failure that warranted questioning the need for N+2. Usually your N+1 failure is (as already referenced) pasting in a bad config that gets replicated or something like that. Not saying the hardware is perfect. It's just that I haven't personally seen a full blown failure like that without human help. You have not seen VIP2-40s and CEF in action ;-) -- Leigh Porter __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __
Authoritative DNS server for 12.54.94.0/23 PTR
Hello Nanog Members, We have been having some issue doing reverse lookups for ip's in the 12.54.94.0/23 prefix. We know that this block is assigned to ATT and ATT has assigned that block to Siemens Medical (based on whois queries). We are now trying to find out who would be the authoritative DNS server that would resolve PTR queries for these IP addresses. Would someone from ATT (or Siemens) or someone that has that info please contact me offline to discuss? Thanks Everyone, -- Michael Gatti cell.949.735.5612 ekim.it...@gmail.com (UTC-8)
e-mail blacklisted - TIOPAN.COM
If there is someone from the Company TIOPAN.COM on the list can you please contact me off line. My apologies to the other members of the list for using the list as a contact method. Thank you, -- Michael Gatti cell.949.735.5612 ekim.it...@gmail.com (UTC-8)
Re: East Coast Earthquake 8-23-2011
5.9 Epicenter in Virginia: http://earthquake.usgs.gov/earthquakes/recenteqsus/Quakes/usc0005ild.php#summary Seeing slow internet access out of ASHBURN, VA data centers. Verizon and Global Crossing. Carriers circuits probably overwhelmed with voice/data. I do not have any info on outages or damages related to earthquake. -- Michael Gatti cell.949.735.5612 ekim.it...@gmail.com (UTC-8) On Aug 23, 2011, at 11:36 AM, Sule, Mohammed wrote: Have anyone seen or feel any effect of this on their network? - Visit www.nyc.gov/hhc CONFIDENTIALITY NOTICE: The information in this E-Mail may be confidential and may be legally privileged. It is intended solely for the addressee(s). If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on this e-mail, is prohibited and may be unlawful. If you have received this E-Mail message in error, notify the sender by reply E-Mail and delete the message.
using NESSUS to prepare for PenTest Sec. Audit
Has anyone used Nessus PF (www.nessus.org) as a tool to run a self audit preparing for a PenTest Audit? I wanted to get your opinion on the tool and if it was useful preparing for a PenTest Audit? Thanks, -- Michael Gatti cell.949.735.5612 ekim.it...@gmail.com (UTC-8)
Re: Barracuda Networks is at it again: Any Suggestions as to an Alternative?
Not an appliance but a really amazing job at stopping spam, www.messagelabs.com (purchased by Symantec). We went from messagelabs service to barracuda appliance and the difference is astronomical, whereas before i might get one or two spams a day using MessageLabs now with the barracuda I get an average of 25 to 30. -- Michael Gatti cell.703.347.4412 ekim.it...@gmail.com On Apr 8, 2011, at 11:51 PM, John Palmer (NANOG Acct) wrote: OK, its been a year since my Barracuda subscription expired. The unit still stops some spam. I figured that I would go and see what they would do if I tried to renew my subscription EXACTLY one year after it expired. Would their renewal website say Oh, you are at your anniversary date, and renew me for a year? No such luck: They want me to PAY FOR AN ENTIRE YEAR for which I did NOT receive service and then for the current (upcoming year). Sorry - I don't allow myself to be ripped off like that. Sorry Barracuda - you get no money from me and I'll tell everyone I know about this policy of yours. I posted an article about this unscrupulous practice on my blog last year at http://www.john-palmer.net/wordpress/?p=46 My question is - does anyone have any suggestions for another e-mail appliance like the Barracuda Spam Firewall that doesn't try to charge their customers for time not used. I should be able to shut off the unit for a year or whatever and simply renew from the point that I re-activate the unit instead of having to pay for back-years that I didn't use. Thanks
off topic - purchase Cisco GLC-LH-SM in ashburn, VA area
Would anyone know were I could purchase a Cisco GLC-LH-SM Gbic in the ashburn, sterling, VA area ? =+=+=+=+=+=+=+=+=+=+=+=+= Michael Gatti cell.703.347.4412 ekim.it...@gmail.com =+=+=+=+=+=+=+=+=+=+=+=+=
Netflow Tool
Anyone out there using a good netflow collector that has the capability data to export to CSV? Open Source would be best, but any suggestions are welcome. Thanks, =+=+=+=+=+=+=+=+=+=+=+=+= Michael Gatti cell.703.347.4412 ekim.it...@gmail.com =+=+=+=+=+=+=+=+=+=+=+=+=
Re: Did your BGP crash today?
where's the change management process in all of this. basically now we are going to starting changing things that can potentially have an adverse affect on users without letting anyone know before hand Interesting concept. On Aug 27, 2010, at 3:33 PM, Dave Israel wrote: On 8/27/2010 3:22 PM, Jared Mauch wrote: When you are processing something, it's sometimes hard to tell if something just was mis-parsed (as I think the case is here with the missing-2-bytes) vs just getting garbage. Perhaps there should be some way to re-sync when you are having this problem, or a parallel keepalive path similar to MACA/MCAS/MIDCAS/TCAS between the devices to talk when something bad is happening. I know it wasn't there originally, and isn't mandatory now, but there is an MD5 hash that can be added to the packet. If the TCP hash checks out, then you know the packet wasn't garbled, and just contained information you didn't grok. That seems like enough evidence to be able to shrug and toss the packet without dropping the session. -Dave =+=+=+=+=+=+=+=+=+=+=+=+= Mike Gatti ekim.it...@gmail.com =+=+=+=+=+=+=+=+=+=+=+=+=
Re: Monitoring Tools
Looking at ZenOSS to compliment our OpenView NNM system. So far has been pretty simple to get up and running and the support community is pretty responsive to questions. We have cacti in our environment and it works great for pulling bandwidth, CPU, interface errors, mem utilization. the reportit plugin in particular is great for reporting bandwidth utilization for business hours. -- Mike On Aug 19, 2010, at 3:03 PM, Scott Berkman wrote: The last time I looked, my main issue with Zabbix was that it required (or greatly preferred) their proprietary agent on every host. This may have changed. -Scott -Original Message- From: Nathan Eisenberg [mailto:nat...@atlasnetworks.us] Sent: Thursday, August 19, 2010 2:53 PM To: nanog@nanog.org Subject: RE: Monitoring Tools Am looking for an opensource network monitoring tool with ability to create different views for different users. Regards,Jacob Just to add another opinion to the pot, I've used zabbix in several large environments, and I like it a lot. The developer team is decently sized, and very responsive to requests and feedback (they operate a commercial 'support' model for the platform, so working on the system is literally their day job - as George pointed out, this is often a problem). Zabbix also supports distributed monitoring, which is very handy for scaling or for monitoring multiple locations without dealing with VPNS and the like (or if you have places you need to monitor behind NATs!). Its major weakness at the moment is the weak support for SNMP traps (works great in polling mode, though), so you will want a separate simple system for catching traps. In my opinion, that's just fine, because statistics/trending/basic resource alerting/etc are best kept separate from things like OMG one of my powersupplies is dead!!11one. Also supports IPMI, which is nice if you have IPMI deployed. :-) Best Regards, Nathan Eisenberg =+=+=+=+=+=+=+=+=+=+=+=+= Michael Gatti cell.703.347.4412 ekim.it...@gmail.com =+=+=+=+=+=+=+=+=+=+=+=+=
Fiber Cut in the DC Area
Is anyone aware of a fiber cut that could be affecting the Washington DC area? Just opened a ticket with Verizon and heard of a fiber cut through some side conversations. -- Mike Gatti