[swinog] A team helping whistleblowers (OT!)
https://www.swiss-leaks.net/ Some years back, when I was net admin, I was surprised how easy it was to make you shut your mouth about whatever problem you find disgusting in our society. A big DDoS in the dark corner of your network, et voilà, affaire étouffée! Those peoples seems able to help you in such case. Regards. -- Philippe Strauss ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] changing a DNS PTR record for a swisscom SME customer
Hello Swinog, I’d like to change some DNS PTR records for a swisscom SME customer with at least one fixed IP address per site, is there some web app provided by swisscom where I can operate this kind of DNS config change? Thanks in advance! -- Philippe Strauss https://www.strauss-engineering.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] 44 Terabits/s !
> Le 24 mai 2020 à 11:15, roger mgz a écrit : > > > Not to mention the Switch Fabrics needed for such speed :( ACK! a less formal article: https://www.theregister.co.uk/2020/05/22/optical_chip_fiber_speed_record/ Regards. -- Philippe Strauss https://www.strauss-engineering.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] 44 Terabits/s !
https://www.nature.com/articles/s41467-020-16265-x Duh we need to upgrade FAST those lousy 400gig/s interfaces! :-) -- Philippe Strauss https://www.strauss-engineering.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] aside from my economical warfare problems: a simple, python pexpect based cisco config archiver to SVN (not using SFTP but the CLI).
yuk must be difficult to get one single dime from a cisco config archiver :-) more seriously, I prefer a 4 pages code I can comprehend and bend at my taste. it was sent to this list when doing some housekeeping of my HDD and oohh, this one may still be usefull to someone else. Le 11 janv. 2012 à 14:34, Peter Siegrist a écrit : for a few dollars more ... take a look at the *MyConf* Cisco config backup, archive and copmpare tool at http://www.myport-tools.ch Its not using cvs or svn like rancid but using its own archive structure and in addition it has a graphical web interface. kind regards sigi Philippe Strauss wrote: code is small enough to be bende according to your taste: http://www.philou.ch/cisco-term-backup.html cheers. -- Philippe Strauss http://www.philou.ch/ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog -- Philippe Strauss http://www.philou.ch/ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] aside from my economical warfare problems: a simple, python pexpect based cisco config archiver to SVN (not using SFTP but the CLI).
python is terribly dificult to decipher, you're right stanislav. it is as it is, not more, not less, there's two paths to adapt, the right amount of comments, and you must run the configtree.py to get an idea of the traversal of the tree for building the configuration data. if you prefer git rather than SVN, it's probably 3 lines to adapt, haven't checked. Le 11 janv. 2012 à 19:07, Stanislav Sinyagin a écrit : a 4-page script with no documentation, no revision control, and hardcoded paths? Some people call it a dirty hack :) For a real software, have a look at https://github.com/ssinyagin/gerty It's not released yet, but already used in a couple of production installations. Plenty of documentation is available. Config backup is just a small part of what it can do :) cheers stan From: Philippe Strauss phi...@philou.ch To: swinog@lists.swinog.ch Sent: Wednesday, January 11, 2012 3:55 PM Subject: Re: [swinog] aside from my economical warfare problems: a simple, python pexpect based cisco config archiver to SVN (not using SFTP but the CLI). yuk must be difficult to get one single dime from a cisco config archiver :-) more seriously, I prefer a 4 pages code I can comprehend and bend at my taste. it was sent to this list when doing some housekeeping of my HDD and oohh, this one may still be usefull to someone else. Le 11 janv. 2012 à 14:34, Peter Siegrist a écrit : for a few dollars more ... take a look at the *MyConf* Cisco config backup, archive and copmpare tool at http://www.myport-tools.ch/ Its not using cvs or svn like rancid but using its own archive structure and in addition it has a graphical web interface. kind regards sigi Philippe Strauss wrote: code is small enough to be bende according to your taste: http://www.philou.ch/cisco-term-backup.html ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog -- Philippe Strauss http://www.philou.ch/ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] aside from my economical warfare problems: a simple, python pexpect based cisco config archiver to SVN (not using SFTP but the CLI).
code is small enough to be bende according to your taste: http://www.philou.ch/cisco-term-backup.html cheers. -- Philippe Strauss http://www.philou.ch/ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Beware : Sorte de service secret fachisant dans les telecoms
(NB: synopsis au préalable réservé aux instances judiciaires avant d'avoir dispatché par internet tel une bouteille à la mer - aussi, synopsis dont je ne suis pas conscient, élément disparates dans mon esprit, en 2002 - 2003) Etranges activités de type services secrets dans les télécoms A l'été 2001, lors d'un entretien d'embauche pour la ville de Lausanne, un RH (ci-après identifié GADLU) me parle de services secrets. Il positive le domaine, m'attire à accepter de faire partie de la cellule RE-NATO. J'ai testé pour vous, ils sont, sans exagération aucune, assimilables à des DANGERS PUBLICS. Un service secret dans les télécoms assimilables à des dangers publics J’ai un vécu plutôt singulier dans ce domaine professionnel : quelques semaines avant de travailler entre autre avec RE-NATO à la création de la SSI INC. sàrl, on m’empoisonne probablement à l’aide d'adrénaline de synthèse, ayant un puissant effet sur mon rythme cardiaque, partant au plafond, soit 200-210 chez moi, pendant quelques dizaines de minutes, pour rester aux alentours de 180 pendant plusieurs heures. C’était le 19 ou 20 août 2002. Une démonstration de type réseau humain sécuritaire avait lieu autour de moi depuis quelques mois. Celle-ci durera encore la bagatelle de trois ans. Durant mes études d’ingénieur en télécommunication à ce qui est aujourd’hui l’HEIG-VD, probablement en 1995 ou 1996, un professeur, MJATS, ex-employé de Siemens, nous parle du protocole GSM. Ce dernier nous fait part de données intéressantes propre à l’aspect de synchronisation du protocole, exploitables pour géolocalisation de l’abonné si quelques recoupements de bases de données étaient effectués. Quelques semaines ou mois plus tard, celui-ci sera victime d’une crise cardiaque. A 45-48 ans, adepte de grimpe en montagne, de cols des 4000m. Selon une convesation avec GADLU, RH au Service électrique de la Ville de Lausanne, conversation dans laquelle il y aura eût à boire et à manger, RE-NATO aurait été réinscrit de la filière informatique à la filière télécoms à l’HEIG-VD, durant l’été 1993, été de nos écoles de recrues respectives. Le père de RE-NATO est instructeur à l’armée suisse, retraité. Plus récemment, l’ex-amis de ma soeur semble avoir été réseauté par bouche à oreille afin de lui faire faire des scènes de ménages quelques peu théatralisées. But : me faire peur. Dans le même laps de temps, quelques appels téléphoniques que je passe à un amis ne déclencheront pas la sonnerie de son côté, par contre j’entendrai à l’appareil l’environnement sonore autour de cette amis. Autre gadget sécuritaire concocté par le team RE-NATO semble-t-il : un moyen d’établir une conversation téléphonique à sens unique, sans déclencher la sonnerie. Outil d’espionnage auquel j’aurait du adhérer afin de surveiller le couple de ma soeur et son ex-amis, par ce biais adhérer aux métohdes de la cellule RE-NATO. Il y eut énormément de douleurs chez moi durant les 5.5 années ayant suivi l’empoisonnement, probablement plus encore chez MJATS. La notion de danger public concernant RE-NATO et ses sbires n’est de loin pas une exagération. Dans mon cas, l’empoisonnement est probablement un préalable visant à me constituer un dossier psychiatrique de paranoïaque en début de démonstration du team des sécuritaires zélés, d’avoir de leur côté de quoi me décrédibiliser dans cette affaire au cas ou j’ouvrais trop les yeux sur leurs activités. En annexe le log de la démonstration du team RE-NATO au fil des années, dont ont m’a volé le document source à l’été 2009. Les hypothèses de ce document sont celles de la fin du printemps 2009. Le document étant long, c'est la lecture des points 22 à 29b, 33, 46 à 50, 55, 63 à 88 qui est recommandée, (!) le point 84c est emblématique du niveau de stratégie de la cellule RE-NATO, soit enrôler quelques personnes de mon environnement et leur faire commettre des actes accessoires dans l'ensemble, puis leur faire croire que j'en rajoute, consciemment ou pas, afin de me faire passer pour malade mental. http://www.philou.ch/attachements-email/rezo-zero-anon.pdf Le contenu de ce message est aussi disponible sur le site suivant: http://www.philou.ch/ http://www.philou.ch/cellule-renato.html http://helvetic-park.bravehost.com/ (version antérieure) -- Philippe STRAUSS ingénieur en télecoms ancien directeur technique d'Urbanet Av. de Beaulieu 25 1004 Lausanne friendship7...@gmail.com phi...@philou.ch -- Combien de tels fanatiques de domination mentale nous reste-t-il dans les administrations suisses ? Combien de victimes, passées à l'adrénaline et lavage de cerveau façon STASI ? Combien de hauts fonctionnaires d'officines sécuritaires, vaudoises, suisses, se sont fait corrompre de zèle extrème ? 7.12.2011 10h45: pas impossible qu'un fonctionnaire ait désiré lancer des ballons sondes quant au réseautage des ingénieurs systèmes s'occupant de serveurs emails dès 1999 déjà, ce afin de leur demander des
Re: [Fwd: [swinog] SwiNOG #16 Questionaire]
On Mon, May 19, 2008 at 11:25:55PM +0200, Fredy Kuenzler wrote: REMINDER: if you haven't done it, please fill in the SwiNOG #16 questionaire. IMPORTANT: if you could not attend, please fill it in nevertheless. We especially want to know how many could not attend because the registration was already full. http://www.surveymonkey.com/s.aspx?sm=X0yt16xSyV6I39PzlqosLQ_3d_3d Thanks, Fredy Fredy, Just FYI, I'had a quick look at it and gived up seeing that on the first question there was no I've never been informed or deleted by mistake the announcement of the registration opening. regards. -- Philippe Strauss av. de Beaulieu 25 1004 Lausanne http://philou.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] and someone gently arp flooding the CIXP
-- Philippe Strauss av. de Beaulieu 25 1004 Lausanne http://philou.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] cixp l2 loop/flood: it's fixed
-- Philippe Strauss av. de Beaulieu 25 1004 Lausanne http://philou.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] someone from Colt on this list?
with BGP and ripe-robot knowledge before my nerves get exhausted -- Philippe Strauss av. de Beaulieu 25 1004 Lausanne http://philou.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] verrizon and swisscom in the schoolyard
rustine:/etc/smokeping# traceroute 62.202.14.193 traceroute to 62.202.14.193 (62.202.14.193), 30 hops max, 40 byte packets 1 fa0-0.rt1.plo1.dfinet.net (195.70.0.65) 1.500 ms 0.675 ms 0.875 ms 2 fa0-6.sw-bb2.cc.dfinet.net (195.70.11.1) 1.093 ms 1.556 ms 0.847 ms 3 gi0-1.rt-b1.cc.dfinet.net (195.70.0.3) 1.117 ms 1.020 ms 0.847 ms 4 POS8-1-0.GW2.GVA2.ALTER.NET (146.188.70.101) 2.361 ms 1.036 ms 1.503 ms 5 GigabitEthernet3-0.CR3.GVA2.ALTER.NET (146.188.6.5) 0.998 ms 2.059 ms 0.921 ms 6 so-2-2-0.XR1.ZUR4.ALTER.NET (146.188.2.85) 5.754 ms 4.690 ms 5.358 ms 7 so-2-0-0.TL2.ZUR3.ALTER.NET (146.188.3.97) 5.090 ms 4.691 ms 4.775 ms 8 so-4-0-0.IR1.NYC12.ALTER.NET (146.188.3.201) 91.318 ms 91.107 ms 91.291 ms 9 0.so-0-2-0.IL3.NYC9.ALTER.NET (152.63.23.57) 91.972 ms 92.164 ms 92.144 ms 10 0.so-7-0-0.XL3.NYC4.ALTER.NET (152.63.10.21) 91.724 ms 91.529 ms 91.444 ms 11 510.ATM6-0.IG4.NYC4.ALTER.NET (152.63.20.57) 91.472 ms 91.618 ms 91.574 ms 12 swisscom-oc3-gw.customer.alter.net (157.130.219.226) 95.619 ms 95.028 ms 94.691 ms 13 i79zhb-005-pos4-0.bb.ip-plus.net (138.187.159.5) 221.616 ms 209.767 ms 216.794 ms 14 tge3-3.bwrt1inb.bluewin.ch (195.186.0.113) 98.431 ms 98.851 ms 98.780 ms 15 if98.ip-plus.bluewin.ch (195.186.0.98) 98.910 ms 98.789 ms 99.633 ms 16 ge0-1.bwrtrip1zhb.bluewin.ch (195.186.120.178) 98.896 ms 98.716 ms 98.524 ms 17 ge0-2.bwrtrip1zhh.bluewin.ch (195.186.55.226) 98.790 ms 98.805 ms 99.091 ms 18 ge0-2.bwadf2zhh.bluewin.ch (195.186.122.131) 99.276 ms 100.072 ms 99.006 ms 19 193.14.202.62.fix.bluewin.ch (62.202.14.193) 111.280 ms 112.007 ms 111.729 ms 20 * * * behave yourself, boys! -- Philippe Strauss av. de Beaulieu 25 1004 Lausanne http://philou.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] quiet a bit of eastern europe traffic in a blackhole
Anyone having routed around _3327_ successfully? (me not :-/) -- Philippe Strauss av. de Beaulieu 25 1004 Lausanne http://philou.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] zyxel ENET encap
Hello, What is the ENET encap found in these wonderfully well designed/engineered/manufactured products that the Zyxel xDSL line of modems/router are? ;-) Is it IP right over RFC1483-Routed over AAL5? (IP over ATM) (I would like to compare it's encap overhead relative to others encap) regards. -- Philippe Strauss av. de Beaulieu 25 1004 Lausanne http://philou.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] _1273_8342$
Anyone else with problems on this AS-PATH? (I just needed to lower its local-pref) regards. -- Philippe Strauss av. de Beaulieu 25 1004 Lausanne http://philou.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] swisscom ADSL outage
Hello, We just had a big swisscom BBCS/ADSL outage here in Geneva. ~half of our ADSL customers affected. No feedback from swisscom yet. Anyone else? regards. -- Philippe Strauss av. de Beaulieu 25 1004 Lausanne http://philou.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] AS1233: cixp peers
Hello, AS12333 (DFi) is about to make maintenance work affecting CIXP peers. It should be offline just a few minutes. Have a nice week-end. -- Philippe Strauss av. de Beaulieu 25 1004 Lausanne http://philou.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] AS6730 unreachable from some parts of the net ??
Hello, AS6730 is unreachable for at least us (DFi, AS12333) and anonymouse.org. I've tried our both upstreams AS702 and AS5511 with the same result. verified using www.romandie.com (195.141.38.35) and www.sunrise.ch as (195.141.106.96) target adresses. BGP table looks fine. Anyone else? -- Philippe Strauss av. de Beaulieu 25 1004 Lausanne http://philou.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] AS6730 unreachable from some parts of the net ??
On Fri, May 11, 2007 at 05:24:48PM +0200, Xaver Aerni wrote: I don't think it ist an AS Problem www.pop.ch 195.141.232.253 is also on AS6730 ist reachable. The www.sunrise.ch and www.romandie.com isn't I think is a Server Problem by Sunrise. Greetings X. Aerni I can reach www.pop.ch from AS12333 -- Philippe Strauss av. de Beaulieu 25 1004 Lausanne http://philou.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] PoE injector recommendation
Hello swinogers, Who knows a good supplier for PoE injectors? 48 ports preferably. (48 port 10/100 without power, toward the switch, power supply, and 48 port 10/100 with PoE toward phones) With good experiences in the field! Thanks, regards. -- Philippe Strauss av. de Beaulieu 25 1004 Lausanne http://philou.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] ULL presentation
On Wed, May 02, 2007 at 11:39:21AM +0200, JIm Romaguera wrote: Hi, I saw that the upcoming Swinog agenda has a free slot at 11:15-12:00 (at least I guess it's free - stated reserved). It would be interesting for me, and I think the provider community as well, to see Swisscom give a presentation on ULL. Something like Technical Aspects of Provider's implementing the current Swisscom defined ULL. The timing of Swinog and the current Swisscom deadlines for ULL make the theme very actual. BTW: I don't expect Swisscom to come and defend the commercial aspect - just elaborate upon the technical aspects. If the Swinog Core Team agrees and can find space in the agenda, plus some of our Swisscom colleagues on the list can coordinate internally within Swisscom, maybe someone suitable within Swisscom could be found to give such a presentation? very good idea indeed! -- Philippe Strauss av. de Beaulieu 25 1004 Lausanne http://philou.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] cacti multiple rra settings
Hello swinogers, does anyone know if there is a way, with cacti, to use different RRA settings for different RRD archive? I've only found one global template for the whole cacti installation, and sometimes I would like to setup some RRD to keep one month of 5minutes sampled data, but it doesnt seem to be possible to have differents RRA templates. regards. -- Philippe Strauss av. de Beaulieu 25 1004 Lausanne http://philou.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] dns10.register.com
following my own post, switch and nordunet bgp looking glass return network not in table, RIPE looking glass return a default route, but is reachable via traceroute: Traceroute from RRC00 to 216.21.226.75. traceroute to 216.21.226.75 (216.21.226.75), 30 hops max, 38 byte packets 1 gw.dev.nsrp.ripe.net (193.0.0.14) 0.428 ms 0.390 ms 0.381 ms 2 GigabitEthernet3-2.core2.ams1.level3.net (195.69.144.110) 2.508 ms 202.686 ms 1.990 ms 3 ge-7-0-0.mp2.Amsterdam1.Level3.net (4.68.125.205) 1.095 ms ge-0-0-0.mp2.Amsterdam1.Level3.net (4.68.96.197) 74.588 ms ge-7-0-0.mp2.Amsterdam1.Level3.net (4.68.125.205) 1.085 ms 4 ae-0-0.bbr2.NewYork1.Level3.net (64.159.1.42) 74.247 ms 74.028 ms 73.995 ms 5 ae-23-52.car3.NewYork1.Level3.net (4.68.97.50) 74.067 ms ae-13-55.car3.NewYork1.Level3.net (4.68.97.146) 74.204 ms ae-13-51.car3.NewYork1.Level3.net (4.68.97.18) 74.171 ms 6 ggr2-p360.n54ny.ip.att.net (192.205.33.93) 288.354 ms att-level3-oc192.NewYork1.Level3.net (4.68.127.150) 88.747 ms 122.789 ms 7 tbr1-p010401.n54ny.ip.att.net (12.123.3.57) 75.670 ms 75.901 ms 76.346 ms 8 gar4-p300.n54ny.ip.att.net (12.123.3.2) 253.718 ms 150.569 ms 113.689 ms 9 mdf16-gsr12-2-pos-7-0.nyc2.attens.com (12.122.255.214) 295.640 ms 296.016 ms 295.561 ms 10 mdf19-bi8k-2-eth-1-2.nyc2.attens.net (63.240.0.110) 295.347 ms 296.296 ms 295.773 ms 11 63.240.5.102 (63.240.5.102) 297.601 ms 296.192 ms 296.644 ms 12 * * * 13 dns10.register.com (216.21.226.75) 296.623 ms 295.915 ms 296.313 ms -- Philippe Strauss av. de Beaulieu 25 1004 Lausanne http://philou.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] [Fwd: [Full-disclosure] DNS Smurf revisited]
On Tue, May 31, 2005 at 10:49:00AM +0200, Beat Rubischon wrote: Hello! Am 30.05.05 schrieb Philippe Strauss: sunrise freesurf used to allow this also, didn't try for some time. (it even let source address be in the private address space) amazing to still see this in 2005! Each filter takes some CPU cycles. And CPU-Power is still really expensive on a Cisco device. A word stolen from the IBM world: You will never have performance problems. You may habe financial problems, but you will never have performance problems. a simple search on google, I find a paper about a routing table lookup algorithm, on standard CPU, able to do 30Millions lookup per second (on a 500MHz cpu). with current CPU frequency, it would rather be 120Millions/s on such commodity pc the bottleneck is the bus architecture, though. 2Gbit/s of traffic translate to roughly 40 packets per second that leaves a lot of spare cpu time. -- Philippe Strauss av. de Beaulieu 25 1004 Lausanne http://philou.ch/ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] [Fwd: [Full-disclosure] DNS Smurf revisited]
On Mon, May 30, 2005 at 09:55:39AM +0200, Marc SCHAEFER wrote: On Fri, May 27, 2005 at 09:31:32PM +0200, Simon Leinen wrote: I can spoof packets from my home broadband connection (and probably the 299'999 other broadband customers of that Swiss ISP can do so as well :-). Hopefully other Swiss ISPs do this better. sunrise freesurf used to allow this also, didn't try for some time. (it even let source address be in the private address space) amazing to still see this in 2005! is there valuable argument from these ISP or is it ignorance / badly designed networks?? on the leaf interfaces of the ISP routing topology: (cisco) ip verify unicast reverse-path (linux) echo 1 /proc/sys/net/ipv4/conf/ethN/rp_filter there is still this good paper from cisco, it's a bit dated but probably mean no real valuable features was added in IOS since 2001: http://www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip bye. -- Philippe Strauss av. de Beaulieu 25 1004 Lausanne ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] [Fwd: [Full-disclosure] DNS Smurf revisited]
On Mon, May 30, 2005 at 05:59:35PM +0200, Jean-Pierre Schwickerath wrote: is there valuable argument from these ISP or is it ignorance / badly designed networks?? Once someone told me they couldn't do it because it would add too much delay to the packet and that their hardware would would have to throttle the throughput if they wanted to do that on gigabit links. performances problems on an operation which is basically a routing lookup 4 bytes aside the usual place? funky. But then someone has to explain me how other people manage to do full NIDS inspection on gigabit links. absolutely. -- Philippe Strauss av. de Beaulieu 25 1004 Lausanne http://philou.ch/ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] bad dog
now there's a dog with a rather bad attitude looking at my cats. I don't know what to do. a href=http://philou.ch; http://philou.ch/ /a ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog