On Fri, Oct 10, 2003 at 08:07:05PM -0600, Adam Selene wrote:
IMHO, all consumer network access should be behind NAT.
-snip-
As for plug-in workgroup networking (the main reason why
everything is open by default), when you create a Workgroup,
it should require a key for that workgroup and
Adam Selene wrote:
IMHO, all consumer network access should be behind NAT.
First of all, this would block way too many uses that currently actually
sell
the consumer network connections. I recommend my competition to do this
Secondly, it´s very hard, if impossible to come up with a NAT
-BEGIN PGP SIGNED MESSAGE-
Bill Manning [mailto:[EMAIL PROTECTED] wrote:
% Another funny one:
% 3ffe:3::/32 Subnet of 3ffe::/24 Mismatching origin ASN,
% should be 4555 (now: 29216)
welcome to more root server testing w/ IPv6.
I don't
NAT at the end of OC12 sounds hideous indeed. That's why I would prefer
to see it as part of the modem in the house/business. I am sure (by
guesswork and not by statistics) that a very large number of users would
need relatively simple and secure systems. I guess this because of the
way I see a
Didn't susan ask for this topic to move off-list? Anybody (no...not
Merit) care to step up and create a nanog-issues list where such
discussions can continue unmolested when the nanog topic police declare an
important topic off-topic?
I can understand how some operators might not want to
[Internal error while calling pgp, raw data follows]
% -BEGIN PGP SIGNED MESSAGE-
%
% Bill Manning [mailto:[EMAIL PROTECTED] wrote:
%
% % Another funny one:
% % 3ffe:3::/32 Subnet of 3ffe::/24 Mismatching origin ASN,
% % should be 4555 (now:
Unfortuantely there are enough protocols and applications
which don't work well behind a NAT that deploying this on
a large scale is not practical.
It already is deployed upon a large scale. When I had @Home
in Seattle (one of the first subscribers), I had a 10.x address.
Here in Costa Rica,
Penalizing users that need (and will pay) for reasonably
accessible two way communication is not the answer,
and never will be.
By all means, make a non-NAT IP address a optional premium
service, and hope those that request it are sophisticated enought
to secure their machine.
Adam
On Sat, 11 Oct 2003, Adam Selene wrote:
Also what about folks who need to VPN in to their office
(either via PPTP or IPSEC)? How would you take care of that
situation?
I use IPSEC and it works fine behind NAT.
Yes, it does work, on a small scale. However what if your neighbor
wants to
Also what about folks who need to VPN in to their office
(either via PPTP or IPSEC)? How would you take care of that
situation?
IPSEC works over NATs just fine.
Alex
_please reply offlist_
i've sent some time (at least 20 minutes) considering that while there are
forums for operators and engineers to discuss issues (nanog, ietf, others
too numerous to mention), there aren't really forums for informed consumers
of internet services to exchange notes (or for
Adam Selene wrote:
By all means, make a non-NAT IP address a optional premium
service, and hope those that request it are sophisticated enought
to secure their machine.
NAT is more expensive to produce, so it should be an optional premium
service,
and that seems to be more and more the case.
On Sat, 11 Oct 2003 12:06:22 EDT, Richard Welty [EMAIL PROTECTED] said:
i've sent some time (at least 20 minutes) considering that while there are
forums for operators and engineers to discuss issues (nanog, ietf, others
too numerous to mention), there aren't really forums for informed
NAT is more expensive to produce, so it should be an optional
premium service, and that seems to be more and more the case.
Not necessarily when you consider the cost (in bandwidth,
network reliability and support staff) imposed by worms and kiddies
from other networks scanning your IP space
In message [EMAIL PROTECTED], Alex Yurie
v writes:
Also what about folks who need to VPN in to their office
(either via PPTP or IPSEC)? How would you take care of that
situation?
IPSEC works over NATs just fine.
Not in the general case, no. See draft-aboba-nat-ipsec-04.txt if you
can
[EMAIL PROTECTED] wrote:
On Sat, 11 Oct 2003 12:06:22 EDT, Richard Welty [EMAIL PROTECTED] said:
i've sent some time (at least 20 minutes) considering that while there are
forums for operators and engineers to discuss issues (nanog, ietf, others
too numerous to mention), there aren't
I am still trying to confirm what happened, but it looks like we got whacked
today.
Around 2:35 EST all our BGPpeers dropped pretty much at the same
time. Our mrtg systems have all fallen over too - so I can't confirm
a traffic spike.
Anybody else?
Dan.
Greg Valente wrote:
I just got on today.
On Sat, 11 Oct 2003 12:01:49 PDT, Etaoin Shrdlu [EMAIL PROTECTED] said:
Do you mean them? Am I a business (you don't know the answer to that,
trust me)? Do I represent one (you don't know the answer to that one,
either)?
Heck, some days I don't even know if *I* am a business or not. We
On Sat, 11 Oct 2003, Steven M. Bellovin wrote:
In message [EMAIL PROTECTED], Alex Yurie
v writes:
Also what about folks who need to VPN in to their office
(either via PPTP or IPSEC)? How would you take care of that
situation?
IPSEC works over NATs just fine.
Not in the general
On Fri, 10 Oct 2003, Matt wrote:
As far as networking problems, I think most folks on NANOG would agree
that to run a stable network, the network needs to be designed and
operated by a single organization.
I guess it depends on your geographic definition of an
organization.
This internet draft is available at:
http://quimby.gnus.org/internet-drafts/draft-aboba-nat-ipsec-04.txt
Ken Emery wrote:
I can't figure out if anything happened with
this draft (I'm guessing nothing went on). The
draft expired on December 1, 2001.
IPSec NAT Traversal is still being
After 3 Denial of Service attacks in the last 4 days, I'm beginning to wonder if there
should be a standardization of some sort of abuse departments. Or perhaps if there
are some companys that should REALLY THINK (TM) about perhaps installing some. When
my domain is under attack by yours,
On Sat, 11 Oct 2003, Andrew D Kirch wrote:
apologies for the grammar, after suffering from a 2 hour site outage due to DoS
attack and the best reply I got was well we'll call you I'm at wits end.
On Sat, 11 Oct 2003 20:22:25 -0500
Andrew D Kirch [EMAIL PROTECTED] wrote:
no need to
Hi, I hadn't noticed that this has something to do with us, until Dave
Lugo pointed it out.
I really don't know who has anything to do with IPV6 here, I suspect
very much it's a product
group's test block. Or something. I had forwarded a previous note
about an IPV6 block with
no longer valid
More on this -
Two of BellSouth's AS's (6197 6198) have combined to inject around
1,000 deaggregated prefixes into the global routing tables over the last
few weeks (in addition to their usual load of ~600+ for a total of
~1,600).
This does indeed appear to be having an operational impact
25 matches
Mail list logo