Christian:
> And I bet then still somebody will build an IPv6 NAT box for some
bizarro
> reason.
ftp://ftp.rfc-editor.org/in-notes/rfc2766.txt
Gary Blankenship
Foundry Networks (Japan)
On Thu, 30 Oct 2003, Chris Parker wrote:
> The source of the problem of bad packets is where they ingress to my
> network. I disconnect the flow of bad packets thorugh filtering. What
> is the difference, other than I do not remove an entire interconnect,
> only the portion of packets that is a
Kuhtz, Christian wrote:
> ...
> All hairsplitting aside, given that the term NAT these days is mostly used
> in a PAT (particularly in a customer connecting to the I) context, what
> isn't secure about?
mangling the header doesn't provide any security, and if you believe it
does, do the following
On Thu, 30 Oct 2003 12:12:22 EST, Alex Yuriev said:
>
> > > Leave content filtering to the ES, and *force* ES to filter the content.
> > Its not content filtering, I'm not filtering only certain html traffic
> > (like access to porn sites), I'm filtering traffic that is causing harm to
> > my ne
Recently, [EMAIL PROTECTED] (Alex Yuriev) wrote:
>
> > So, electric grids do not have any mechanisms to disconnect from other
> > grids ( ie, stop "transiting" their electricity ) if one is doing something
> > that causes problems on the local grid? As a customer I would very
> > much like my pr
At 03:54 PM 10/30/2003, Alex Yuriev wrote:
> >The way currently people propose everyone operates is equivalent to a
> >company that transmits AC to customer deciding that some part of the AC
> >waveform is "harmful" to its equipment, and therefore should be filtered
> >out. Of course, no one bother
> >The way currently people propose everyone operates is equivalent to a
> >company that transmits AC to customer deciding that some part of the AC
> >waveform is "harmful" to its equipment, and therefore should be filtered
> >out. Of course, no one bothers to tell the customer that the filter exi
At 03:25 PM 10/30/2003, Alex Yuriev wrote:
> > > to the ES, he's filtering out packets that are causing him
> > > problems directly, as the IS.
> >And since the IS is not the ES, it SHOULD NOT be filtering based on
content
> >since it is NOT IS's content. Again, *force* ES to filter and hold it
>
> > > to the ES, he's filtering out packets that are causing him
> > > problems directly, as the IS.
> >And since the IS is not the ES, it SHOULD NOT be filtering based on content
> >since it is NOT IS's content. Again, *force* ES to filter and hold it
> >responsible for not doing it.
> Do you hav
At 02:41 PM 10/30/2003, Alex Yuriev wrote:
> Alex, please re-read the first paragraph. He said
> "I'm filtering traffic that is causing harm to *my* network..."
> (emphasis mine).
>
> He's not filtering out packets he thinks are causing problems
> to the ES, he's filtering out packets that are ca
> Alex, please re-read the first paragraph. He said
> "I'm filtering traffic that is causing harm to *my* network..."
> (emphasis mine).
>
> He's not filtering out packets he thinks are causing problems
> to the ES, he's filtering out packets that are causing him
> problems directly, as the IS.
> Recently, [EMAIL PROTECTED] (Alex Yuriev) wrote:
> > > Leave content filtering to the ES, and *force* ES to filter the content.
> > Its not content filtering, I'm not filtering only certain html traffic
> > (like access to porn sites), I'm filtering traffic that is causing harm to
> > my netw
> Owen DeLong <[EMAIL PROTECTED]> wrote:
> In fact, Michael, there is no reason someone can't do everything you
> describe with IPv4 if they are using unique address space.
Now this is the point where my annoyance level goes up with the rampant
aversion to IPv6 I see even in a community proud
> > Leave content filtering to the ES, and *force* ES to filter the content.
> Its not content filtering, I'm not filtering only certain html traffic
> (like access to porn sites), I'm filtering traffic that is causing harm to
> my network and if I know what traffic is causing problems for me, I
> And how many people here operate non-oversubscribed networks?
The right question here should be "How many people here operate non-super
oversubscribed networks?" Oversubscribed by a a few percents is one thing,
oversubscribed the way certain cable company in NEPA does it is another.[1]
> So ha
> > Maybe the Yankee Group is a subsidiary of Ncatal Ventures.
>
> That was my thought.
> Its "Dood, Where's my Core?" all over again!
It got lost in san franCisco.
Alex
Heh. Forwarding, of course.
- Dan
On 10/30/03 2:15 PM, "E.B. Dreger" <[EMAIL PROTECTED]>
wrote:
>
> DG> Date: Thu, 30 Oct 2003 13:52:54 -0500
> DG> From: Daniel Golding
>
>
> DG> Lets all be thankful they are now using ASICs, though! All
> DG> that software based routing was making me nervo
On Thu, 30 Oct 2003, E.B. Dreger wrote:
> SR> What brand of switch is this guy selling? And what is he
> SR> smoking? Sure would be interesting to find out :)
>
> Maybe the Yankee Group is a subsidiary of Ncatal Ventures.
That was my thought.
Its "Dood, Where's my Core?" all over again!
> BW> Love this quote from Verisign:
> BW>
> BW> "We tested Anycast for about a year...to monitor its behavior,"
> BW> Silva says. "These are important servers, and we didn't want to
> BW> make any rash decisions about deploying it."
>
> *gag*
>
> And wildcard entries?
at the icann-secsac meeti
"E.B. Dreger" <[EMAIL PROTECTED]> wrote:
>
[cut]
>
> So STP is now the control plane protocol of choice? ;-)
no, not at all - remember he said 'layer 3 switch', stp is no
longer needed, just like those router things ;)
/joshua
>
> Eddy
> --
> Brotsman & Dreger, Inc. - EverQuick Internet Di
DG> Date: Thu, 30 Oct 2003 13:52:54 -0500
DG> From: Daniel Golding
DG> Lets all be thankful they are now using ASICs, though! All
DG> that software based routing was making me nervous - five
DG> years ago :)
Routing or forwarding?
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Routers exists everywhere; Catalist 6509, for example, IS A ROUTER not less
than A SWITCH. Perfectly, it is
a router with extensive switching capabilities.
Problem is that (1) most devices today support both L3 routuing and L2
switching (which is MAC level routing de facto), and (2) some devices
Hmm. Don't you just love it when folks say things like "Layer 3 Switches are
better than routers". Its very illuminating as to clue level.
I suppose what they were trying to say, is that products that were designed
as switches, but are now running routing code, are superior to products that
were
SR> Date: Thu, 30 Oct 2003 13:18:28 -0500
SR> From: Suresh Ramasubramanian
SR> What brand of switch is this guy selling? And what is he
SR> smoking? Sure would be interesting to find out :)
Maybe the Yankee Group is a subsidiary of Ncatal Ventures.
Eddy
--
Brotsman & Dreger, Inc. - EverQuick
RAS> Date: Thu, 30 Oct 2003 13:08:01 -0500
RAS> From: Richard A Steenbergen
RAS> http://story.news.yahoo.com/news?tmpl=story&cid=75&e=18&u=/nf/22581
RAS>
RAS> Plainly stated, routers no longer have a home in the core of the network.
RAS> "You might have found a router there five years ago, but m
BW> Date: Tue, 28 Oct 2003 10:41:56 -0500
BW> From: Barney Wolff
BW> On Tue, Oct 28, 2003 at 09:58:20AM +0200, Hank Nussbacher wrote:
BW> >
BW> > http://www.nwfusion.com/news/2003/1027ddos.html
BW>
BW> Love this quote from Verisign:
BW>
BW> "We tested Anycast for about a year...to monitor its be
On Thu, 30 Oct 2003, Suresh Ramasubramanian wrote:
:
: Richard A Steenbergen writes on 10/30/2003 1:08 PM:
:
: > Plainly stated, routers no longer have a home in the core of the network.
: > "You might have found a router there five years ago, but most certainly
: > you have a switch today," said
Richard A Steenbergen writes on 10/30/2003 1:08 PM:
Plainly stated, routers no longer have a home in the core of the network.
"You might have found a router there five years ago, but most certainly
you have a switch today," said Yankee Group vice president Zeus Kerravala.
What brand of switch i
and the Yankee Group has an unblemished history of understanding the
Internet and ISPs
Scott
(ps - unblemished with accuracy that is)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Richard A Steenbergen wrote:
| On Tue, Oct 28, 2003 at 03:25:43PM -0500, Richard A Steenbergen wrote:
|
|>On Tue, Oct 28, 2003 at 09:48:01AM -0800, [EMAIL PROTECTED] wrote:
|>
|>>I'm looking into doing some research that will make use of GBICs(Gigabit
On Tue, Oct 28, 2003 at 03:25:43PM -0500, Richard A Steenbergen wrote:
>
> On Tue, Oct 28, 2003 at 09:48:01AM -0800, [EMAIL PROTECTED] wrote:
> >
> > I'm looking into doing some research that will make use of GBICs(Gigabit Interface
> > Converters),
> > but I need to know how many of you are us
> Or you could simply call it what it is -- a firewall -- since
> that's what most consumers think NAT is anyways.
>
> While I disagree with the general sentiment that NATs create
> security, the standard usage of such devices is certainly
> that of a stateful firewall.
All hairsplitting aside
Thus spake <[EMAIL PROTECTED]>
> Now, I'm not claiming that every device capable of IPv4 NAT is currently
> able to function in this way, but there are no technical barriers to
prevent
> manufacturers from making IPv6 devices that function in this way. The
> IPv6 vendor marketing folks can even in
John Obi writes on 10/30/2003 12:22 PM:
Hello folks,
I can tell you that hinet.net hosts being exploited by
script kiddies and no one in hinet.net cares.
And I really failed to get a contact of their abuse
department, or any live person bothers to reply.
You might want to contact the TW-CERT peop
Hello folks,
I reported exploited hosts in Verizon network to their
abuse department since one week now.
I only get auto reply but no real person did take
action till this moment.
If there is Verizon person who can help, please
contact me off list.
Thanks,
-J
___
Hello folks,
I can tell you that hinet.net hosts being exploited by
script kiddies and no one in hinet.net cares.
And I really failed to get a contact of their abuse
department, or any live person bothers to reply.
All the complaints and report got no where.
I need to report security issues ab
In fact, Michael, there is no reason someone can't do everything you
describe with IPv4 if they are using unique address space.
Owen
--On Thursday, October 30, 2003 3:22 PM + [EMAIL PROTECTED]
wrote:
NAT also has the advantage that if packets do leak
bogon filters at the border will drop th
>NAT also has the advantage that if packets do leak
>bogon filters at the border will drop them.
NAT is simply an algorithm which causes a firewall to
drop all traffic which doesn't match an entry in a
set of internal state tables. The NAT algorithm sets
up these state tables based on outgoing t
Thought it might be useful to pass on a copy of a letter from the IEEE
President that was published in the last issue of "Spectrum"
-
On Serving Members In Embargoed Countries
In January of 2002, the IEEE took action to fulfill the U.S. Treasury
Department trade regulations administ
On Thu, 2003-10-30 at 09:22, Scott McGrath wrote:
> That was _exactly_ the point I was attempting to make. If you recall
> there was a case recently where a subcontractor at a power generation
> facility linked their system to an isolated network which gave
> unintentional global access to the is
That was _exactly_ the point I was attempting to make. If you recall
there was a case recently where a subcontractor at a power generation
facility linked their system to an isolated network which gave
unintentional global access to the isolated network. a NAT at the
subcontrator's interface wo
Title: Re: AOL fixing Microsoft default settings
I’m not sure “outrage” is the appropriate way to describe this. AOL is probably looking at this from the support point of view.
They get a certain number of support calls complaining about messenger service spam/trickery. The will get many fewer
> On Wed, 29 Oct 2003, Scott McGrath wrote:
>
> > Life would be much simpler without NAT howver there are non-computer
> > devices which use the internet to get updates for their firmware that most
> > of us would prefer not to be globally reachable due to the human error
> > factor i.e. "Oops f
It is a little bit surreal - its not like anycast is some weird, new, or
revolutionary technology. BGP is surely not a black art to the folks at
Verisign - and little is required to do anycast, other than some minor
routing configuration. Two possible solutions - Verisign is so big that
instituti
in On Wed, 29 Oct 2003, Booth, Michael (ENG) wrote:
>
> William, they might be rejecting your post for SPAM. Take a look at the
> link below:
>
> http://groups.google.com/groups?q=dns1.elan.net&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&sa=N&tab=wg
>
> Michael Booth
That post was rejected because
[EMAIL PROTECTED] wrote:
> So, tell me--are you willing to pay a premium for
> unfiltered access to the Internet?:)
Yes, that's why I don't use AOL.
Peter
JB> Date: Wed, 29 Oct 2003 15:27:27 -0600
JB> From: Jack Bates
JB> I think the point that was being made was that NAT allows the
JB> filtering of the box to be more idiot proof. Firewall rules
JB> tend to be complex, which is why mistakes *do* get made and
JB> systems still get compromised. NAT
> Date: Tue, 28 Oct 2003 21:51:01 -0500
> From: [EMAIL PROTECTED]
> The real problem is that we have an environment where the
> malware can figure out how to disable the firewall but the user
> can't.
And part of why the current Internet has so much peer-to-peer
traffic on it. ;-)
Eddy
--
Bro
On Wed, 29 Oct 2003 [EMAIL PROTECTED] wrote:
> Hi folks,
> I am looking for some advice on how to place the peer/transit circuits
> on the edge routers.
> Would like to find the best practice that would provide enough diversity
> without having an operation nightmare. e.g. putting peer and transit
49 matches
Mail list logo
