On Tue, Jan 11, 2005, Ejay Hire wrote:
My apologies if this strays off topic, but I wanted to share my recent
experience.
We had a collocation customer come in and request a t1 of pots lines for
their servers, then complaints that their security software wasn't
working because of our RPF
Hello,
I'd like everyones 2 cents on the BCP for network management of an ISP
PoPs, with a non-security oriented NOC,
Most of my routers doesnt have crypto IOS images,
couldnt agree with core members to do a major upgrade, just a promise
of doign that when other needs to an IOS upgrade come up,
But as article specifically mentions sending during the night and
registration next morning that does seem to indicate eweek found out
about no whois but with already registered domain, i.e. see
Could they simply be referring to the technique of
sending spam at night with a URL to a
On Tue, 2005-01-11 at 02:03, Eric Kagan wrote:
Does anyone have any input on when this does make sense ? We have 3 Main IP
pops with upstream BGP at each and 4 internal BGP sessions. I am looking to
add 2 new routers so there will be about 7 sessions on each border router.
This seems to
Hi Eric,
Eric Kagan said the following on 11/01/2005 11:03:
Correct, route reflector's main advantage is scalability and
if you're thinking to evolve into a larger network with
dedicated access and core routers, route reflectors are a far
better option than full mesh, though perhaps not from
On Tue, Jan 11, 2005 at 09:51:36PM +1000, Philip Smith wrote:
Many of the ISPs I've worked with around the world have followed this
path - and they are quite happy. I really think there is absolutely no
need to consider full mesh iBGP any more. I wouldn't go as far as saying
it's history,
On Tue, 2005-01-11 at 13:09, Daniel Roesen wrote:
One of the main problems of route reflection is that the best path
decision is done centrally. The best route is not seen as from the
router making the forwarding decision, but from the route reflector's
point of view. Depending on network
On 11-jan-05, at 12:51, Philip Smith wrote:
Well, my preference is to start with route reflectors pretty much from
day one. Let's face it, one day you will have to migrate that full
mesh iBGP to route reflector. Why do the work of migration when you
can start off at the beginning using route
--- [EMAIL PROTECTED] wrote:
When we make it too hard for legitimate businesses
to
use spam as a means of advertising their product,
then
only criminals will use spam.
you can have my mailserver when you can pry it from my
cold, dead datacenter...
seriously, there have been various
On Tue, Jan 11, 2005 at 10:14:35AM +, [EMAIL PROTECTED] wrote:
But as article specifically mentions sending during the night and
registration next morning that does seem to indicate eweek found out
about no whois but with already registered domain, i.e. see
Could they simply be
On Tue, 11 Jan 2005, David Barak wrote:
seriously, there have been various proposals ([ADV],
etc) to facilitate legit UCE, but that hasn't slowed
the arms race. How would you recommend that we make
it easier for legit businesses?
Legit businesses do not use spam. The phrase Legit UCE is
Just brought to my attention, and if you haven't seen it..
From the Pew Internet American Life Project ...
The Future of the Internet
In a survey, technology experts and scholars
evaluate where the network is headed in the next ten years
This will not work for full routes.
The memory upgrade is utilized for larger
IOS images with new features.
An update to the product bulletin is
in the works to clarify it.
Further specific questions in regards to
the memory can be moved over to the
cisco-nsp alias.
Rodney
On Tue, Jan 11,
Kim,
Its terribly important that your routers' management traffic be encrypted
all the way to the device. For this reason, the best practice is to use
ssh2. There are some other hacks that can be used, but they are hacks, and
are not scalable.
Bastion hosts are a good thing and can be a great
It would be fairly useful if Cisco had a published document that detailed
the minimum configuration for each major router line to support BGP with 1
to 4 full views. Of course, this would have to be periodically updated. By
this, I mean a separate overlay document for their entire router product
I first read their report on blogs ... We're holding the Koufax Awards _now_
for lefty blogs, so we're about as root on the left hand side of the radio
dial as one could hope for. It wasn't worth reading twice.
Turning to the Pew vetted punditocracy, I went to the questionaire. Q9a got
the belly
On Tue, 11 Jan 2005 13:57:28 GMT, Eric Brunner-Williams in Portland Maine said:
OK. So one would have to be literate in a particular genre. The Army Air
Corp started targeting power generation and distribution in the metro NY
area in the late '30s, to see what a strategic bombing campaign
On Tue, 11 Jan 2005 11:17:55 +0200, Kim Onnel [EMAIL PROTECTED] wrote:
Hello,
I'd like everyones 2 cents on the BCP for network management of an ISP
PoPs, with a non-security oriented NOC,
. . .
2) An OpenBSD bastion host(s), where the NOC would ssh in, get
authenticated from TACACS+ or
On 11-jan-05, at 18:48, Daniel Golding wrote:
Its terribly important that your routers' management traffic be
encrypted
all the way to the device.
Why terribly important? If this stuff runs over your own network then
others aren't going to be able to sniff it without physically getting
at your
On 11 Jan 2005, at 15:28, Kevin wrote:
On Tue, 11 Jan 2005 11:17:55 +0200, Kim Onnel [EMAIL PROTECTED]
wrote:
Hello,
I'd like everyones 2 cents on the BCP for network management of an ISP
PoPs, with a non-security oriented NOC,
. . .
2) An OpenBSD bastion host(s), where the NOC would ssh in,
[EMAIL PROTECTED] wrote:
[snip]
I'll predict that if we *don't* have an attack on the power grid in the
next 10 years, it's because the attackers have come up with something else
they consider even more interesting as a target. A downed power line, even
though it may have more economic impact,
On Tue, 11 Jan 2005 14:13:29 PST, Crist Clark said:
Remember that last big one in the northeast? The government kept
reassuring that it wasn't terrorism... like that means there isn't a
security issue. If a few dopes at a one power company can collapse the
whole northeast grid, there IS a
Yeah, *that* one was basically a matter of restarting the grid. Do you
remember
about a decade or so back, an ice storm in Ontario? *That* one had many places
without power for *weeks*.
ObNANOG: How many weeks of continuous duty is *your* backup generator rated for? ;)
We had an interesting
On Sun, Jan 09, 2005 at 07:55:17PM +0530, Suresh Ramasubramanian wrote:
1) SYN - Worm emails / spam goes out from another provider, with the
source address spoofed to be the IP of a trojaned PC
2) ACK - Receiving network sends an ACK back to the forged source IP,
and the trojan on that IP
On Tue, 11 Jan 2005, Joe Rhett wrote:
Applying port 25 filters both ways (inbound and outbound to your
dialup pool, instead of just outbound port 25 filtering) would help in
such a situation.
Inbound 25 filtering has nothing to do with the situation listed above.
No, but inbound
25 matches
Mail list logo
