This race exists, because American employees keeps many unnecessary
expenses, making local workforce
very expensive. In reality, even if people in India or Russia will have the
same life level as in USA, they will cost 2 - 3 times less.
There are many core reasons, driving work costs up and
Sorry - I tried it; I can said that it is BAD.
- Original Message -
From: Ricardo Rick Gonzalez [EMAIL PROTECTED]
To: Nicole [EMAIL PROTECTED]
Cc: Peter Galbavy [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Saturday, September 25, 2004 7:41 AM
Subject: Re: Cisco moves even more to china.
Hmm.
It was not developing countries, who claimed _free trade_; it was _developed
counrties_. When free trade was coming, it caused a lot of local problems -
local car vendors was unhappy because of competition, local TV vendors
closed their factories, etc.
But it appeared to be two side weapon
Then you all need to stop purchasing from Dell, IBM, HP, Cisco, et al.
Of course. Don't purchase from DELL, purchase from ServersDirect.
Don't purchase from HP, purchase (for home) from brand-less or E-Machine.
Don't purchase from EMC, purchase from Adap. Are any idiots here, who
purchase CA
Support, do not support... In realiity, Cisco today is not
Cisco 5 years ago - it rapidly became very common and fat company. One of the
reasons - outsourcing (instead of having 10 good engineers here, they use 100
bad engineers in India... /not beause Indians are worst, but because having
PROTECTED]
To: Alexei Roudnev [EMAIL PROTECTED]; Scott Weeks
[EMAIL PROTECTED]; Carl W.Kalbfleisch [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Wednesday, September 15, 2004 1:59 AM
Subject: Re: Network Configuration Management Practices
There has been some public available software
I always tried to avoid any deal with SNMP TRAPS as most unreliable and
unconvenient way of alerting (unfortunately, it can not be avoided totally).
We use 'syslog' (syslog-ng + home written syslog analyzers + copmmercial
soft, sometimes) when possible.
- Original Message -
From:
-
From: Austin Schutz [EMAIL PROTECTED]
To: Alexei Roudnev [EMAIL PROTECTED]
Cc: Scott Weeks [EMAIL PROTECTED]; Carl W.Kalbfleisch
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, September 15, 2004 2:25 AM
Subject: Re: Network Configuration Management Practices
On Wed, Sep 15, 2004 at 12
to another, so take it easy -:).
- Original Message -
From: Christian Kuhtz [EMAIL PROTECTED]
To: Alexei Roudnev [EMAIL PROTECTED]; Michael Smith
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Friday, September 17, 2004 6:32 AM
Subject: Re: Open-Source Network Management Tools
What makes
exists (DISK failed now);
In retrospective, manager do not see, how fast it was fixed.
It all makes SNMP TRAPS very unconvenient (not talking about possible lost
of event).
- Original Message -
From: Michael Smith [EMAIL PROTECTED]
To: Alexei Roudnev [EMAIL PROTECTED]; [EMAIL PROTECTED
implemented and
semi working, but I'm looking for a cleaner, and more manageable tool
for syslog based alerting.
On Fri, 2004-09-17 at 03:53, Alexei Roudnev wrote:
I always tried to avoid any deal with SNMP TRAPS as most unreliable and
unconvenient way of alerting (unfortunately, it can
I use this (designed in Relcom 5 years ago, and re-newed hhere this year):
http://snmpstat.sf.net
(SNMP network monitoring, + Cisco configuration repository with automated
change control, + ProBIND2, + many things which was not included, such as
mhonacr archiving for all alerts / warnings /
In reality, to get best results, use some combination of few such systems.
All have string sides and weak sides.
(For example, snmpstat shows excellent network view, allowing to see exactly
what is going on, and shows good unlimited traffic patterns, such as average
packet size etc, have embedded
Hmm, there are many approaches, starting with _what is primary_ (in Moscow's
ISP files was primary, in enterprise here configs are primary).
In my case, I use some hard rules:
- no matter what is primary, configurations should be stored into CVS or
simular system, and made available (for network
it takes to win), so if you just looking and
using passive defense, you will be biten (early or later). Hackers and
Phishers do not make any difference vs other fightings.
Alexei Roudnev wrote:
Why don't write out a generator of credit cards / pins and flood out this
site by false information
Why don't write out a generator of credit cards / pins and flood out this
site by false information?
(I saw a few better examples, btw).
- Original Message -
From: Niels Bakker [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, August 16, 2004 3:26 AM
Subject: Phishing (Was Re:
It is not about statistics, it is about DNS system behavior - if domain do
not exists, I wish (and I must) to know it.
By this, SiteFinder violates all Internet addressing system.
On Tue, 10 Aug 2004, Paul Vixie wrote:
(and if the idea that kc or woolf could be depended upon to parrot
JJust to clarify.
SuSe linux can be installed on the first attempt by Windoze-only gurus (I
did such experiment) and never require any command line interaction (except
if you decide to run something complicated). redHat is a good syste... for
admins and servers, not for the home.
-
No need.
Remove disk. Insert isk to spare. Start spare server. Allow techs to analyze
broken server next day.
1 minute. But in reality, 2 CPU servers are redundant to most COPU failures
(had a few cases). Anyway, CPU faiolure is not major reason for server
failures (and never was).
On
Alexei is talking about something else.
a duallie will keep the system up when a faulty process hogs 100%
CPU, because the second one is still available. That also increases
availability ratio.
This is a resource problem, not an availibility problem. A spinning
application is not
or 2 threaded
P-IV, I'll select 2 threaded; if I must select from $900 1 CPU and $1100 2
CPU server, I select 2 CPU one.
- Original Message -
From: Paul Jakma [EMAIL PROTECTED]
To: Alexei Roudnev [EMAIL PROTECTED]
Cc: Michel Py [EMAIL PROTECTED]; Nanog
[EMAIL PROTECTED]
Sent: Tuesday, August
Just again. I do not try to explain, I report observations -:).
On Wed, Aug 04, 2004, Alexei Roudnev wrote:
I said - it WORKS. 1 spin - warning - someone opens system and kills a
run
away process... Never saw 2 spins (because first one was killed before
second one). Btw, such systems
it
losts every year (example - Netra T1 servers sill cost 30% of their initial
price, but Sun E4500 cost barely 7% of their initial price - it's because I
can always make use for Netra T1 1U Unix system with 2 disks, but I am not
crazy to use big and unreliable E4500 for anything...
Alexei Roudnev
shameless plug
Looking for someone to provide an OC-12 to my home for $100/mo so I can
test the router mentioned above. Oh, I also need this, don't I?
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemcategory=162item=51126654
63rd=1
/shameless plug
Called Cogent? There prices arn't that
It is not mad idea - 2 CPU servers are not sugnificantly more expansive as
1CPU (and notice, we count P-IV MMultiThread as 2 CPU) but increases system
redundancy to the run-away processes. Of course, it is not hardware
redundancy, but it REALLY works.
On Sat, 31 Jul 2004, Michel Py wrote:
with a good discount; 10 seconds e-bay
search revealed exactly the same systems in original boxes (unopened) 10%
cheaper -:)
Alexei Roudnev wrote:
We had 6509 which failed, because backplain failed (it can
not happen -:) but it happen) - iof course, no any 'dual
CPU dual power' could prevent
2 CPU are not for redundancy, but they protects system from crazy process
spending 100% of one CPU (and system still have 50%of capacity).
--On Saturday, July 31, 2004 20:51 -0700 Michel Py
[EMAIL PROTECTED] wrote:
For PCs I install dual Xeons on every production machine for example,
SuperMicro 6010H and 6010L (excellent 1U servers, I am very sad that they do
not produce them anymore and that
they are not easily available on auctions becausee are too perfect for many
tasks) have 2 P-III slots, can work with 1 emty and 1 filled it, or with 1
good CPU and 1 broken, without
We had 6509 which failed, because backplain failed (it can not happen -:)
but it happen) - iof course, no any 'dual CPU dual power' could prevent
it... Image broken line card - it can crash whole box no matter how much
'dual' things you have. The same with software error (I crashed one of 6509
It is all very interesting. Why we did not have such research reported on
last NANOG meeting?
also our grad student thomas studying p2p traffic tells me
that there is no sense of localization in most (if not all)
p2p networks; so i am more likely to download a movie from an
Interesting. Are
On Fri, 16 Jul 2004, Florian Weimer wrote:
Private FTP sites seem to be more common among those who trade
unlicensed, copyrighted material for profit. This is clearly
criminal. Certainly this isn't what your average P2P user is doing.
Has anyone ever done a money trail investigation
Ok, let.s return to reality (sorry for moving this thread into the OS
related flame).
First of all, even if OS have not any caveats, it will not protect it from
spyware/adware. if I want to install my 'Cool-Search' into million of
computers, all I need to do is to write fancy game, and offer it
Most of the lastest versions appear to install themselves using the
ByteCode Verifier vulnerability in the Microsoft Virtual Machine.
MS do not publish full system specs, and they use undocumented features
themself.
So, what other companies are doing? Yes, correct, they are experimenting,
So MS has undocumented 'features', so what? When you install their
software
you agree to a licence, and that you are using their software bound by
their
O, noo. You click a button 'I agree' which means nothing for 99.99% of
people over the world. Here is a difference. Do not expect people to
-:)
Excellent!
==
- Declare that using IE is illegal. This literally takes an act of
congress. And, it would be almost impossible to enforce. Anyway, let's
pretend for a moment that congress does outlaw IE _and_ can enforce it,
it still does not do us much
The authors of these coolwebsearch variants are extremely
intelligent programmers with far more understanding of
the bowels of the windows platform than your average
script kiddies. If you get hit with the version I saw,
it's no 10 minute piece of cake.
It makes spywire more dangerous
It is cool, but where is any value in this (I mean - 5 minutes) rapid
updates for .com and other base domains? I wish rapid DNS when running
enterprise zone (with dynamic updates) or when running dynamic-dns service
(for those who use dynalic IP's); but for .com and .net, it is just a public
downloading my photos, and I do not want to know about 24h, IP hops, DNS
cliens, TTLs and so on ... ). One more step in making Internet the same
'simple to use' reality as houses, cars, TV
On Jul 10, 2004, at 1:19 PM, Alexei Roudnev wrote:
It is cool, but where is any value in this (I mean
May be, someone remember this system, which is used by many russian ISP and
by few companies in USA, and was lost
on public FTP due to disk crash (and change of my job) few years ago.
Now, I posted new version (adding Cisco Configuration Repository, allowing
change control and easy updates)
If you think a little - having hundreds of web services, it is reasonable
_do not renumber_. Of course, it will require extra efforts when getting IP
block(s) or require do not change main provider(s).
- Original Message -
From: Richard A Steenbergen [EMAIL PROTECTED]
To: Patrick W
Title: Re: Verisign vs. ICANN
Thanks, Dickson - next time I'll try to write exact text
from the very beginniong -:). This is _exactly_ what I want to say, with
examples I was too lazy to write myself.
To make Alexei's argument's syntax agree with the intended
semantics:
He means to
it was demonstrated that owing to the age
and
status of the com/net zones a number of systems are now in operation which
make
assumptions about the response in the event of the domain not existing...
Steve
On Sat, 19 Jun 2004, Alexei Roudnev wrote:
(read it only today, so sorry if I repeat something
thru new RFC first.
PS. I am excited - Vixie as a co-conspirator... Vixie, you can be proud -:).
Alexei Roudnev
PV Date: 18 Jun 2004 05:58:00 +
PV From: Paul Vixie
PV Paul Vixie is an existing provider of competitive services for
PV registry operations, including
, and if this system went down, she will be released
earlier_ -:) /most common reason was, yep, _getting IRC control_).
This allows to subtract (1) from severity , for this particular case.
- Original Message -
From: Michel Py [EMAIL PROTECTED]
To: Alexei Roudnev [EMAIL PROTECTED]; [EMAIL PROTECTED
This is minor exploit - usually you set up VLAN1 interface with IP addres,
which is filterd out from outside. Moreover, there is not any good way to
find switch IP - it is transparent for user's devices.
On Mon, 7 Jun 2004, McBurnett, Jim wrote:
Aside from that, Use ACL's out the wazoo on
reason to break it...
- Original Message -
From: Sean Donelan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June 10, 2004 4:19 AM
Subject: Re: TCP-ACK vulnerability (was RE: SSH on the router)
On Wed, 9 Jun 2004, Alexei Roudnev wrote:
This is minor exploit - usually you set
Hmm.
I watched it _exactly_ as you described, and guess where? In hacker's
sniffered files. (4 years ago, sorry)
One idiot telnet to his scientific lab (which has not any security and had a
few layers of sniffers installed by a few generations of hackers), and then
slogin by the chain of 4 more
Of course, this is not new on IRC, but it is new in SPAM.
- Original Message -
From: william(at)elan.net [EMAIL PROTECTED]
To: Alexei Roudnev [EMAIL PROTECTED]
Cc: Michel Py [EMAIL PROTECTED]; [EMAIL PROTECTED] Org
[EMAIL PROTECTED]
Sent: Friday, June 04, 2004 11:14 PM
Subject: Re
, it'd
likely be done on the specialized forums. That is why I asked how targeted
do you think that email was...
It is difficult to answer... at least, it come to e-mail used in nanog and
other _network related_ messages,
not onto my _consulers_ e-mail.
On Fri, 4 Jun 2004, Alexei Roudnev wrote
, the implentation needs more thought
than a simple 'turn it on for 100%'.
Eric Krichbaum
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Alexei Roudnev
Sent: Thursday, June 03, 2004 1:40 AM
To: Jon R. Kibler; [EMAIL PROTECTED]
Subject: Re: Real-Time
This is very bad - they have SSH in extended versions, why did not they
included it into all versions, where it was possible
without running out of flash memory.
Through, it is not so unsecured - in most cases people restricts access to a
few IP sources, which are located on the internal
I received adv., in russian, saying:
Dear sirs.
We are glad to you to give qualitative service, on elimination of sites. We
can kill any site by our attack, which have name 'DDos attack'. We have
already killed hundreds Russian and foreign sites. If
PROTECTED]
To: Alexei Roudnev [EMAIL PROTECTED]; [EMAIL PROTECTED] Org [EMAIL PROTECTED]
Sent: Friday, June 04, 2004 4:54 PM
Subject: RE: Site elimination service -:) - I received offer by 's'p'a'm'
Alexei Roudnev wrote:
I received adv., in russian, saying:
Dear sirs.
We are glad to you to give
You even do not need to maintain ACL - many routers have 'back-path
verification' feature.
I wonder, why DSL and other 'consumer level' providers are not doing it for
100% of their customers.
- Original Message -
From: Jon R. Kibler [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent:
Based on recent observations of many folks, spoofing is out of vogue.
So much so that some recent discussions I've had with several folks
lead me to believe that less than 1% of DDOS attacks today employ
source address spoofing. As such, the value of techniques such as
backscatter analysis
Hmm - please try to patch windows box, having 19200bps dialin connection and
living in a small town. It's almost impossible..
Q. is - why this [EMAIL PROTECTED] MS open ports for listening on _CLIENT_ machines
(when
no one asked them about it),
and why they created the world of monocultural OS
We used such system in Russia for many years, with a few exceptions:
-- did not used SNMP (because it is a sux!), used 'ssh/rsh router show ...'
commands instead;
- not top 10 traffic flows, but top 10 traffic flows + top 10 unusual
traffic flows.
Worked effectively.
To bring this back on
I saw such technique in 1986 (approx) year on hardware level - russia
computer Elbrus did it.
: Re: Cisco HFR
On Wed, May 26, 2004, Iljitsch van Beijnum wrote:
Palm has taken an interesting approach to get rid of fragmentation: the
OS is allowed to move (some) structures from one
May be, it is a good idea - to release old (say, 10.0) IOS sources for the
colleges. It will allow them to practice in the hardware design
amd protocol implementation, using solid base of Cisco IOS.
Even old, 10.0 IOS, is enough for this purpose.
Hi,
What makes me excited at this news
visual studio). So, it
can be very useful..
(It does not mean, that object orienting programming is bad - it is just one
more solid programming approach, tool - but it is not the only tool in the
world.)
- Original Message -
From: Jeroen Massar [EMAIL PROTECTED]
To: Alexei Roudnev
I should not be too aware of the possible usage of this source code for the
exploit development; Cisco have a very few
points, where it parse/process IP packets, and most of such points are
filtered out in most Cisco's.
Much more serious is _trade secrets_ issue. Of course, no one can take this
Cisco source codes never were a top secret, many people around the world had
access to them (and I believe, it explains Cisco's stability and success).
Rough translation of:
http://www.securitylab.ru/45221.html
May, 15 2004
Leak of code CiSCO IOS source code?
As it became known to
Hmm, it's all interesting. EFnet IRC again...
Does anyone have a full logs of EFnet IRC conversations? We used to
participate in it 6 years ago (when fighting hackes in Russia),
and it was very useful for following trends (of course, after you dump a
heaps of junk).
- Original Message
Nothing (except a good spanking -:)) can help in such case. We are not
talking about static NAT and inbound connections.
I told about dynamic PNAT _only_.
Once upon a time, Alexei Roudnev [EMAIL PROTECTED] said:
Any simple NAT (PNAT, to be correct) box decrease a chance of infection
Any simple NAT (PNAT, to be correct) box decrease a chance of infection by
last worms to 0. Just 0.%.
O course, it does not protects very well from intentional attacks, and do
not protect against e-mail bombs and
java script exploints.
In reality, having WIN2K after NAT box 100% time
7206 is one of the _BEST_ Cisco routers, if we compare all parameters
((including numbert of bugs and simplicity).
- Original Message -
From: Robert E. Seastrom [EMAIL PROTECTED]
To: Alexander Hagen [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; 'Alexei Roudnev' [EMAIL PROTECTED]; 'Mikael
It is easy to understand, that MD5 authenticates BGP connection, not a
session, and no any need to reset session etc (as Junioper and old Cisco are
doing) instead of just using new key after it wsa changed.
If someone want sa 'smooth' transition, they should implement dual check
(new key, old
Hmm; why do you want to keep BGP on a switch instead of installing separate
router? Do you have a very wide uplink (uplinks)?
// I do not object an idea.
Yes. I've been looking at it and a 7505 with a 3550 behind it seems the
way to go for our type of operation.
As a cost cutting
If you ever read SNMP specs, you can realize, that there is not any C or C++
SNMP implementation without such problem. So, rule number 1 is _never
expose SNMP to Internet, and be careful to filter out any inbound packets,
forwarded to your SNMP ports.
It is easy to predict next SNMP problem in
It depends... if you use FreeBSD with port system, for example - it is safe
enough (esp. if make a pause between 'make' and 'make install' in a few days
or a week. and read mail lists about possible problems).
dowloading opensource software is safe? -CP
In the US, the Security Update CD is shipped directly from the Microsoft
contractor to the end-user. Of course, if the postal service, delivery
service or contractor is corrupt; what you receive could be intercepted
and replaced enroute.
You do not need to kill a postman -:). Just write a
Hmm. Interesting.
I am (here is SFO area) DSL customer and DialUp customer. But I never
received a notification from my provider(s), possible with free CD,
explaining me (if I am a homewife, not an engineer, of course) what to do
and how to prevent a problems. We have a lot of room for
If they make proper anty-spoofiing filtering, no need in MD5.
Perhaps we are all making too much of this...
It appears that Winstar feels that there is no need for MD5
authentication of peering sessions. One of our customers has just had
the following response from Winstar following a
Assuming that he do not know port number and must try 20 - 40 ports, it
takes 200 * 10 = 2000 seconds to resert a single session... Useless except a
very special cases 9such as a big community decided to knock down SCO, for
example).
At 05:09 PM 20/04/2004, Richard A Steenbergen wrote:
May be, it is reasonable to have a simple MD-5 key - I mean, without a
rotation, use e-mail to exchange it instead of the phone,
do not generate but use simple password, and so on. If this key is never
changed, then risk to lost a session is very low, and I do not see _any_
reason to keep it on
are not so easy, as it seems, having 1 Mbit DSL at home, good $20K
firewall and 10 Mbit at work (or been ISP itself).
- Original Message -
From: Sean Donelan [EMAIL PROTECTED]
To: Alexei Roudnev [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, April 19, 2004 11:06 PM
Subject
The same.
- Original Message -
From: Roy [EMAIL PROTECTED]
To: 'Nanog List' [EMAIL PROTECTED]
Sent: Monday, April 19, 2004 10:10 AM
Subject: RE: remote reboot power strips
We use a number of both the APC Masterswitch and the WTS NPS-115 with good
results. I don't think either of
Yes.
Unfortunately, one day 1,000,000 users will find in their mail boxes fully
automated CD with 'Microsoft Update' on the label and 1,000 viruses /
trojans inside. -:)
Patches either need to be of a size that a dialup user doesn't have to
be dialed in for 24 hours to download and
I agree.
90% users CAN NOT UPDATE. How?
- (1) updates are too big to be diownloaded by modem , which fail every 20 -
40 minutes (which is common in many countries);
- (2) if you connect to Internet for update, you are infected by virus much
faster than you install update.
I saw it. Home user
Cost transference. The cost of Spam via postal mail is borne by the
sender.
When sent via email, the cost is shouldered by the recipient.
It is not perfect comparation. For both, e-mail and post-mail, recipient
pays the same cost for sorting mail , mail box etc. But, for e-mail, sender
pays
Thanks for the answers about Voip usage over satellite (I did not know, that
it does not cause unacceptable delays and echo).
Responses (which I received) shows, that many people deployed such system
successfully.
Alexei Roudnev wrote:
VoIP over satellite? I am very sceptical about
workers, but you never expect
it from your 5 y.old kid.
Alex
In message [EMAIL PROTECTED], Alexei Roudnev
writes:
Thanks for the answers about Voip usage over satellite (I did not know,
that
it does not cause unacceptable delays and echo).
Responses (which I received) shows, that many
; after satellite delay, which is 500 - 600 msec, VoIP
additional delay ,which is 50 - 150 msec, does not change overall delay so
much, as in case of VoIP over bad link _vs_ traditional telephony (200 msec
vs 20 msec = 10 times; 800 msec vs. 600 msec = 30%).
## On 2004-03-27 19:30 -0800 Alexei Roudnev
VoIP over satellite? I am very sceptical about it. Better, forget such idea.
You may want to look at using H.323 gatekeepers with CAC (Call Admission
Control).
Here is a link to a Whitepaper on this Subject.
Firewall protects other services from outside access.
A good firewall *should* be doing a whole lot more than that. It should
Do not overestimate. Firewall can make a little more than just restrict
access and inspect few (very limited) protocols.
It can not protect you from slow scans; it
Not _firewalling_, but access limitation. Grandma can live with PNAT
router - she do not need any firewall, if she do not grant external access
to anything. She can live with Windows _default deny_ setting. If grandma
have extra money, it is better to purchase anty-virus.
Moreover. Just for
No. Quite apart from the fact that you mean authorized, not
authenticated, the primary purpose of a firewall is to keep the bad
guys away from the buggy code. Firewalls are the networks' response to
the host security problem.
No. let's imagine, that I have 4 hosts, without ANY security
And I think you have hit it right on the head...another line of defense.
Everything I've ever read about security (network or otherwise) suggests
that a layered approach increases effectiveness. I certainly don't trust
a
firewall appliance as my only security device, so I also do prudent
On Wed, 17 Mar 2004, Steve Linford wrote:
From Deep Throat, received 17/3/04, 21:10 + (GMT):
Disturbing information on one of the founders of Spamhaus.org
http://www.geocities.com/jackjack9872004/
Not just a load of BS, but posted to NANOG anonymously, through a
hijacked
Hmm, if someone (except masochists and security vendiors) still hosts
efnet... I can only send them my condoleences.
I saw sthe same dialogs 6 years ago. Nothing changes.
- Original Message -
From: Stephen J. Wilcox [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent:
You mean _PROTOCL HANDELING_, I believe.
I do not know, why people are paying so much attention to it. Important
questions are:
- which services are you providing for the public?
- who will handle all your SSL sessions, if any (may be, Load Balancers?
Then you do not bother about FW proxy for
I expect, that good (tier-3, to say) network engineer MUST know Windows and
Unix (== Linux, FreeBSD etc) on tear-2 (or better) level. Else, he will not
be able to troubleshout his _network problem_ (because they are more likely
complex Network + System + Application + Cable problem).
So, it is
: Scott Weeks [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, March 15, 2004 1:32 PM
Subject: Re: Platinum accounts for the Internet (was Re: who offers cheap
(personal) 1U colo?)
On Mon, 15 Mar 2004, Alexei Roudnev wrote:
: I expect, that good (tier-3, to say) network engineer MUST know
Is it bad, If they (your sysadmins) understand your backbone infrastructure
and understand such things, as MTU MTU discovery, knows about
ACL filters (without extra details) and existing limitations? They are not
required to know about VPN mode or T3 card configuration, but they must
understand
They are one of the best providers in Russia (and when I was there, in
Europe). I visited their NOC in Stokholm about 5 years ago, they used very
effective _common sense_ approach , combining brand names with brandless
when it is more effective, using both commercial and home made opensource
We have the same freeware system, but I 100% agree with _you can not live
without it_.
- Original Message -
From: Arnold Nipper [EMAIL PROTECTED]
To: McBurnett, Jim [EMAIL PROTECTED]
Cc: Alexei Roudnev [EMAIL PROTECTED]; Sam Stickland
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Friday
Just for information - may be useful for someone.
Task - we determined, that few infected machines was connected to one of our
offices few days ago.
They run one of this viruses, which generated a lot of scans and created
sugnificant traffic (but traffic was not
big enough to rais alarm on
update' based on 2 configurations (old and new)? We wrote such thing 4 years
ago (in Russia), but it was still limited to our scope of configurations.
- Original Message -
From: McBurnett, Jim [EMAIL PROTECTED]
To: Alexei Roudnev [EMAIL PROTECTED]; Sam Stickland
[EMAIL PROTECTED]; [EMAIL
Moreover, they can encrypt zip by password and write password inside the
message. As a result, no one virus scan detect
this virus.
And they will find enough idiots, who opens zip, enter password and run
virus.
- Original Message -
From: Todd Vierling [EMAIL PROTECTED]
To: Curtis
Checkpoint is a very strange brand. On the one hand, it is _well known
brand_, _many awards_, _editors choice_, etc etc. I know network consultant,
who installed few hundred of them, and it works.
On the other hand, every time, when I have a deal with this beasts (we do
not use them, but some
101 - 200 of 253 matches
Mail list logo