Since this technique requires a IPinIP or GRE tunnel, wouldn't blocking
these two protocols to/from the hosts be sufficient? Assuming of course
the customer's host isn't using that normally.
Chuck
Netco Government Services has recently acquired Multimax and is changing its
name to Multimax I
"Service Area: Networks BGP-announced on the DIX"
Since the intended (and announced) use of this server is just for DIX
networks, blocking NTP from any other networks should be trivial. That
IP address will still be hit by D-Link devices looking for a suitable
server, but with no response, the
It seems a terrorist would benefit from obtaining fiber map
information from the source, rather than googling for outages, and
trying to find needles in haystacks. How well are the internal
databases with fiber path details protected? How hard would it be for
Al-Qaeda to social-engineer
So rather than finish the testing they wanted to do, they rushed it out?
Hmmm. Sounds a little scary to me
Chuck
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Jerry Dixon
Sent: Thursday, January 05, 2006 3:37 PM
To: [EMAIL PROTECTED]
What about all the viruses out there that don't forge addresses?
Sending a warning message makes sense for these. Unless someone has
done the research to determine the majority of viruses forge addresses,
you really can't complain about the fact that the default is to warn.
Calling vendors 'cluel
But be careful about the CPU usage and platform support for NBAR. I
don't think the sup720 will do NBAR, at least that's what I heard.
Chuck Church
Lead Design Engineer
CCIE #8776, MCNE, MCSE
Netco Government Services - Design & Implementation Team
1210 N. Parker Rd.
Greenville, SC 29609
Home
Isn't it just good security practice to limit telnet/SSH access to only
a few choice hosts/subnets? I know I'd never allow the 0/0 net access
to a signon screen, even if it is SSH. If you're on vacation and need
to access something, call your NOC, and have them temporarily allow your
dynamic add
Nanog,
I've been thinking a bunch about this IPv6 multihoming issue.
It seems that the method of hierarchical summarization will keep the
global tables small for all single-homed end user blocks. But the
multihomed ones will be the problem. The possible solution I've been
thinking about
> If that is devising some sort of NAT for the large percentage of
>customers that don't care, then that may be the direction we need to
take.
Doesn't NAT-PT do just this? If I'm an ISP with a million customers, if
I can use NAT-PT along with a IPV4 block of say /13, that seems like a
win. V4-m
Wednesday, September 07, 2005 10:23 AM
To: Church, Chuck
Cc: nanog@merit.edu
Subject: Re: Very funny: While Bush fiddles, New Orleans dies
On 7-Sep-2005, at 17:09, Church, Chuck wrote:
> So how did this newspaper server end up with NANOG posting rights
> anyway???
Servers don't get
So how did this newspaper server end up with NANOG posting rights
anyway???
Chuck Church
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Andrew - Supernews
Sent: Wednesday, September 07, 2005 9:51 AM
To: nanog@merit.edu
Subject: Re: Very funny: While
On Mon, 15 Aug 2005, Church, Chuck wrote:
>
>
> >'enterprise security folks' are probably not the issue... The fact
> remains
> >that lots of folks DO do this :( There are quite a few folks between
> >'consumer' and 'enterprise' tha
>'enterprise security folks' are probably not the issue... The fact
remains
>that lots of folks DO do this :( There are quite a few folks between
>'consumer' and 'enterprise' that do all manner of dumb things on the
>Internet (where 'dumb' is equivalent to running smb shares across the
>public n
I eventually got an email stating it couldn't associate my email address
with an active CCO ID. I'm guessing their system is getting backed up
because it's affecting lots of people. Next step:
"Please email [EMAIL PROTECTED] to have your correct email address
associated
with your User ID. To e
http://www.tomsnetworking.com/Sections-article131.php
Chuck ChurchLead Design EngineerCCIE #8776,
MCNE, MCSENetco Government Services - Design & Implementation
Team1210 N. Parker Rd.Greenville, SC 29609Home office:
864-335-9473Cell: 864-266-3978[EMAIL PROTECTED]PGP key: http://pgp.mit.edu:1
I think this can work. Put a battery backup in the ATA, to power the
GPS and real time clock. The ATA will maintain the internet-routable
address it's using (not necessarily it's own IP address) indefinitely.
If the ATA determines it's routable address (or /23 or whatever subnet)
has changed sin
: 864-335-9473
Cell: 703-819-3495
[EMAIL PROTECTED]
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D
-Original Message-
From: Mark Moseley [mailto:[EMAIL PROTECTED]
Sent: Friday, July 08, 2005 7:17 PM
To: Church, Chuck
Subject: Re: DNS .US outage
Hi. I don't h
ge-
From: Jeroen Massar [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 07, 2005 4:10 AM
To: Randy Bush
Cc: Church, Chuck; nanog@merit.edu
Subject: RE: DNS .US outage
On Wed, 2005-07-06 at 19:19 -1000, Randy Bush wrote:
> > Thanks. Didn't have any *NIX boxes laying around to 'd
up. But when I tried nslookup with a server on
yet a 4th ISP just now, it worked ok. Thanks again.
Chuck
-Original Message-
From: Suresh Ramasubramanian [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 07, 2005 12:34 AM
To: Church, Chuck
Cc: nanog@merit.edu
Subject: Re: DNS .US outa
Anyone else having
issues with .US right now (~12AM EST)? NSlookup, etc show various
.us destinations as unknown domains...
Chuck ChurchLead Design EngineerCCIE #8776,
MCNE, MCSENetco Government Services - Design & Implementation
Team1210 N. Parker Rd.Greenville, SC 29609Home office:
Will sharply 'pulling up' the MED on a rear-facing peer clear the
wedgie, or make it worse???
Sorry, couldn't resist...
Chuck
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Fergie (Paul Ferguson)
Sent: Wednesday, June 15, 2005 1:29 PM
To: nanog@merit
CTED]
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D
-Original Message-
From: Bill Nash [mailto:[EMAIL PROTECTED]
Sent: Friday, April 01, 2005 1:09 PM
To: Church, Chuck
Cc: nanog@merit.edu
Subject: RE: Cisco to merge with Nabisco
On Fri, 1 Apr 2005, Church, Chu
Incorrectly chosen switching path can now result in lost packets AND
indigestion.
Chuck
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Dave Hilton
Sent: Friday, April 01, 2005 12:44 PM
To: nanog@merit.edu
Subject: RE: Cisco to merge with Nabisco
Ru
For what it's worth - I monitored my Vonage call today, which lasted 54
minutes:
Ethernet0/1
Input
Output
Protocol Packet Count Packet Count
Byte Count Byte Count
Yeah, I forgot about the regulation thing. I suppose I'd give the ISP a
call first, but I'd expect it to be working within a few hours. But now
that cable modem providers themselves are providing VoIP/dialtone,
wouldn't those be regulated by the FCC? I know that my cable modem ISP
(Charter) has
Those are good points. Someone last week mentioned what I thought was a
great list of priorities for an ISP:
1. Keep the network running
2. Remove those violating policies
3. Route packets
(or something along those lines)
A 30/50/90 kbps unicast stream isn't going to affect #1. I
don
Maybe a current Verizon employee looking for extra OT...
Chuck Church
Lead Design Engineer
CCIE #8776, MCNE, MCSE
Netco Government Services - Design & Implementation Team
1210 N. Parker Rd.
Greenville, SC 29609
Home office: 864-335-9473
Cell: 703-819-3495
[EMAIL PROTECTED]
PGP key: http://pgp.m
Rob,
Just thinking out loud, but is there any reason that this
route-server methodology couldn't be applied to other 'undesirable'
destinations, such as the world's top spammers, phishing web sites, etc?
Maybe break them up into different communities, so subscribers can pick
which ones th
Isn't weighted fair queueing generally a bad idea on a LAN interface?
Chuck Church
Lead Design Engineer
CCIE #8776, MCNE, MCSE
Netco Government Services - Design & Implementation Team
1210 N. Parker Rd.
Greenville, SC 29609
Home office: 864-335-9473
Cell: 703-819-3495
[EMAIL PROTECTED]
PGP key:
You need to check the switches to make sure they support the xWDM GBICs
though. The older Cisco switches don't support them. Last time I
checked, 3500XLs didn't support them, but 3550s did...
Chuck Church
Lead Design Engineer
CCIE #8776, MCNE, MCSE
Wam!Net Government Services - Design & Imple
30 matches
Mail list logo
