Aaron Glenn wrote:
On 7/28/08, Seth Mattinen [EMAIL PROTECTED] wrote:
Junpier's J-series is a BSD based platform as far as I understand it.
ImageStream is *much* more affordable for me, but is Linux-based, and I fear
...snip...
AFAIK, none of Juniper's Juniper kit rocks BSD outside of
however, since it is off-topic for nanog
ha ha. please stop telling people that they are off topic for nanog.
randy
* Paul Vixie:
Listen on 200 random fake ports (in addition to the true query ports);
at first glance, this is brilliant, though with some unimportant nits.
It doesn't work OOTB for most users because the spoofed packets never
reach the name server process if you don't use the ports to send
On Tue, 29 Jul 2008 13:06:40 +0100
Stephane Bortzmeyer [EMAIL PROTECTED] wrote:
On Fri, Jul 25, 2008 at 12:36:57PM -0400,
Steven M. Bellovin [EMAIL PROTECTED] wrote
a message of 29 lines which said:
I've been talking to US Gov't folks, too. They really want DNSSEC
(and secure BGP...)
Colin Alston wrote:
Why does it use UDP? :P
Faster? Smaller? Less code to break? No perceived need for state?
--
Requiescas in pace o email Two identifying characteristics
of System Administrators:
Ex turpi causa non oritur actio
On Tue, 29 Jul 2008 15:56:19 +0200
Colin Alston [EMAIL PROTECTED] wrote:
DNS uses UDP.
Ahh yes of course..
Why does it use UDP? :P
In this situation, UDP uses one query packet and one reply. TCP uses 3
to set up the connection, a query, a reply, and three to tear down the
connection.
On Tue, 29 Jul 2008, Steven M. Bellovin wrote:
On Tue, 29 Jul 2008 15:56:19 +0200
Colin Alston [EMAIL PROTECTED] wrote:
DNS uses UDP.
Ahh yes of course..
Why does it use UDP? :P
In this situation, UDP uses one query packet and one reply. TCP uses 3
to set up the connection, a query,
Andrew D Kirch wrote:
Anyone have experience with RouterOS (http://www.mikrotik.com/)?
Created mostly to run on these guys I think
(http://www.routerboard.com/comparison.html) which generally don't
get above 200k pps on the higher models.. But will RouterOS run on
bigger boxen?
Yes I do, and
On Tue, 29 Jul 2008, Steven M. Bellovin wrote:
In this situation, UDP uses one query packet and one reply. TCP uses 3
to set up the connection, a query, a reply, and three to tear down the
connection. *Plus* the name server will have to keep state for
every client, plus TIMEWAIT state, etc.
We mainly use UDP for tracker announces, and only use TCP when we have
to, and can confirm that the server spends far more time on the TCP
setup/teardown than on computing the tracker response.
- LP
On Jul 29, 2008, at 12:21 PM, Mikael Abrahamsson wrote:
On Tue, 29 Jul 2008, Steven M.
-- Forwarded message --
Date: Tue, 29 Jul 2008 11:31:11 +0100
From: Andy Davis [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Remote Cisco IOS FTP exploit
Hi,
The IOS FTP server vulnerabilities were published in an advisory by
Cisco in May 2007. The FTP server does not run
We've deployed a bunch taps in our network and now we need a platform on
which to capture the data. Our bandwidth is currently pretty low but
I've got 8 links to tap, which means I need 16 ports. Has anyone done any
research on doing accurate packet capture with commodity hardware?
--
Check out packet forensics depending on what your ultimate
requirements are.
Jared Mauch
On Jul 29, 2008, at 7:10 PM, John A. Kilpatrick [EMAIL PROTECTED]
wrote:
We've deployed a bunch taps in our network and now we need a
platform on which to capture the data. Our bandwidth is
On Wed, Jul 30, 2008 at 12:35 AM, Jared Mauch [EMAIL PROTECTED] wrote:
Check out packet forensics depending on what your ultimate requirements are.
I would also add a 'see packet forensics'...
On Jul 29, 2008, at 7:10 PM, John A. Kilpatrick [EMAIL PROTECTED]
wrote:
We've deployed a bunch
Richard's blog @ http://taosecurity.blogspot.com/search?q=taps and
especially his books (Tao of Network Security Monitoring and Extrusion
Detection) are the best sources I have ever found, concerning [not only]
taps and[/but] so much more on the subject - proper usage and best
methodologies and
There are several things that you can do with open source solutions,
however looking at the data may be a bit more difficult than something
like Network Generals or Solera Networks capture appliances. It is
still doable and is definitely much much cheaper...
Something you might want to look into
Hubs sure are fun...
I would trunk the ports you are monitoring, and run the port monitor on
the trunk port instead (one trunk port, one port per VLAN, plus one
span) which will help with your density. This is assuming the analysis
software you have can read the dot1q tags, but means you do not
17 matches
Mail list logo