Re: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

2016-02-12 Thread Marco Teixeira
Hi, First, understand how it's done, then maybe you can think of something. https://blog.exodusintel.com/2016/02/10/firewall-hacking/ If you are stopping IKE with ACL's, you probably need to address NAT-T as well (udp:4500). But if you are doing that, you probably don't need IKE active at the

Re: Shared cabinet "security"

2016-02-12 Thread Sean
Some examples from where I work: - Open space, but your own cabinet. We have open areas where there are rows of half and full cabinets where customers can rent space. That cabinet space is theirs, but they’re in the open and anyone can get to the physical cabinet. While in general the cabinets

Re: Shared cabinet "security"

2016-02-12 Thread Jay R. Ashworth
- Original Message - > From: "Mike Hammett" > > If you have multiple entities in a shared space, how can you mitigate the > chances of someone doing something (assuming accidentally) to disrupt your > operations? I'm thinking accidentally unplug the wrong power cord,

Re: Automated alarm notification

2016-02-12 Thread Phil Clarke
> On 11 Feb 2016, at 21:51, Frank Bulk wrote: > > Is anyone aware of software, or perhaps a service, that will take SNMP > traps, properly parse them, and perform the appropriate call outs based on > certain content, after waiting 5 or 10 minutes for any alarms that don't >

Re: PCH Peering Paper

2016-02-12 Thread Livingood, Jason
How does it look when you examine it by not the count of sessions or links but by the volume of overall data? I wonder if it may change a little like 50% of the volume of traffic is covered by a handshake. (I made 50% up - could be any percentage.) Jason >On 2/10/16, 6:34 PM, "NANOG on behalf

RE: Automated alarm notification

2016-02-12 Thread Casey, David
We've been using Statseeker for some time now. It costs but it's been well worth the investment as a monitoring solution with the ability to parse incoming syslog messages and generate alerts. David Casey, CCNP Network Engineer 3 Presbyterian Healthcare Services Albuquerque, New Mexico Office:

re: PCH Peering Paper

2016-02-12 Thread Livingood, Jason
How does it look when you examine it by not the count of sessions or links but by the volume of overall data? I wonder if it may change a little like 50% of the volume of traffic is covered by a handshake. (I made 50% up - could be any percentage.) Jason PS - My email address has changed and

Weekly Routing Table Report

2016-02-12 Thread Routing Analysis Role Account
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, SAFNOG, PaNOG, SdNOG, BJNOG, CaribNOG and the RIPE Routing WG. Daily listings are sent to

Re: Shared cabinet "security"

2016-02-12 Thread Mike Hammett
That moment when you hit send and remember a couple things… Of course labeling of the cables. Maybe colored wire loom for fiber and DACs in the vertical spaces to go along with the previously mentioned color scheme? - Mike Hammett Intelligent Computing Solutions

Re: Shared cabinet "security"

2016-02-12 Thread Otto Monnig
Mistake prevention is the key. Neatness counts. Label everything - cubicle, equipment, cables using high quality labels that won’t fall off. Use a meaningful labeling scheme. Label both sides of the equipment with letters large enough for everyone to read. Color coding is nice until you have

Re: algorithm used by (RIPE region) ISPs to generate automatic BGP prefix filters

2016-02-12 Thread Max Tulyev
Hi Martin, well, not only as-set and route. Assuming only legitimate owner of inetnum and aut-num have passwords for mntner from that objects can modify their RIPE DB objects and can create routes. So to create a route object, you have to have access for inetnum and aut-num objects (that can be

Re: Shared cabinet "security"

2016-02-12 Thread Bevan Slattery
In a past life we worked with our supplier to create physically separate sub-enclosures.1/2 and 1/3. Able to build in a separate and secure cable path for interconnects to the meet-me-room and connection to power supplies. Can be done and I think there are now rack suppliers that do this as

Re: Shared cabinet "security"

2016-02-12 Thread Mike Hammett
I am finding a bunch of covers for the front. I do wish they stuck out more than an inch (like two). http://www.middleatlantic.com/~/media/middleatlantic/documents/techdocs/s_sf%20series%20security%20covers_96-035/96_035s_sf.ashx It looks like these guys stick out 1.5”. That may be workable…

RE: PCH Peering Paper

2016-02-12 Thread Phil Bedard
I was going to ask the same thing, since even for settlement free peering between large content providers and eyeball networks there are written agreements in place. I would have no clue on the volume percentage but it's not going to be near 99%. Phil From: Livingood, Jason Sent: Friday,

Re: Shared cabinet "security"

2016-02-12 Thread Mike Hammett
There are more options when you're not just using someone else's datacenter. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com - Original Message - From: "Bevan Slattery" To: "Mike Hammett"

Re: PCH Peering Paper

2016-02-12 Thread Niels Bakker
* bedard.p...@gmail.com (Phil Bedard) [Sat 13 Feb 2016, 01:40 CET]: I was going to ask the same thing, since even for settlement free peering between large content providers and eyeball networks there are written agreements in place. I would have no clue on the volume percentage but it's not