I very often see 1918 space in ICMP responses. It's quite dumb.
-Original Message-
From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu]
Sent: 16 August 2010 14:27
To: Joe Greco
Cc: na...@merit.edu
Subject: Re: BCP38 exceptions for RFC1918 space
On Mon, 16 Aug 2010 06:50:00
On Sun, 22 Aug 2010 22:23:19 -1000, Michael Painter said:
Researchers in South Korea have built a networking router that transmits data
at record speeds from components found in most high-end desktop computers
http://www.technologyreview.com/communications/26096/?nlid=3423
Two great quotes
On Mon, 23 Aug 2010 05:59:43 -0400
valdis.kletni...@vt.edu wrote:
On Sun, 22 Aug 2010 22:23:19 -1000, Michael Painter said:
Researchers in South Korea have built a networking router that transmits
data
at record speeds from components found in most high-end desktop computers
Mark Smith wrote:
On Mon, 23 Aug 2010 05:59:43 -0400
valdis.kletni...@vt.edu wrote:
I missed that, and that answers the was it a GigaBytes verses Gigabits
error question. Nothing new here by the looks of it - people in this
thread were getting those sorts of speeds a year ago out of PC hardware
What other network operator groups are there around the world
The Latin America and the Caribbean NOG meeting will be 19-22
October.http://www.lacnog.org/en/eventos/lacnog-2010/inicio
Call for Presentations deadline, 30
August.http://www.lacnog.org/en/meetings/lacnog-2010/call-presentations
On Sun, 22 Aug 2010 21:57:27 +0200, Mans Nilsson
mansa...@besserwisser.org said:
MN The best option today is to run a full-service resolver on the host;
The DNSSEC-Tools project has instrumented a large number of applications
with an in-application validating resolver. Including OpenSSH
On Sun, 22 Aug 2010, bmann...@vacation.karoshi.com wrote:
On Sun, Aug 22, 2010 at 09:11:43AM -0400, ML wrote:
Is a DNSSEC capable stub resolver not in the cards?
yes it is. unbound was originally designed for that very niche.
Unbound is a full service resolver not a stub resolver.
Are you looking only at Open Source tools? If not you are missing all of
the most widely deployed tools out there (including):
HP Open View
Cisco Works
IBM Tivoli/NetCool
Smarts (now EMC Ionix)
Also a few other open tools:
ZenOSS
Zabbix
You will also need to look at separate security
On Sun, 22 Aug 2010, Mans Nilsson wrote:
OTOH: A thicker stub resolver does indeed exist; lwresd in the BIND
suite. Calling it from applications does however mean using new API
calls; since the traditional resolver API is oblivious to DNSSEC.
lwresd is in fact a full service resolver, though
On 23 aug 2010, at 16.35, Tony Finch wrote:
Unbound is a full service resolver not a stub resolver.
depending on configuration, unbound can be used as both a full service resolve
and a stub.
jakob
Hahahahah
How do we prevent BGP loops? Hahahhaahb
Sent via mobile.
On Aug 23, 2010, at 2:31 AM, Leigh Porter leigh.por...@ukbroadband.com
wrote:
I very often see 1918 space in ICMP responses. It's quite dumb.
-Original Message-
From: valdis.kletni...@vt.edu
On 8/22/2010 3:57 PM, Mans Nilsson wrote:
a DNSSEC capable stub resolver not in the cards?
The best option today is to run a full-service resolver on the host;
which is a tad heavy for most desktops, not to speak about the cache
misses that would cause root server system load. The latter of
The fact hat Verisign kept the domain business and sold the CA
business to Symantec tells which business they think is stronger.
Rubens
On Sat, Aug 21, 2010 at 10:00 PM, ML m...@kenweb.org wrote:
Would a future with a ubiquitous DNSSEC deployment eliminate the market
for commercial CAs?
On 8/23/10 2:31 AM, Leigh Porter wrote:
I very often see 1918 space in ICMP responses. It's quite dumb.
you wouldn't if you filtered rfc 1918 source addresses on your border.
-Original Message-
From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu]
Sent: 16 August 2010 14:27
Oh I do, just not to my workstation ;-)
-Original Message-
From: Joel Jaeggli [mailto:joe...@bogus.com]
Sent: 23 August 2010 16:48
To: Leigh Porter
Cc: valdis.kletni...@vt.edu; Joe Greco; na...@merit.edu
Subject: Re: BCP38 exceptions for RFC1918 space
On 8/23/10 2:31 AM, Leigh Porter
On 08/23/2010 07:40 AM, Scott Berkman wrote:
Are you looking only at Open Source tools? If not you are missing all of
the most widely deployed tools out there (including):
You will also need to look at separate security monitoring software if your
goal is to cover that. Not including any
Hello,
I have a catalyst 6503 with sup32 and was trying to set a tagged vlan
inside a pvlan. Basically I wanna have the behavior of:
switchport mode access
switchport access vlan 101
switchport protected.
So that other machines connected to the 6503 won't be able to
communicate with this
On 8/23/10 2:59 AM, valdis.kletni...@vt.edu wrote:
On Sun, 22 Aug 2010 22:23:19 -1000, Michael Painter said:
Researchers in South Korea have built a networking router that
transmits data at record speeds from components found in most
high-end desktop computers
The fact hat Verisign kept the domain business and sold the CA
business to Symantec tells which business they think is stronger.
FWIW, I remember being at a tech company some of you have heard of
when the CEO announced we'd just sold one of the more profitable
non-core units to help fund
Hello,
I have a catalyst 6503 with sup32 and was trying to set a tagged vlan
inside a pvlan. Basically I wanna have the behavior of:
switchport mode access
switchport access vlan 101
switchport protected.
So that other machines connected to the 6503 won't be able to
communicate with
We offer an optional internet content filtering service to our residential
and business customers using M86's appliance
(http://www.m86security.com/products/web_security/m86-web-filtering-reportin
g-suite.asp).
I've been in conversation with them since Q1 regards IPv6 support, but the
update I
Date: Mon, 23 Aug 2010 06:27:00 -0700
From: Jim Shankland na...@shankland.org
Mark Smith wrote:
On Mon, 23 Aug 2010 05:59:43 -0400
valdis.kletni...@vt.edu wrote:
I missed that, and that answers the was it a GigaBytes verses Gigabits
error question. Nothing new here by the looks of
On 2010-08-23 20:52, Frank Bulk - iName.com wrote:
We offer an optional internet content filtering service to our residential
and business customers using M86's appliance
(http://www.m86security.com/products/web_security/m86-web-filtering-reportin
g-suite.asp).
I've been in conversation
On 8/23/2010 1:17 PM, Joel Jaeggli wrote:
What it really comes down to is packets per watt or packets per dollar,
if it's cheaper to do it this way then people will, if not BFD.
I disagree here. Core routing isn't purchased based on cost, it's
purchased based on support. People have not
(Excuse me if I missed part of the email chain. This may have already been
mentioned)
It could be a bit of an annoyance for configuration but the one method you
could use is to force a proxy internally.
I am a bit unsure why most don't do this already but it has it's flaws.
1) Lack of
Vyatta's commercial products (the bundles with OS+Hardware) come with adequate
support in my experience.
William
(Sorry for topposting. The android email experience is depressingly lacking.)
Andrew Kirch trel...@trelane.net wrote:
On 8/23/2010 1:17 PM, Joel Jaeggli wrote:
What it really
On Mon, 23 Aug 2010 19:46:59 -, khatfi...@socllc.net said:
This would give you some advantages:
1) Content caching - increasing speeds for users while decreasing your
overall bandwidth utilization.
Does anybody have any real-world stats on what size local Squid/whatever cache
they're
On Aug 23, 2010, at 12:25 PM, Andrew Kirch wrote:
On 8/23/2010 1:17 PM, Joel Jaeggli wrote:
What it really comes down to is packets per watt or packets per dollar,
if it's cheaper to do it this way then people will, if not BFD.
I disagree here. Core routing isn't purchased based on cost,
On 8/23/10 12:25 PM, Andrew Kirch wrote:
On 8/23/2010 1:17 PM, Joel Jaeggli wrote:
What it really comes down to is packets per watt or packets per dollar,
if it's cheaper to do it this way then people will, if not BFD.
I disagree here. Core routing isn't purchased based on cost, it's
Jeroen:
Their filtering appliance also filters out free HTTP proxies and anonymizers,
some because their known, others because of signatures. It's not perfect, but
it catches a lot more than what you might think. And we don't market it as the
silver bullet and we let our customers know that
On 23/08/2010 22:14, valdis.kletni...@vt.edu wrote:
Does anybody have any real-world stats on what size local Squid/whatever cache
they're using and what % of bandwidth savings they're seeing? (Bonus points if
you've identified specific things it helps, like Patch Tuesday or whatever).
I have
On Sat, 21 Aug 2010 20:42:01 -0400, Mark Smith
na...@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org wrote:
In IPv6, redirects serve two purposes, where as in IPv4 they only
served one -
IPv4 redirects serve exactly the same two situations... both are
situations where a router would be
My company has used Perimeter E-Security's CounterPhish service for a while
but we are not completely happy with it. Is anyone familiar with any other
vendors that provide such service and are you happy with it?
On 08/23/2010 08:03, Curtis Maurand wrote:
PowerDNS resolver. Very fast, very light.
For the purpose of DNSSEC support powerdns might not be the best choice.
They are late to the game, and only added DNSSEC support reluctantly due
to market pressure. There have been other good suggestions
Really, in this day and age, a chassis throughput of 100G is pretty
trivial. When you start getting up to the Tbps range on a system using
standard components, then I'll be really interested.
i suspect that a rule of thumb is that leading edge home appliances are
one decimal digit behind
I'm afraid this is only slightly operational and limited to a subset of
the NANOG crowd. I apologize profusely in advance for abusing the list
as I might, but I can't think of a more suitable group of people to
approach. I think the essence of the request is in line with the spirit
of NANOG.
As
On 8/23/2010 3:38 PM, John Kristoff wrote:
many of the other instructors they come into contact with
are focusing only on class A, B, C addressing
wow.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
On 8/23/2010 7:54 PM, Dave CROCKER wrote:
On 8/23/2010 3:38 PM, John Kristoff wrote:
many of the other instructors they come into contact with
are focusing only on class A, B, C addressing
wow.
I'm just as surprised as you are. They left out AppleTalk.
On Mon, 23 Aug 2010 20:17:53 -0400
ML m...@kenweb.org wrote:
I'm just as surprised as you are. They left out AppleTalk.
A few classes ago I had a student tell me they had an instructor spend
two full classes (out of 10) on Token Ring. I think Token Ring is
interesting and I feel a little bit
http://condor.depaul.edu/~jkristof/tdc375/
John,
I could not help but take a peak at the class topics. I nearly jumped
out of my seat with joy in seeing the e2e principle
http://web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf
But, then went sad and jaded again when poking around
40 matches
Mail list logo