Hi all,
Does anyone have a technical or peering contact at Belpak / Beltelecom
(AS 66697) to address
an apparent netblock hijacking issue?
AS6697 is advertising the 2.2.2.0/24 address space which is under
AS3215 management.
We've tried to announce the same prefix but it's difficult to get the
On Sat, 27 Oct 2012 11:16:10 +0100, Darren O'Connor said:
All vendors should be writing in depth architecture books. The Juniper MX
book is a great example. Tell us exactly what your product can do and we'll
likely use more of it
On the flip side, if you document what your product is probably
On 29 October 2012 12:43, valdis.kletni...@vt.edu wrote:
On Sat, 27 Oct 2012 11:16:10 +0100, Darren O'Connor said:
All vendors should be writing in depth architecture books. The Juniper
MX
book is a great example. Tell us exactly what your product can do and
we'll
likely use more of it
The core issue here is TCP MSS. PMTUD is a dynamic process for
adjusting MSS, but requires that ICMP be permitted to negotiate the
connection. The realistic alternative, in a world that filters all
ICMP traffic, is to manually rewrite the MSS. In IOS this can be
achieved via ip tcp adjust-mss
Hi Ray,
MSS rewriting has been well known and broadly applied for a long
time now, but only applies to TCP. The subject of MSS rewriting
comes up all the time in the IETF wg discussions, but has failed
to reach consensus as a long-term alternative.
Plus, MSS rewriting does no good for
corruption!
http://mina.naguib.ca/blog/2012/10/22/the-little-ssh-that-sometimes-couldnt.html
/bill
Hello Sarah
Seems like they are not advertising it anymore. AS6697 has transit from
Level3 and peering/transit from HE. Both of them show path to AS3215 for
that prefix now.
http://lookingglass.level3.net/
BGP query on all sites seems OK for now.
Also same on results from Oregon as well as
On Mon, Oct 29, 2012 at 10:07 AM, bmann...@vacation.karoshi.com wrote:
corruption!
http://mina.naguib.ca/blog/2012/10/22/the-little-ssh-that-sometimes-couldnt.html
/bill
This is an excellent full-stack debugging war story.
Thanks for posting it, Bill.
--
-george william herbert
*Greetings NANOG Colleagues,
As usual for our October meetings, there has been a lot happening with our
elections process and more announcements to come over the next few days.
We wanted to give you a quick heads-up.
Huge thank yous to our Executive Director, Betty Burke, our NANOG
Secretariat,
On Mon, 29 Oct 2012 bmann...@vacation.karoshi.com wrote:
corruption!
http://mina.naguib.ca/blog/2012/10/22/the-little-ssh-that-sometimes-couldnt.html
Bush league. I debugged a similar issue on Sprint's network about 15
years ago, also nailing it down to which router/router hop had the
We're evaluating several tools at the moment, and one vendor wants to
dynamically scan our network to pick up hosts - SNMP, port-scans, WMI, the
works. I was curious if anyone had any particularly gruesome horror stories of
scanning tools run amok.
On 10/29/2012 02:54 PM, Jon Lewis wrote:
Bush league. I debugged a similar issue on Sprint's network about 15
years ago, also nailing it down to which router/router hop had the problem
When I was working for Sprint about 12 years ago, we had a circuit where
the customer complained that we
Sorry, glanced at this and thought it was someone having problems with
tunnel MTU without adjusting TCP MSS.
Nice work, though my preference is to avoid tunnels at all costs :-)
On Mon, Oct 29, 2012 at 12:39 PM, Templin, Fred L
fred.l.temp...@boeing.com wrote:
Hi Ray,
MSS rewriting has
On Mon, 29 Oct 2012, Pedersen, Sean wrote:
We're evaluating several tools at the moment, and one vendor wants to
dynamically scan our network to pick up hosts - SNMP, port-scans, WMI,
the works. I was curious if anyone had any particularly gruesome horror
stories of scanning tools run amok.
Hi there,
I have the same problem in my network, I have GRE tunnel for transfering
users real internet traffic, they have problems with browsing websites like
yahoo.com or microsoft.com.
I had to set ip mtu 1500 to solve it, and it occurs fragmantation...
Thanks
On Mon, Oct 29, 2012 at 10:47 PM,
It all depends on what tools they are using and how you have your system
setup.
Both NMAP and Nessus can check system\service to see if common accounts
have default or non password at all.
This can cause these accounts to be locked out.
There are other exploits that can cause systems\services to
On 29/10/2012 19:25, Justin M. Streiner wrote:
Also, if you're doing IPv6, the performance metrics for many network
devices can be a bit more of a moving target.
I'd almost be tempted to set up a few machines doing v6 only on the LAN,
with some trivial to exploit telnet/SNMP access then
*Greetings NANOG Colleagues, *
*
The Board has completed the Program Committee selection process. This
year, twenty members submitted their candidacies for eight available
positions. We want to thank each and every one of them for considering
this important service to our community and
I heard a story in the past year of someone that had a system get scanned and
it opened a ticket with their IT department for each time they scanned them.
Eventually the IT department system crashed due to the excessive number of
tickets being opened by their scanning tool.
The network was
On 10/29/12 12:10 -0700, Pedersen, Sean wrote:
We're evaluating several tools at the moment, and one vendor wants to
dynamically scan our network to pick up hosts - SNMP, port-scans, WMI, the
works. I was curious if anyone had any particularly gruesome horror
stories of scanning tools run amok.
Templin, Fred L wrote:
Yes; I was aware of this. But, what I want to get to is
setting the tunnel MTU to infinity.
Essentially, its time the network matured to the point where
inter-networking actually works (again), seamlessly.
I agree.
Joe
On Oct 29, 2012, at 3:46 PM, Joe Maimon jmai...@ttec.com wrote:
Templin, Fred L wrote:
Yes; I was aware of this. But, what I want to get to is
setting the tunnel MTU to infinity.
Essentially, its time the network matured to the point where inter-networking
actually works (again),
On Mon, Oct 29, 2012 at 4:01 PM, Jared Mauch ja...@puck.nether.net wrote:
On Oct 29, 2012, at 3:46 PM, Joe Maimon jmai...@ttec.com wrote:
Templin, Fred L wrote:
Yes; I was aware of this. But, what I want to get to is
setting the tunnel MTU to infinity.
Essentially, its time the network
*Greetings NANOG Colleagues, *
*
*
*The Board has completed the Development Committee selection process for
2012.
We are pleased to announce the two-year term appointment of Michael
Buchner, Jezzibell Gilmore, Gina Haspillaire and Misako Manca and the
one-year term appointment of Michael Rascoe
On Mon, Oct 29, 2012 at 03:46:57PM -0400, Joe Maimon wrote:
Templin, Fred L wrote:
Yes; I was aware of this. But, what I want to get to is
setting the tunnel MTU to infinity.
Essentially, its time the network matured to the point where
inter-networking actually works (again),
Jared Mauch wrote:
On Oct 29, 2012, at 3:46 PM, Joe Maimon jmai...@ttec.com wrote:
Templin, Fred L wrote:
Yes; I was aware of this. But, what I want to get to is
setting the tunnel MTU to infinity.
Essentially, its time the network matured to the point where inter-networking
bmann...@vacation.karoshi.com wrote:
On Mon, Oct 29, 2012 at 03:46:57PM -0400, Joe Maimon wrote:
Templin, Fred L wrote:
Yes; I was aware of this. But, what I want to get to is
setting the tunnel MTU to infinity.
Essentially, its time the network matured to the point where
On Oct 29, 2012, at 4:43 PM, Joe Maimon jmai...@ttec.com wrote:
Jared Mauch wrote:
On Oct 29, 2012, at 3:46 PM, Joe Maimon jmai...@ttec.com wrote:
Templin, Fred L wrote:
Yes; I was aware of this. But, what I want to get to is
setting the tunnel MTU to infinity.
During scans at various times in the past (and depending on throttling and
settings of that scan) we've seen:
1) small remote site firewalls doing site to site vpns drop a small number of
packets
2) locally installed remote control service popup a 'user has been
disconnected' error on PCs when
I wish you luck in getting your host IP stacks to work properly without
ICMP, especially as you deploy IPv6.
From what I've heard, ICMPv6 is already being filtered, including
PTBs. I have also heard that IPv6 fragments are also being dropped
unconditionally along some paths. So, if neither
Jared Mauch wrote:
ICMP is just not the way it is ever going to work.
I wish you luck in getting your host IP stacks to work properly without ICMP,
especially as you deploy IPv6.
- Jared
Precisely the state we are in. Looking for luck.
Joe
On Mon, Oct 29, 2012 at 04:44:40PM -0400, Joe Maimon wrote:
bmann...@vacation.karoshi.com wrote:
On Mon, Oct 29, 2012 at 03:46:57PM -0400, Joe Maimon wrote:
Templin, Fred L wrote:
Yes; I was aware of this. But, what I want to get to is
setting the tunnel MTU to infinity.
*Greetings NANOG Colleagues, *
*
The Board has completed the Communications Committee selection process for
2012.
We are pleased to announce the two-year term appointment of Larry Blunk,
Colin Corbett and Andrew Koch to the Communications Committee.
We also want to thank and recognize Randy
bmann...@vacation.karoshi.com wrote:
you mean its safe to turn off the VPNs?
/bill
Quite the reverse.
Joe
so its tunnels all the way down... maybe we should just go back to
a circuit oriented network, eh?
/bill
Its not safe to turn on VPNs.
Joe
On Mon, Oct 29, 2012 at 10:54 AM, Ray Soucy r...@maine.edu wrote:
The core issue here is TCP MSS. PMTUD is a dynamic process for
adjusting MSS, but requires that ICMP be permitted to negotiate the
connection. The realistic alternative, in a world that filters all
ICMP traffic, is to manually
Hi Bill,
Maybe something as simple as clearing the don't fragment flag and
adding a TCP option to report receipt of a fragmented packet along
with the fragment sizes back to the sender so he can adjust his mss to
avoid fragmentation.
That is in fact what SEAL is doing, but there is no
True, but it could be used as an alternative PMTUD algorithm - raise the
segment size and wait for the I got this as fragments option to show up...
Of course, this only works for IPv4. IPv6 users are SOL if something in the
middle is dropping ICMPv6.
-C
On Oct 29, 2012, at 4:02 PM, Templin,
On Mon, Oct 29, 2012 at 2:10 PM, Pedersen, Sean sean.peder...@usairways.com
wrote:
I was curious if anyone had any particularly gruesome horror stories of
scanning tools run amok.
A particular model of ShoreTel voice switches I used to administer (running
VxWorks, IIRC) would reliably lock
On 10/03/2012 09:52 AM, Seth Mos wrote:
Op 3-10-2012 18:33, Kevin Broderick schreef:
I'll add that in the mid-90's, in a University Of Washington lecture
hall, Vint Cerf expressed some regret over going with 32 bits. Chuckle
worthy and at the time, and a fond memory
- K
Pick a number between
:
:corruption!
:
:
:http://mina.naguib.ca/blog/2012/10/22/the-little-ssh-that-sometimes-couldnt.html
I ran into a similar issue with a customer just a few days ago! The
customer's theory was that there was something badly wrong with their
dorky gateway/switch (which we sold and support sigh).
Templin, Fred L wrote:
I wish you luck in getting your host IP stacks to work properly without
ICMP, especially as you deploy IPv6.
From what I've heard, ICMPv6 is already being filtered, including
PTBs.
As v6 PTBs are specified to be generated even against
multicast packets, it is of course
On Oct 29, 2012, at 3:55 PM, Rutis, Cameron
6) large stacks of 3750s (six or more members) have issues around CPU during
certain SNMP commands (I want to say some sort of getbulk type of command)
The first four were pretty minor although #3 could generate a lot of calls to
the
On Mon, Oct 29, 2012 at 12:10:40PM -0700, Pedersen, Sean wrote:
We're evaluating several tools at the moment, and one vendor wants to
dynamically scan our network to pick up hosts - SNMP, port-scans, WMI,
the works. I was curious if anyone had any particularly gruesome horror
stories of
43 matches
Mail list logo