Re: Software Defined Networking

2015-09-06 Thread John Levine 
I've taken to sending such mail back with a note "message deleted at
your request".

The more urgent the question, the better.

R's,
John

RES: Any Tool to replace Peakflow CP

2015-09-06 Thread Aluisio da Silva 
Thank you all for the comments.

Does anyone know about FlowTraq and DeepField tools?

Thanks.

Aluísio da Silva
Coordenação de Planejamento e Engenharia
CTBC
(34) 3256-2471
(34) 9976-0471
www.ctbc.com.br

-Mensagem original-
De: alvin nanog [mailto:nano...@mail.ddos-mitigator.net]
Enviada em: domingo, 6 de setembro de 2015 00:22
Para: Aluisio da Silva 
Cc: nanog@nanog.org; alvin nanog 
Assunto: Re: Any Tool to replace Peakflow CP


hi aluisio

On 09/06/15 at 02:01am, Aluisio da Silva wrote:
> Hello,
>
> Does anyone here have a suggestion for a tool to replace Peakflow CP from 
> Arbor Networks?

# for reference
http://www.arbornetworks.com/products

> Please if possible you would like hear some suggestions.

- sflow based
http://www.sflow.com/products/floodprotect.php
http://www.inmon.com/technology/sflowTools.php

http://www.andrisoft.com/software/wanguard
http://www.github.com/FastVPSEestiOu/fastnetmon
http://www.packetdam.com
http://www.radware.com/Products/DefenseFlow

- netflow based
?cisco url?

http://nfdump.sourceforge.net
http://nfsen.sourceforge.net
http://sourceforge.net/projects/panoptis

- jflow based
?juniper?

magic pixie dust
alvin
#
# DDoS-Mitigator.com
#

> Thanks.
>
> Aluísio da Silva
> Coordenação de Planejamento e Engenharia CTBC
> (34) 3256-2471
> (34) 9976-0471
> www.ctbc.com.br



Esta mensagem,incluindo seus anexos,pode conter informação confidencial e/ou 
privilegiada,sendo de uso exclusivo dos destinatários. Seu conteúdo não deve 
ser revelado.Caso você não seja o destinatário autorizado a receber esta 
mensagem,não poderá usar,copiar ou divulgar as informações nela contidas ou 
tomar qualquer ação baseada nesse e-mail,por favor,comunique ao remetente e a 
elimine imediatamente.Não nos responsabilizamos por opiniões e/ou declarações 
veiculadas por e-mail não ficando obrigada ao cumprimento de qualquer condição 
constante deste instrumento.

This message,including its attachments,contains and/or may contain confidential 
and privileged information.If you are not the person authorized to receive this 
message,you may not use,copy or disclose the information contained therein or 
take any action based on this information.If this message is received by 
mistake,please notify the sender by immediately replying to this email and 
deleting its files.We appreciate your cooperation.

Re: Extraneous "legal" babble--and my reaction to it.

2015-09-06 Thread Larry Sheldon 

On 9/6/2015 14:18, Scott Weeks wrote:



--- rdr...@direcpath.com wrote:
From: Robert Drake 

Maybe people could adopt an unofficial-official
end-of-signature flag.  Then you could have
procmail strip everything after the flag:
-


It could be much easier.  Folks that care about the
mailing list rules, want to be courteous to list
folks and want to use their company email, rather
than one that inserts no disclaimer, could put 15
lines of blank as part of their signature.  This
would force all the crap far enough down the page
that it wouldn't be bothersome.



Since nobody uses Telebit Trailblazers anymore--that is probably not a 
bad idea.



--
sed quis custodiet ipsos custodes? (Juvenal)

Re: Software Defined Networking

2015-09-06 Thread Rich Kulawiec 
On Fri, Sep 04, 2015 at 06:59:36PM -0400, valdis.kletni...@vt.edu wrote:
> Does anybody have a citation that legal disclaimers attached to
> publicly posted mail aren't null and void?  

Disclaimers are invalid on their face because they're an attempt
to unilaterally enforce contractual terms without a meeting of the
minds -- something required for a valid contract.  They're "adhesions",
i.e., they're provisions so one-sided that it's immediately obvious
that they've been dictated by one side and not agreed to by both
as the result of some kind of bargaining or negotiation.

The two best references I'm aware of in this regard are:

Stupid E-mail Disclaimers and the Stupid Users that Use Them
http://attrition.org/security/rants/z/disclaimers.html

Quoting in part:

"We can't help it--this really makes us nuts. When will these
people learn? You transmitted your crappy mind-numbing message
to us, in plain text, over the public internet. It's ours (and
whoever is sniffing our mail) to do with as we please and you
can't have it back, so piss off. We won't delete it, we will
publish it, we will forward it, and there is nothing you can do
about it. Go ahead, take us to court, but try to find a shred
of legal precedent first, ok?"

and:

Don't Include Bogus Legalistic Boilerplate.
http://www.river.com/users/share/etiquette/#legalistic

Quoting in part:

"First, such boilerplate contains useless adhesions, meaning
the explicit and implied threats they make are particularly
annoying. If you send something via email, the recipients (are
you sure you aren't sending to a mailing list?) and anyone else
who sees your clear text postcard in transit can undetectably and
with full deniability do whatever they want with the information
written on it in plain view. Even casual users of email know
email is not a secure communications medium. Thus the threats in
typical bogus legalistic boilerplate are naught but an attempt
at highly improper intimidation. Demands made in this manner
will be regarded as evidence of a hostile attitude on your
part by a significant portion of recipients. The threats will
negatively affect how your recipients perceive the other ideas
in your message."


---rsk

Re: Extraneous "legal" babble--and my reaction to it.

2015-09-06 Thread Scott Weeks 


--- larryshel...@cox.net wrote:
From: Larry Sheldon 
On 9/6/2015 14:18, Scott Weeks wrote:

> --- rdr...@direcpath.com wrote:
> From: Robert Drake 
>
> Maybe people could adopt an unofficial-official
> end-of-signature flag.  Then you could have
> procmail strip everything after the flag:
> -
>
> It could be much easier.  Folks that care about the
> mailing list rules, want to be courteous to list
> folks and want to use their company email, rather
> than one that inserts no disclaimer, could put 15
> lines of blank as part of their signature.  This
> would force all the crap far enough down the page
> that it wouldn't be bothersome.

Since nobody uses Telebit Trailblazers anymore--that 
is probably not a bad idea.
---


https://en.wikipedia.org/wiki/The_Times_They_Are_a-Changin'_%28song%29

:-)

scott

Re: Any Tool to replace Peakflow CP

2015-09-06 Thread Harry Hoffman 
Hi Aluisio,

Have you had a look at Lancope's Stealthwatch?

If you go that route give a shout as we've written a bunch of scripts to
do things like scan detection and new service alerting.

Cheers,
Harry


On 9/5/15 10:01 PM, Aluisio da Silva wrote:
> Hello,
>
> Does anyone here have a suggestion for a tool to replace Peakflow CP from 
> Arbor Networks?
>
> Please if possible you would like hear some suggestions.
>
> Thanks.
>
> Aluísio da Silva
> Coordenação de Planejamento e Engenharia
> CTBC
> (34) 3256-2471
> (34) 9976-0471
> www.ctbc.com.br
>
>
>
>
> Esta mensagem,incluindo seus anexos,pode conter informação confidencial e/ou 
> privilegiada,sendo de uso exclusivo dos destinatários. Seu conteúdo não deve 
> ser revelado.Caso você não seja o destinatário autorizado a receber esta 
> mensagem,não poderá usar,copiar ou divulgar as informações nela contidas ou 
> tomar qualquer ação baseada nesse e-mail,por favor,comunique ao remetente e a 
> elimine imediatamente.Não nos responsabilizamos por opiniões e/ou declarações 
> veiculadas por e-mail não ficando obrigada ao cumprimento de qualquer 
> condição constante deste instrumento.
>
> This message,including its attachments,contains and/or may contain 
> confidential and privileged information.If you are not the person authorized 
> to receive this message,you may not use,copy or disclose the information 
> contained therein or take any action based on this information.If this 
> message is received by mistake,please notify the sender by immediately 
> replying to this email and deleting its files.We appreciate your cooperation.

Re: internet visualization

2015-09-06 Thread Sander Steffann 
>   one of my colleagues just posted this visualiation
> of the internet from the as_path view of 2914.  if you are on
> a mobile, you have to physically move your device around.
> 
>   http://as2914.net/
> 
>   If you love it, send Job your accolades.  If you hate it,
> see above disclaimer.  If in a country with a holiday on monday,
> enjoy it safely.

WOW, nice!
Sander

Re: Extraneous "legal" babble--and my reaction to it.

2015-09-06 Thread Larry Sheldon 

On 9/6/2015 11:46, Robert Drake wrote:


Maybe people could adopt an unofficial-official end-of-signature flag.
Then you could have procmail strip everything after the flag:
 --
 This is my signature
 My phone number goes here
 I like dogs
 -- end of signature --
 Everything below here and to the right of here was inserted by my
mailserver, which is run by lawyers who don't understand you can't
enforce contracts through emails to public mailing lists. Please delete
if you're not the intended recipient.


Of course, when you route around something like this it usually comes
back 10 fold, but maybe if it became worthless they might do things the
right way and put stuff like this in email headers.

X-Optional-Flags:  Delete-if-not-intended-recipient,
might-contain-secret-company-information-we-didn't-bother-to-encrypt

Then let the email clients try to work out what that means.


Please see https://en.wikipedia.org/wiki/Signature_block

I thought that was in rfc 2822, but I can not find it.






--
sed quis custodiet ipsos custodes? (Juvenal)

Re: Extraneous "legal" babble--and my reaction to it.

2015-09-06 Thread Robert Drake 



On 9/4/2015 6:31 PM, Stephen Satchell wrote:


I, for one, feel your pain in this matter.  When I was a consultant in 
The Bad Ol' Days, I had so many telephone numbers where I *could* be 
that my .sig would be a run-on one as well.  As a compromise, I had my 
cell number and a hyperlink to a Web site page with the full monte.


That was before I joined NANOG, so I never tested the tolerance of the 
people here with that solution.


When I was employed as a full-timer (including now) my "work" mail has 
the same sort of crap.  One option you might want to consider is to 
use a personal e-mail account for places like NANOG with the 
single-line disclaimer "Views expressed herein may not be my 
employer's view"


Maybe people could adopt an unofficial-official end-of-signature flag.  
Then you could have procmail strip everything after the flag:

--
This is my signature
My phone number goes here
I like dogs
-- end of signature --
Everything below here and to the right of here was inserted by my 
mailserver, which is run by lawyers who don't understand you can't 
enforce contracts through emails to public mailing lists. Please delete 
if you're not the intended recipient.



Of course, when you route around something like this it usually comes 
back 10 fold, but maybe if it became worthless they might do things the 
right way and put stuff like this in email headers.


X-Optional-Flags:  Delete-if-not-intended-recipient, 
might-contain-secret-company-information-we-didn't-bother-to-encrypt


Then let the email clients try to work out what that means.

Re: Any Tool to replace Peakflow CP

2015-09-06 Thread Pavel Odintsov 
Hello!

Thanks for recommendation, Alvin!

As author of FastNetMon I will be very glad to hear some feedback
about my tool and could help with configuration / development :)



On Sun, Sep 6, 2015 at 6:22 AM, alvin nanog
 wrote:
>
> hi aluisio
>
> On 09/06/15 at 02:01am, Aluisio da Silva wrote:
>> Hello,
>>
>> Does anyone here have a suggestion for a tool to replace Peakflow CP from 
>> Arbor Networks?
>
> # for reference
> http://www.arbornetworks.com/products
>
>> Please if possible you would like hear some suggestions.
>
> - sflow based
> http://www.sflow.com/products/floodprotect.php
> http://www.inmon.com/technology/sflowTools.php
>
> http://www.andrisoft.com/software/wanguard
> http://www.github.com/FastVPSEestiOu/fastnetmon
> http://www.packetdam.com
> http://www.radware.com/Products/DefenseFlow
>
> - netflow based
> ?cisco url?
>
> http://nfdump.sourceforge.net
> http://nfsen.sourceforge.net
> http://sourceforge.net/projects/panoptis
>
> - jflow based
> ?juniper?
>
> magic pixie dust
> alvin
> #
> # DDoS-Mitigator.com
> #
>
>> Thanks.
>>
>> Aluísio da Silva
>> Coordenação de Planejamento e Engenharia
>> CTBC
>> (34) 3256-2471
>> (34) 9976-0471
>> www.ctbc.com.br



-- 
Sincerely yours, Pavel Odintsov

Re: Any Tool to replace Peakflow CP

2015-09-06 Thread alvin nanog 

hi pavel

On 09/06/15 at 06:11pm, Pavel Odintsov wrote:
> Thanks for recommendation, Alvin!
 
just "on the list of flow stuff to look at"
- opensource like fastnetmon is good for techies and solving problems
- commercial products may be what large corp purchasing folks like

i've looked into the flow based products and got more confused :-)

> As author of FastNetMon I will be very glad to hear some feedback
> about my tool and could help with configuration / development :)

cool ...

i went googlin around and found some additional info for the url list

> On Sun, Sep 6, 2015 at 6:22 AM, alvin nanog
>  wrote:
> >
> > hi aluisio
> >
> > On 09/06/15 at 02:01am, Aluisio da Silva wrote:
> >> Hello,
> >>
> >> Does anyone here have a suggestion for a tool to replace Peakflow CP from 
> >> Arbor Networks?
> >
> > # for reference
> > http://www.arbornetworks.com/products
> >
> >> Please if possible you would like hear some suggestions.
> >
> > - sflow based
- sflow based # trademark owned by inmon 
http://www.sflow.org/products  == list of vendors and collectors 
> > http://www.sflow.com/products/floodprotect.php

their blog.sflow.com has lots of feedback and comparisons

> > http://www.inmon.com/technology/sflowTools.php
http://www.inmon.com/products
> >
> > http://www.andrisoft.com/software/wanguard
> > http://www.github.com/FastVPSEestiOu/fastnetmon
> > http://www.packetdam.com
> > http://www.radware.com/Products/DefenseFlow
> >
- netflow based -- netflow prototcol superceded by IPFIX
http://www.cisco.com/go/netflow
 
http://www.openbsd.org/cgi-bin/man.cgi?query=pflow=4=OpenBSD+Current

one day, i'll go poke around at linux-based tools like openbsd's pflow

> >
> > http://nfdump.sourceforge.net
> > http://nfsen.sourceforge.net
> > http://sourceforge.net/projects/panoptis

- openflow based
http://www.opennetworking.org/sdn-resources/openflow
http://www.radware.com/Products/DefenseFlow

> > - jflow based
juniper.net/us/en/products-services/security/
- still can't find the jflow info :-(

magic pixie dust
alvin
#
# DDoS-Mitigator.com/Competitors/#Flow
#

Re: Extraneous "legal" babble--and my reaction to it.

2015-09-06 Thread Scott Weeks 


--- rdr...@direcpath.com wrote:
From: Robert Drake 

Maybe people could adopt an unofficial-official 
end-of-signature flag.  Then you could have 
procmail strip everything after the flag:
-


It could be much easier.  Folks that care about the 
mailing list rules, want to be courteous to list 
folks and want to use their company email, rather 
than one that inserts no disclaimer, could put 15 
lines of blank as part of their signature.  This 
would force all the crap far enough down the page 
that it wouldn't be bothersome.

scott