Re: Anyone running C-Data OLTs?

On 7/10/20 6:22 PM, Alexander Neilson wrote: I haven’t checked (on mobile) but those affected model numbers could confirm if it’s OLT, ONT, or both. Possibly the confusion could come from the bug affecting both. All of the part numbers I was able to find a description of (after sifting throug

Re: Anyone running C-Data OLTs?

I think the article may also be confusing OLT and ONT. They are talking about how the “OLT” that is vulnerable is the device that translates the fibre into the copper Ethernet connected to customers equipment which may indicate these are actually ONT’s being talked about or the article authors

Re: Anyone running C-Data OLTs?

Well here are a couple hundred: https://www.shodan.io/search?query=Command+Line+Interface+for+EPON+System -Keith Mel Beckman wrote on 7/10/2020 1:07 PM: Perhaps you’re confusing OLT with ONT? An OLT is a “curbside” distribution node, the ONT is the CPE. The vulnerability is in the distributi

Re: Anyone running C-Data OLTs?

Perhaps you’re confusing OLT with ONT? An OLT is a “curbside” distribution node, the ONT is the CPE. The vulnerability is in the distribution node, not the CPE. No provider with any sense exposes their distribution node admin interface to the Internet. -mel via cell On Jul 10, 2020, at 1:01 PM

Re: Anyone running C-Data OLTs?

The “WAN” port of an OLT _is_ it’s management port. Data, IPTV, and VoIP traffic pass on VLANs, typically encrypted. These are passive optical network (PON) devices, where all CPE in a group of, say, 32 premises receive the same light via an optical splitter. Thus network partitioning is a requi

Re: Anyone running C-Data OLTs?

Um, from the article it appears that this isn’t on the Management interface, but the WAN port of the OLT. Owen > On Jul 10, 2020, at 11:01 , Mel Beckman wrote: > > But who, who I ask, opens their management interface to the public > Internet?!?! > > Maybe this is vulnerability if you have a

Weekly Routing Table Report

This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG and the RIPE Routing WG. Daily listings are sent to bgp-st...@li

Re: Anyone running C-Data OLTs?

But who, who I ask, opens their management interface to the public Internet?!?! Maybe this is vulnerability if you have a compromised management network, but anybody who opens CPE up to the Internet is just barking mad :-) -mel via cell On Jul 10, 2020, at 10:00 AM, Owen DeLong wrote:  http

Your Voice, Your Vote — Help Shape NANOG's Future 👉

Our success depends on the collective expertise of the NANOG community to help direct and shape our organization in service of our mission. The first of NANOG's two 2020 elections takes place July 20-22. Become a NANOG member before voting opens to exercise your right to participate, and make your

Anyone running C-Data OLTs?

https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/?ftag=TRE-03-10aaa6b&bhid=29077120342825113007211255328545&mid=12920625&cid=2211510872

Re: IPv6 over vxlan+evpn Arista?

Nope the underlay can be v4-v4, just need to be able to carry the v4+v6 overlay to allow for migration of addresses. From: Tyler Conrad Date: Friday, July 10, 2020 at 12:39 PM To: David Hubbard Cc: "nanog@nanog.org" Subject: Re: IPv6 over vxlan+evpn Arista? Do you need to carry the v6 af in t

Re: IPv6 over vxlan+evpn Arista?

Do you need to carry the v6 af in the underlay? I’ve used 6pe/6vPE to carry v6 over v4 next-hops in the overlay without issue, but can’t say I’ve tested a dual-stack vtep. On Fri, Jul 10, 2020 at 08:07 David Hubbard wrote: > Hi all, was curious if anyone is doing dual stack v4/v6 over Arista’s >

IPv6 over vxlan+evpn Arista?

Hi all, was curious if anyone is doing dual stack v4/v6 over Arista’s implementation of vxlan / evpn (the inter-data center transport would be v4)? They have plenty of references for v4 deployments but had to check on v6 support, which can make one nervous; they did confirm it’s supported. Loo

Re: 60ms cross continent

On 10/Jul/20 10:50, Eric Kuhnke wrote: > With common Ku band TVRO (receive only) dishes and decoders, one of > the constraints for moving to higher bitrates is the physical sizes of > the customer dish and economics. > > For a good example go to a very densely populated developing nation > envir

Re: 60ms cross continent

With common Ku band TVRO (receive only) dishes and decoders, one of the constraints for moving to higher bitrates is the physical sizes of the customer dish and economics. For a good example go to a very densely populated developing nation environment. Saddar, central Rawalpindi, Pakistan would be

Re: 60ms cross continent

On 9/Jul/20 22:49, Masataka Ohta wrote: > We should also use IP even over radio waves. IP over MPEG2-TS > over DVB (or terrestrial broadcast network) is doable though > IP directly over DVB should be better. Well, when we moved over from traditional satellites to inclined orbit satellites back