Justin Shore wrote:
Hank Nussbacher wrote:
At 18:29 24/11/2009 +0900, Randy Bush wrote:
RIS Routing History for AS1712 since 2001:
on what date was AS1712 assigned to the current RIPE holder?
Based on:
ftp://ftp.ripe.net/pub/stats/ripencc/delegated-ripencc-latest
it doesn't show AS1712
cards and tokens are a proxy for the use of a certificate authentication
system...
You can in fact do certificate auth without the use of cards or tokens
or mix and match physical tokens and other private key storage depending
on need with the same authentication backend (typically ldap).
Since
Owen DeLong wrote:
I've never seen anyone use AH vs. ESP.
OSPFv3?
I've always used ESP and so has
every other IPSEC implementation I've seen anyone do.
Owen
On Nov 13, 2009, at 4:22 PM, Jack Kohn wrote:
Hi,
Interesting discussion on the utility of Authentication Header (AH) in
Bill Fehring wrote:
On Sun, Nov 15, 2009 at 20:48, Joel Jaeggli joe...@bogus.com wrote:
Owen DeLong wrote:
I've never seen anyone use AH vs. ESP.
OSPFv3?
Maybe I'm asking a dumb question, but why would one prefer AH over ESP
for OSPFv3?
Header protection... still doesn't provide replay
Randy Bush wrote:
It has been routinely observed in nanog presentations that settlement
free providers by their nature miss a few prefixes that well connected
transit purchasing ISPs carry.
just trying to understand what you mean,
o no transit-free provider actually has all (covering)
Stef Walter wrote:
In this day of and age of wild-west, cowboy attitudes between some of
the biggest players on the Internet, does protecting against these
problems require a routing device that can handle multiple full routing
tables? It would seem so...
It has been routinely observed in
Joe Maimon wrote:
I dont know if communities is really the best thing to keep overloading
this way. Whats wrong with dedicating a new attribute for automating
policy?
Well there's always flowspec, as an example...
valdis.kletni...@vt.edu wrote:
On Tue, 03 Nov 2009 08:11:15 PST, Mike said:
Small-site multi-homing is one of the great inequities of the
Internet and one that can, and should, be solved. I envision an Internet
of the future where anyone with any mixture of any type of network
How about unused and/or private/local diffserve code points?
Ron Bonica wrote:
Folks,
I would love to see the IETF OPSEC WG publish a document on the pros and
cons of filtering optioned packets.
Would anybody on this list be willing to author an Internet Draft?
The juniper pr event at the nyse actually contained some not
unreasonable information on their new silicon.
starts about 25 minutes in (silly registration required)...
http://www.thenewnetworkishere.com/simulcast.html
So this questions we have approached from time to time. Is there some
worth to be had in finding some consensus (assuming such a thing is
possible) on a subset of the features that people use communities for
that could be standardized? particularly in the context of source based
remote triggered
Jack Bates wrote:
Joel Jaeggli wrote:
A standardized set means it can be cooked into documentation, training,
and potentially even products.
Communities (except the standardized well known ones) are extremely
diverse. For those that support even more granular traffic engineering
Brian Johnson wrote:
Last time I checked, and this may have changed, the limit in Linux was
around 4096.
So in this circumstance you could route a /116 to the server. COOL!
These days what we might at one point have refered to as a host or
server may actually be a hardware container with N
On wireless networks you can note the mac address of the rouge server
and dissociate it from the wireless network, this is rather similar to
what we did on switches prior to dhcp protection, it is reactive but it
certainly can be automatic.
Some controller based wireless systems have ips or nac
The second session for the NANOG 47 pgp key signing party will be
during the tuesday morning break (11:00 - 11:30) in the Desoto Foyer.
If you wish to participate in the pgp keysigning there is still time to
add your key to the keyring at:
http://biglumber.com/x/web?ev=97301
Then come to the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Just a quick note,
The NANOG pgp key signing party will be making an appearance at NANOG 47.
The keysigning sessions are going to be held during the monday and
tuesday morning break (11:00 - 11:30) in the Desoto Foyer. It is likely
that we'll
Chris Adams wrote:
I guess I'm missing something; what in section 3 is this referring to?
I can understand /64 or /126 (or maybe /124 if you were going to
delegate reverse DNS?), but why /112 and 16 bits for node identifiers
on a point-to-point link?
It falls on a 16 bit boundry and is
Seth Mattinen wrote:
Leo Bicknell wrote:
Worse, the problem is being made worse at an alarming rate. MPLS
VPN's are quicky replacing frame relay, ATM, and leased line circuits
adding MPLS lables and VPN/VRF routes to edge routers. Various
RIR's are pushing PI for all in IPv6 based on
Scott Howard wrote:
snip
So you're saying that if I put in an 8Mbps ADSL1 connection, then I'm going
to get a guaranteed 8Mbps point-to-point back to the exchange, regardless of
the quality of my phone line, or the distance from the exchange?
snip
(I'm not saying that the article is
Brian Johnson wrote:
So a customer with a single PC hooked up to their broad-band connection would
be given 2^64 addresses?
No, that's a single subnet, typically they should be assigned more than
that.
I realize that this is future proofing, but OMG! That’s the IPv4 Internet^2
for a
Tim Durack wrote:
Thing is, I'm an end user site. I need more that a /48, but probably
less than a /32. Seeing as how we have an AS and PI, PA isn't going to
cut it. What am I supposed to do? ARIN suggested creative subnetting.
We pushed back and got a /41. If IPv6 doesn't scratch an itch,
Just a quick note,
The generally thrice annual NANOG pgp key signing party will be making
an appearance at NANOG 47.
The keysigning sessions are going to be held during the morning breaks
of the general session, and will be location TDB. If there is interest
we'll invite the various CA cert
Christopher Morrow wrote:
Spammers have a lot of variables to change in this equation, RIR's
dont always have the ability to see all of the variables, nor
correlate all of the changes they see :(
Being a crimnal enterprise there are some tools in your kit that a
legitimate business does not
Frank Bulk wrote:
With scarcity of IPv4 addresses, organizations are more desperate than ever
to receive an allocation.
Factual evidence that pi allocation is in fact hard to obtain would be
required to support that statement. The fact of the matter is if you
have a legitimate application
Olsen, Jason wrote:
Howdy all,
What I'm left thinking is that it would have been great if we'd had a
snapshot of our core routing table as it stood hours or even days prior
to this event occurring, so that I could compare it with our current
broken state, so the team could have seen that
Peter Beckman wrote:
On Thu, 10 Sep 2009, Mark Andrews wrote:
What a load of rubbish. How is ARIN or any RIR/LIR supposed to
know the intent of use?
Why don't we just blacklist everything and only whitelist those we know
are good?
Because the cost of determining who is good and
Benjamin Billon wrote:
Why don't we just blacklist everything and only whitelist those we know
are good?
snip
Note we all could start using IPv6 and avoid this problem altogether.
snip
Yeah. When ISP will start receiving SMTP traffic in IPv6, they could
start to accept whitelisted
William Herrin wrote:
The future looks a lot like the past but with more blinking lights.
Seriously, I'm pretty nuts when it comes to networking. My basement is
AS11875, multihomed with about 35mbps of bandwidth. If I can't imagine
how *I* would use more than 16 subnets then it's a safe bet
pos oc-768
pre standard 40G lr4
4 in 1 40 gig mux
100gig 10 in 1 mux with some very tight engineering tolerances
probably others
Mike Callahan wrote:
Just out of curriousity, what type of equipment is used to terminate circuits
of this capacity? My experience stops at the 10GB mark.
Martin Hannigan wrote:
The only question I have is a context switch. Why Mogadishu? Do the (sea)
pirates need more capacity to manage their ship hijacking business?
Because ethiopia is the effectively land-locked economic power in the
neighborhood and it needs diverse landing sites. Also I
Roland Dobbins wrote:
On Aug 8, 2009, at 11:57 AM, Luke S Crawford wrote:
2. is there a standard way to push a null-route on the attackers
source IP upstream?
Sure - if you apply loose-check uRPF (and/or strict-check, when you can
do so) on Cisco or Juniper routers, you can combine
Mark Radabaugh wrote:
I'm looking for new core routers for a small ISP and having a hard time
finding something appropriate and reasonably priced. We don't have
huge traffic levels (1Gb) and are mostly running Ethernet interfaces to
upstreams rather than legacy interfaces (when did OC3
Zartash Uzmi wrote:
Can you say why precisely the cost of Ethernet is low compared to other
viable alternatives?
Becuase there's a lot of it?
Gigabit ethernet ports cost less than 9600bps terminal server ports.
You've got to recall that the genesis of this is dicsussion was the
replacement of a pair for open-wrtized linksys wrt-54g routers, which
have 30mW 2.4ghz radios being used for an 800meter link... There are a
vast continuum (both in terms of performance and cost) of solutions
between that and a
Richard A Steenbergen wrote:
On Wed, Jun 24, 2009 at 12:43:15PM -0700, Randy Bush wrote:
sadly, naively turning up tor to help folk who wish to be anonymous in
hard times gets one a lot of assertive email from self-important people
who wear formal clothes.
folk who learn this the hard way
Pair of Ubuquiti power station 2 or 5 bridges, 5 would be preferable,
under $200 per end.
http://www.ubnt.com/downloads/ps5_datasheet.pdf
Peter Boone wrote:
Hi NANOG,
I'm looking for some equipment recommendations for a wireless bridge between
two locations approximately 500-800 meters
Jason Gurtz wrote:
Are you sure there's not a moisture problem in the antennae cabling? Get
an SWR meter that can handle the 2.4 GHz range and make sure that SWR is
very low (approaching 1:1 but certainly less than 2:1). Hook up the
meter
in-line at the AP. Test this after everything is
Peter Boone wrote:
- Get a unit with radio/antenna integrated, PoE from inside the building
(outdoor rated cat5, shielded I assume),
Actually shielding doesn't matter so much and it requires that the rj45
connector and socket be similarly sheilded to be effective, the salient
points are: uv
Steve Bertrand wrote:
Stephen Kratzer wrote:
And, they have no plans to support IPv6.
Ouch!
I hope this is a non-starter for a lot of folks.
read the rest of the thread...
joel
Steve
Deepak Jain wrote:
Does anyone *use* any eye protection (other that not looking at the
light, turning off the light etc) -- I mean like protective goggles,
etc, when doing simple things like adding/removing patch cables from an
SMF patch panel.
There are osha requirements and ansi
Folks,
Lightning talk submissions are being accepted for the monday tuesday
wednesday slots. Lightning talks are short (10 minutes), topical and
timely. and done at the last minute.
Submissions are made through the NANOG PC's talk submission tool:
https://pc.nanog.org/login.php
Unlike
There are erbium doped raman lasers with output of up to 10 watts
continuous wave, they are (obviously) class 4 devices and are considered
hazardous.
3r and 3b emitters shouldn't be directly exposed to the eye, and carry
an appropriate warnings. the 10-80km stuff should all be 1 or 1m and
does't
link-layer encryption for sonet/atm quite resistant to traffic
analysis... The pipe is full of pdus whether you're using them or not.
valdis.kletni...@vt.edu wrote:
On Tue, 02 Jun 2009 13:54:44 EDT, Martin Hannigan said:
It would also be cheaper to add an additional layer of security with
It's pretty trivial if know where all the construction projects on your
path are...
I've seen this happen on a university campus several times. no black
helicopters were involved.
joel
Charles Wyble wrote:
http://www.washingtonpost.com/wp-dyn/content/article/2009/05/30/AR2009053002114_pf.html
If the pdu contains a surge suppressor and was designed for 120v, plugging in
to 220 will cause the MOV that protects against transient over-voltage to emit
smoke. The breaker or fuse is a current limiting device.
Joel
Pete Templin peteli...@templin.org wrote:
Dave Larter wrote:
Seems like
Oliver Hookins wrote:
Hi all, hopefully this isn't too off topic (since it's datacentre related).
We have an APC AP7952 rack PDU which has stopped working. I believe the
management module is faulty, and it is about 5 years old. APC don't service
these outside of warranty at all so I'm
The African Network Operators Group has quite a good set of workshop
materials for both isp routing (including v6) and DNS (seperate workshops)
weeklong course materials for the routing track are here:
http://www.ws.afnog.org/afnog2009/sie/detail.html
Bryan Campbell wrote:
This is the Nanog
Jitter (e.g. variability in one way or rtt) smokeping is rather good at
measuring...
The question is do you want to instrument the phenomena through active
measurement as smokeping is doing or do you have some application (e.g.
streaming media as an example) that you'd like to instrument because
Greetings NANOG,
We're closing in on the 1 month mark and as I see the BOF that I am
trying to organize now has a slot I thought I'd see if there's anyone I
haven't bugged in person who'd like to participate. In rough terms the
topic is as follows.
Best hopes for low cost high density routers,
Jo Rhett wrote:
On Apr 30, 2009, at 8:45 PM, Joel Jaeggli wrote:
dnsbl shuts down and starts responding with affirmative responses to all
queries, on topic.
On topic for who? Show me how to configure my router to use a dnsbl.
It's on topic for a mailing list about e-mail servers
Seth Mattinen wrote:
I hear this a lot, but how many linksys default channel 6 end users
really have more than one subnet, or even know what a subnet is?
By definition, every single one of them that buys wireless router, then
buys another and hangs it off the first. That happens more often
Gadi Evron wrote:
I asked him about it on IM, wondering if it is real:
looks like that
but requires a sctp app to be running
And which sctcp transport utiltizing app pray tell do you commonly find
running on linux based routers and network infrastructure?
Jack Bates wrote:
Iljitsch van Beijnum wrote:
In v6ops CPE requirements are being discussed so in the future, it
should be possible to buy a $50 home router and hook it up to your
broadband service or get a cable/DSL modem from your provider and the
IPv6 will be routed without requiring
Jo¢ wrote:
I'm confussed, but please pardon the ignorance.
All the data centers we have are at minimum keys to access
data areas. Not that every area of fiber should have such, but
at least should they? Manhole covers can be keyed. For those of
you arguing that this is not enough, I
Roger Marquis wrote:
Why didn't the man in the street pharmacy have its own backup plans?
I assume they, as most of us, believed the government was taking care of
the country's critical infrastructure. Interesting how well this
illustrates the growing importance of the Internet vis-a-vis
deles...@gmail.com wrote:
Not to turn this into an ethical typ discussion but this arguement
would have to assume you could sue the telco not the 'vandal' due to
a loss of life if it occured, and that, that dollar amt would be
greater then 'securing' all cables.
Internet lawyering is a
Martin Hannigan wrote:
On Wed, Apr 8, 2009 at 5:14 PM, Joe Provo nanog-...@rsuc.gweep.net
mailto:nanog-...@rsuc.gweep.net wrote:
Thanks for the feedback - please do keep it coming! We'll pop out
an updated draft to reflect the concensus when some equilibrium is
David Edwards wrote:
At 12:55 PM 4/9/2009, you wrote:
From the news coverage it appears to be in the general area of
http://cow.org/r/?545c
-r
Interesting. The report I got from a vendor was that it is Above.net
with a fiber cut in Redwood City which is affecting a circuit of mine
Nick Hilliard wrote:
On 27/03/2009 15:26, Leo Bicknell wrote:
AFAIK you have to have native peering with them to be part of the
pilot. At least, you did when we signed up. They may have relaxed
that since.
According to a Google IPv6 talk I attended yesterday, they don't intend
to relax
Jason Lewis wrote:
This brings up something I've been thinking about. Are there any free
services that let you submit an IP and get traces back from multiple
geographic locations?
There are plenty of internet measurement projects, but none of them seem
to let you do a live trace and get
Patrick W. Gilmore wrote:
On Feb 19, 2009, at 10:54 AM, Bill Blackford wrote:
In scaling upward. How would a linux router even if a kernel guru were
to tweak and compile an optimized build, compare to a 7600/RSP720CXL
or a Juniper PIC in ASIC? At some point packets/sec becomes a
limitation
Dale W. Carder wrote:
On Feb 18, 2009, at 3:00 PM, Nathan Ward wrote:
On 19/02/2009, at 9:53 AM, Leo Bicknell wrote:
Let me repeat, none of these solutions are secure. The IPv4/DHCP model
is ROBUST, the RA/DHCPv6 model is NOT.
The point I am making is that the solution is still the same
Adrian Chadd wrote:
On Wed, Feb 18, 2009, Tony Hain wrote:
No, the decision was to not blindly import all the excess crap from IPv4. If
anyone has a reason to have a DHCPv6 option, all they need to do is specify
it. The fact that the *nog community stopped participating in the IETF has
Leo Bicknell wrote:
I can't think of a single working
group chair/co-chair that's ever presented at NANOG and asked for
feedback.
Then were busy staring at your laptop and not watching the program.
If the IETF wants this to be a two way street actions would
speak louder than words.
In that
valdis.kletni...@vt.edu wrote:
On Tue, 03 Feb 2009 11:25:40 +0900, Randy Bush said:
snip
Not quite..
2^96 = 79228162514264337593543950336
2^128-2^32 = 340282366920938463463374607427473244160
not quite. let's posit 42 devices on the average lan segment
(ymmv).
42*(2^64) =
Skeeve Stevens wrote:
Owned by an ISP? It isn't much different than it is now.
As long as you are multi-homed you can get a small allocation (/48),
APNIC and ARIN have procedures for this.
Yes, you have to pay for it, but the addresses will be yours, unlike
the RFC1918 ranges which is
Deric Kwok wrote:
Hi
I would like to ask your professional experience about switch throughput
I have Gig Switchs eg: H P3400 /3500, cisco c4 948../ dlink
In their spec, they said that it can handles Gig
So far, I couldn't see their ports are used up over 200M in mrtg graph
when I try to
JF Mezei wrote:
Northern communities in Canada's arctic rely exclusively on satellite
for voice/data.
Not a lot of data flowing comparatively, but it is their only option so
it is more of a mission critical thing than a backup.
Also high latitudes are problematic as far as your link budget
Greetings and happy new year,
As Nanog 45 is quickly approaching, I would encourage anyone who has
been thinking about the problem of address hijacking and mitigation
within the framework of our existing routing system to consider
participating in the Hijack and Tools BOF at, in Santo Domingo. We
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Just a quick note,
The thrice annual NANOG pgp key signing party will be making an
appearance at NANOG 45.
The keysigning sessions are going to be during the morning breaks during
the general session, and will be location TDB.
Monday
David Curran wrote:
Can anyone provide direction (anecdotal or otherwise) on the use of Quagga
in a virtual environment for route servers?
I run it in a real environment on a virtual machine (as a route
reflector)...
Thanks
Scott Weeks wrote:
Ok, I hadn't thought of that. I was thinking of one company in a
non-US country with some assets in the US (but most not) and being
held to US regulations network-wide. How would you stop the traffic
that was not following US regulations from hitting the US?
Ask ISPs
In order to double on schedule from the point where it hit 250k routes
the rate of prefix growth needs to be on the order of 2k prefixes a week...
I'm operating under the assumption that I'm going to need 500k dfz fib
entries around mid 2010 which oddly is about inline with where we
thought we'd
Thank you,
it is appreciated.
Joel
MAWATARI Masataka wrote:
Dear NANOG Colleagues,
We have updated JANOG (Japan Network Operators' Group) English wiki
page.
Recent additions include presentation titles and abstracts for the
JANOG22 meeting, which was held July 2008.
You can view
Tony Patti wrote:
I presume this CNN article falls within the Internet operational and
technical issues (especially security) criteria of the NANOG AUP,
in terms of operat[ing] an Internet connected network,
especially where Chertoff refers to like an anti-aircraft weapon, shoot
down an
Jay R. Ashworth wrote:
On Wed, Sep 10, 2008 at 04:50:15PM -0400, Jay R. Ashworth wrote:
I see in http://www.onesc.net/communities/as3356/ that L3 doesn't permit
customers to multihome the 4/8 space that they inherited from BBN, via
GTE, etc, ad nauseum...
and I'm curious whether anyone knows
Jay R. Ashworth wrote:
On Wed, Sep 03, 2008 at 12:58:53PM -0400, Nicholas Suan wrote:
On Sep 3, 2008, at 12:49 PM, Jay R. Ashworth wrote:
You're forgetting that 587 *is authenticated, always*.
I'm not sure how that makes much of a difference since the usual spam
vector is malware that has
Paul Wall wrote:
On Wed, Sep 3, 2008 at 8:29 PM, Jo Rhett [EMAIL PROTECTED] wrote:
On Aug 26, 2008, at 12:26 AM, Paul Wall wrote:
Routing n*GE at line rate isn't difficult these days, even with all
64-byte packets and other DoS conditions.
Linksys, D-Link, SMC, etc are able to pull it off on
Greetings,
It's not to late to think about sharing with your peers...
Got a tool you use to monitor dns or ip hijacking, got some practices
for monitoring your prefixes for anonlous events, have a commercial
product you use that does one of these really well? Have some experience
managing ipv6
William Pitcock wrote:
Hi,
We're looking at using Mikrotik's RouterOS for some some sort of
software routing solution as part of our network in combination with
supervised layer3 switching doing most likely some sort of limited BGP.
Does anyone else here run it? Is it any good? Is it better
Darden, Patrick S. wrote:
Was looking over 1918 again, and for the record I have only run into one
network that follows:
If two (or more) organizations follow the address allocation
specified in this document and then later wish to establish IP
connectivity with each other, then there
and 172.16/12 use?
--p
-Original Message-
From: Joel Jaeggli [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 06, 2008 11:21 AM
To: Darden, Patrick S.
Cc: nanog@nanog.org
Subject: Re: was bogon filters, now Brief Segue on 1918
Darden, Patrick S. wrote:
*randomly* from the reserved
to work ok for some time...
--p
-Original Message-
From: Joel Jaeggli [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 06, 2008 1:31 PM
To: Darden, Patrick S.
Cc: nanog@nanog.org
Subject: Re: was bogon filters, now Brief Segue on 1918
That's comical thanks. come back when you've done
Warren Kumari wrote:
On Jul 29, 2008, at 10:43 PM, Darryl Dunkin wrote:
Hubs sure are fun...
This might be a stupid question, but where can one get small hubs these
days? All of the common commodity (eg: 4 port Netgear) hubs these
days are actually switches.
What I am looking for is:
Adrian Chadd wrote:
On Sun, Jul 20, 2008, Joel Jaeggli wrote:
Software switched routers have little pressure on fib limitions. For a
certain class of application the software switched edge router is in a
much better position to accommodate fib growth than a device with a
fixed sized cam.
I
the current situation that is unexpected, or intractable.
Are there any folks for whom this statement isn't working?
PF
-Original Message-
From: Joel Jaeggli [mailto:[EMAIL PROTECTED]
Sent: Sunday, July 20, 2008 1:02 PM
To: Adrian Chadd
Cc: nanog@nanog.org
Subject: Re: virtual aggregation
[EMAIL PROTECTED] wrote:
Sounds like he's used to used IRC, not mailing lists.
There used to be an IRC channel where a lot of NANOG
folks hung out. Anyone care to publicize the channel
name and which IRC network carries it?
--Michael Dillon
from the nanog mailing list...
From: Tim Brown
To:
that that point you're basically filtering by ip again, you
can do that with a bgp community. That's not really smtp filtering anymore.
Frank
-Original Message-
From: Joel Jaeggli [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 2:20 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject
Netfortius wrote:
Has anybody used (and been successful at) a bit-torrent-like agent for fast
distribution of LEGAL software (install programs of large-DVD size), across
multiple sites, all over the globe, with bad WAN connectivity? I have read a
couple of references online (e.g.
Sean Donelan wrote:
But my actual question, which I neglected to include, Is Net-26 still
seeing queries to the 26.0.0.73 root after 18 years?
26/8 doesn't appear in the routing table. so unless it's getting queries
from inside the dod all those packets should fall on the floor the first
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The keysigning sessions are going to be during the morning breaks during
the general session, and will be located in the Gleason/Roebling rooms.
Monday June 2nd11:00-11:30
Tuesday June 3rd11:00-11:30
If you plan to
Dorn Hetzel wrote:
There is a really huge difference in the ease with which payment from a
credit card can be reversed if fraudulent, and the amount of effort
necessary to reverse a wire transfer. I won't go so far as to say that
reversing a wire transfer is impossible, but I would claim it's
http://www.otaotr.com | Phone: 914-460-4039
aim: matthewbhuff | Fax: 914-460-4139
-Original Message-
From: Joel Jaeggli [mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 29, 2008 9:09 AM
To: Dorn Hetzel
Cc: nanog@nanog.org mailto:nanog
Barry Shein wrote:
On May 29, 2008 at 06:46 [EMAIL PROTECTED] (Joel Jaeggli) wrote:
Dorn Hetzel wrote:
Yeah, there was a day when anyone could buy a pickup truck full of
ammonium nitrate fertilizer from a random feed store and not attract any
attention at all, now, maybe not. Just
as the basic human condition are
devoted to the business of managing opportunity vs risk and the
mitigation of the later where possible.
On May 29, 2008 at 11:10 [EMAIL PROTECTED] (Joel Jaeggli) wrote:
Barry Shein wrote:
On May 29, 2008 at 06:46 [EMAIL PROTECTED] (Joel Jaeggli) wrote:
Dorn
Mark Smith wrote:
On Sat, 17 May 2008 09:34:19 -0500
[EMAIL PROTECTED] wrote:
On Sat, May 17, 2008 at 04:47:02PM +0930, Matthew Moyle-Croft wrote:
I'm sure it'll be good for a number of security providers to hawk their
wares.
If the way of running this isn't out in the wild and it's
Dragos Ruiu wrote:
First of all about prevention, I'm not at all sure about this being
covered by existing router security planning / BCP.
I don't believe most operators reflash their routers periodically, nor
check existing images (particularly because the tools for this
integrity
Gadi Evron wrote:
On Sun, 18 May 2008, Joel Jaeggli wrote:
Dragos Ruiu wrote:
First of all about prevention, I'm not at all sure about this being
covered by existing router security planning / BCP.
I don't believe most operators reflash their routers periodically, nor
check existing images
Gadi Evron wrote:
The question isn't IF routers have security vunerabilities
Nope, the question is not about if routers have security vulnerabilities.
The question is how operators and organizations can defend their routers
against rootkits, and cisco's practices.
The existence proof of
Kai Chen wrote:
Hi, here is a quick question.
1. Beside public peering in IXP and private peering between two dedicated
ASes, are there any other interconnection models in the current Internet?
There is the model where all partcipants peer through agency of 3rd
party. That tends to be looked
801 - 900 of 925 matches
Mail list logo