Re: Scanning the Internet for Vulnerabilities

[Matthew Craig]

The intent behind vulnerability scans is good, however the majority of DOS 
attacks that my networks encounter these days are from cybersecurity 
organizations conducting cybersecurity research.

Funding requests for DOS mitigation solutions to protect my networks from 
cybersecurity researchers are not taken seriously.




-
Matt








On Jun 20, 2022, at 12:55 PM, Randy Bush mailto:ra...@psg.com>> 
wrote:

**Warning: This email originated external to the NMSU email system. Do not 
click on links or open attachments unless you are sure the content is safe.

I treat these folk with the same respect they afford me. Not once in
30 years of having a connected network (v4 or v6) has any entity asked
"is it OK if we .. ?".

how strange, considering you are replying to a thread doing so.

fwiw, i appreciate vuln scanners.  i do not have the hubris or tools to
think i run a flawless network or servers.

randy

Re: V6 still not supported

[Matthew Craig]

This huge conversation has been fun to follow.


I like my IPv6 transition plan:

Instead of moving the mountains and breaking my back to migrate (by myself) my 
ENTIRE not-so-small organization to IPv6, I keep things going on IPv4 
relatively burden-less to my organization till I retire.


Then the contractor that comes in after me (certainly a contractor, because the 
pool of clueful people to hire is small and getting smaller) can execute the 
transition and make a killing by causing more problems, and draining budgets to 
fix those problems, which cause more problems, etc... in a nice vicious cycle.  
I could even decide to be said contractor!


My CISO is on my side.  He DEMANDS as critical components of his Security 
Posture: IPv4 NAT, and easier-to-type IPv4 ACL segmentation (clueful people to 
hire is small)!  :)




This plan continues to be self-validating.  I like my plan.




-
Matt








On Mar 24, 2022, at 5:44 AM, Mark Delany 
mailto:k...@november.emu.st>> wrote:


On 24Mar22, Pascal Thubert (pthubert) allegedly wrote:
Hello Mark:

Any such "transition plan" whether "working" or "straightforward" is
logically impossible. Why anyone thinks such a mythical plan might yet be
formulated some 20+ years after deploying any of ipv6, ipv4++ or ipv6-lite is
absurd.

This is dishonest

My point is that if there was a real transition plan it would have been 
invented and
executed by now and we'd all be on ipv6. Yet the reality is that here we are 
some 20 years
later with no plan and no ubiquitous ipv6. How is that observation dishonest?

considering that I just proved on this very thread that such ideas existed

I don't know why you're conflating an idea with a plan - they are about as far 
away from
each other as is possible. Frankly no one cares about ideas, they're a dime a 
dozen.

A plan is an actionable, compelling and logical set of steps towards an end 
result. Do you
have such a thing for moving everyone on the planet to ipv6?

Here's a simple test of whether you have a plan or not. I'm connected via my 
legacy ipv4
ISP router completely oblivous to ipv6. How does your plan incentivise me to 
upgrade my
router to support ipv6?

When you have an answer to that, you might have a glimmer of a plan.


Mark.

Zero-Touch Deployment Remote Office solution?

[Matthew Craig]

We have a bunch of small remote offices where we deploy cheap routers with VPN 
tunnels back to the central office.  This is a very static process with high 
overhead… we have to manage each remote router separately, and the offices do 
not have tech personnel that can handle local office issues.

We're looking for a more centrally managed and automated zero-touch remote 
office solution, like the Cisco Virtual Office, where the local non-clueful 
people don't have to do much.

http://www.cisco.com/en/US/netsol/ns855/index.html



Does anyone have any experience / feeback for this Cisco Virtual Office 
solution or have recommendations for alternative solutions.



- Matt