Hi all,
I wonder where we can find the base of packet loss rate of Global famous
provider.
For example, the packet loss value of Sprint and NTT-Verio is same 0.3 % at
their SLA.
Best regards
Chiyoung
=
Chi-Young Joung
SAMSUNG NETWORKS Inc.
Email:
For Defense in depth I would use multi-tiered approach.
Stateless ACL at Border for bound checks
Stateful FW for Checking sessions
Outbound ACLs on Innerchoke points
Application Intelligence and DDOS mitigation by IPS between Border and
Firewall
Endpoint Security using Enterprise Anti-Virus agent
Hopefully these RFC's have (in sum total over the last 40 years) sufficient
operational content to merit mention per the NANOG AUP.
Tony Patti
CIO
S. Walter Packaging Corp.
t...@swalter.com
http://www.nytimes.com/2009/04/07/opinion/07crocker.html?_r=1&emc=eta1
How the Internet Got Its Rules
By
On Apr 8, 2009, at 4:05 AM, Michael Helmeste wrote:
However, I wanted to get other opinions of what packet filtering
solutions people use in the border and in the
core, and why.
Stateless ACLs in hardware at the edge are important both for
infrastructure self-protection (i.e., iACLs) and
On Wed, 08 Apr 2009 09:20:34 +1000
Karl Auer wrote:
> On Wed, 2009-04-08 at 10:46 +1200, Nathan Ward wrote:
> > > I'd be interested to hear why people use firewalls.
>
> > End hosts are not always trustworthy.
> >
> > If a host is compromised, should it be able to send anything and
> > everyt
On Wed, 2009-04-08 at 10:46 +1200, Nathan Ward wrote:
> > I'd be interested to hear why people use firewalls.
> End hosts are not always trustworthy.
>
> If a host is compromised, should it be able to send anything and
> everything out to the public network?
A packet filter looks at the "top s
On 8/04/2009, at 10:32 AM, Karl Auer wrote:
I'd be interested to hear why people use firewalls. I've never felt
the
need, myself - am I living in a fool's paradise?
End hosts are not always trustworthy.
If a host is compromised, should it be able to send anything and
everything out to th
On Wed, 2009-04-08 at 07:04 +0930, Mark Smith wrote:
> It seems there is a trend towards moving host protection on to the
> hosts themselves, onto or closer to the resource or entity being
> protected. It's basically following the cliche, "If you want something
> to be done properly, you need to do
While there are no specific audit requirements, overall traffic auditing
(not just for dropped packets) is definitely something I'm considering.
One way of gathering this data without using a firewall would seem to be
netflow; I don't think netflow specifically calls out (or even shows?)
traffic bl
Hello all,
So, for once in my life I have not left things till the last minute :-)
NANOG 46 is still a ways off, but I'd like to invite y'all to start
thinking about topics for the ISP Security BOF, either things that you
would like to present, or things that you are interested in and would
Beware off using ACL filtering on 6500s with many vlans (100+) and long
acls (hundred+ lines)...
You'll soon find out more than you ever wanted to know about TCAM,
different TCAM types used in various sup's and what the limitations
imposed by TCAM on processing ACLs in hardware...
Sam Crooks
On Tue, 07 Apr 2009 13:05:31 -0700
Michael Helmeste wrote:
> Hi all,
> One of the duties of my current place of employ is reorganizing the
> network. We have a few Catalyst 6500 series L3 switches, but currently
> do all packet filtering (and some routing) using a software based
> firewall. Don
On 4/7/09, Michael Helmeste wrote:
> Hi all,
> One of the duties of my current place of employ is reorganizing the
> network. We have a few Catalyst 6500 series L3 switches, but currently
> do all packet filtering (and some routing) using a software based
> firewall. Don't ask me, I didn't de
Michael,
Do you have logging or audit requirements to your filters?
We use ACLs almost everywhere for non-stateful filtering, but
there are a few locations (e.g. HIPPA) that require an
audit trail which is perhaps better accomplished by a firewall.
Eric :)
On Tue, Apr 07, 2009 at 01:05:31PM -0
Been troubleshooting a very strange problem for a couple of weeks now.
I have a few hundred systems deployed throughout the United States
utilizing EVDO connectivity with Verizon as a carrier. They are stationary.
Over the past few weeks clusters of them in SF and Lewisville TX and a
few othe
On Tue, 7 Apr 2009, Michael Helmeste wrote:
Current security requirements are only based on TCP and non-stateful
UDP src/dst net/port filtering, and so my suggestion was to use ACLs
applied on the routed interface of each VLAN. There was some talk of
using another software based firewall or a C
Hi all,
One of the duties of my current place of employ is reorganizing the
network. We have a few Catalyst 6500 series L3 switches, but currently
do all packet filtering (and some routing) using a software based
firewall. Don't ask me, I didn't design it :)
Current security requirements are o
On 2009/04/07 03:33 PM Chris Jackman wrote:
On Tue, Apr 07, 2009 at 11:53:07AM +0200, Colin Alston wrote:
I've reported spam to this AS before, and I don't recall ever getting a
response.
I'm wondering how many others see spam from it? Is it worth while
continuing or should I just stop accept
Leo Bicknell writes:
> "shipping", no, "moving" yes.
>
> In past lives I've hired the same good folks who you might use to
> move your house to move entire racks. The major moving companies
> have teams who have experience with eletronic equipment, including
> full racks. Any quality 4 post ra
I've reported spam to this AS before, and I don't recall ever getting
a response.
I'm wondering how many others see spam from it? Is it worth while
continuing or should I just stop accepting SMTP from there?
They seem to have some dubious customers hosted on there, a large
amount seems to co
20 matches
Mail list logo
