RE: OpenSource IPTV and VoD Solution

Hi, I don't know if it meets your requirements but there is DVBlast: http://www.videolan.org/projects/dvblast.html BRs, Quentin Carpent Network Engineer -Message d'origine- De : Vlad Galu [mailto:g...@packetdam.com] Envoyé : mercredi 16 novembre 2011 06:18 À : Meftah Tayeb Cc : nanog

AS9929 - Anyone with Clue

Hi all. If there's anyone on here from AS9929 (Chine Netcom) with some clue, kindly ping me off-list. Thanks. Cheers, Mark. signature.asc Description: This is a digitally signed message part.

Re: Foundry MRP cohabit with STP

MRP and STP are configured under VLAN, same physical interface tagged with different VLANs can participate both MRP and STP in different VLAN, if you are asking MRP and STP under the same VLAN, that is not a valid configuration, think about it, what if MRP wants to block an interface but STP wants

Question about operational concerns with Routing Protocol Security

Howdy, while enjoying some (oddly not controversial) meeting time at the IETF, one of the presenters (Sam Hartman[1]) noted he's looking for some people to chat with with respect to 'deployment scenarios' surrounding network gear and protocol security. Today that probably takes the form of things

Re: Minimum Allocation Size by RIRs (IPv4)

/24 as minimal allocation is only for end-users and critical infrastructure. For ISPs (LIRs) the minimal allocation is /22. /as On 16 Nov 2011, at 00:30, Rubens Kuhl wrote: > LACNIC: /24 - http://lacnic.net/en/politicas/manual3.html

FW: Savvis broken link / underperforming between DC and Atlanta?

All: I did not see a reply to this. Anyone else having a problem on this link? Lorell From: Lorell Hathcock [mailto:lor...@hathcock.org] Sent: Friday, November 11, 2011 9:10 AM To: nanog@nanog.org Subject: Savvis broken link / underperforming between DC and Atlanta? Any one else s

Re: OpenSource IPTV and VoD Solution

On Nov 14, 2011, at 10:25 PM, Meftah Tayeb wrote: > thank you for that > is a rtsp server no problem > but how do i stream Live DVB traffic through it ? > Thank you > To be honest I haven't followed its development closely lately (although I contribute occasionally with networking related patc

Re: Arguing against using public IP space

In message <28327223.2951.1321412909463.javamail.r...@benjamin.baylink.com>, Ja y Ashworth writes: > - Original Message - > > From: "Mark Andrews" > > > In message > > <29838609.2919.1321392184239.javamail.r...@benjamin.baylink.com>, Ja > > y Ashworth writes: > > > > >> If your firewall

Re: Arguing against using public IP space

- Original Message - > From: "Mark Andrews" > In message > <29838609.2919.1321392184239.javamail.r...@benjamin.baylink.com>, Ja > y Ashworth writes: > > > >> If your firewall is not working, it should not be passing > > > >> packets. > > > > > > > > And of course, things always fail just

Re: Arguing against using public IP space

In message , William Herrin writes: > On Tue, Nov 15, 2011 at 8:20 PM, Mark Andrews wrote: > > Given that most NATs only use a small set of address on the inside > > it is actually feasible to probe through a NAT using LSR. > > Most attacks don't do this as there are lots of lower hanging fruit

Re: Arguing against using public IP space

On Tue, Nov 15, 2011 at 8:20 PM, Mark Andrews wrote: > Given that most NATs only use a small set of address on the inside > it is actually feasible to probe through a NAT using LSR. > Most attacks don't do this as there are lots of lower hanging fruit Mark, My car can be slim-jimmed. Yet the loc

Re: Arguing against using public IP space

On Wed, 2011-11-16 at 12:20 +1100, Mark Andrews wrote: > You are making assumptions about how the NAT is designed. > [...] > Unless you know the internals of a NAT you cannot say whether it > fails open or closed. Indeed not! From 2010, during an identical discussion: http://seclists.org/nano

Re: Arguing against using public IP space

In message <29838609.2919.1321392184239.javamail.r...@benjamin.baylink.com>, Ja y Ashworth writes: > > >> If your firewall is not working, it should not be passing packets. > > > > > > And of course, things always fail just the way we want them to. > > > > Your stateful firewall is no more likely

Re: OpenSource IPTV and VoD Solution

asting but i didn't found anything for RTSP any help Would by welcome thank you Meftah Tayeb IT Consulting http://www.tmvoip.com/ phone: +21321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 6633 (2015) __ T

Re: OpenSource IPTV and VoD Solution

Antivirus, version of virus signature > database 6633 (2015) __ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > -- PacketDam: a cost-effective software solution against DDoS http://www.packetdam.com

OpenSource IPTV and VoD Solution

1321656139 Mobile: +213660347746 __ Information from ESET NOD32 Antivirus, version of virus signature database 6633 (2015) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com

Re: Arguing against using public IP space

> - Original Message - > > From: "Joe Greco" > > > And some products, say like FreeBSD (which forms the heart of things > > like pfSense, so let's not even begin to argue that it "isn't a > > firewall") can actually be configured to default either way. > > By Owen's definition, it's not.

Re: Have they stopped teaching Defense in Depth?

On Tue, Nov 15, 2011 at 4:50 PM, Mark Andrews wrote: > If you want to use unroutable addresses then use a bastion host / > proxy.  Don't expect to be able to open a TCP socket and have it > connect to something on the outside.  Do it right or don't do it > at all. Mark, What is a modern NAT but

Re: Have they stopped teaching Defense in Depth?

In message <33284158.2915.1321391772464.javamail.r...@benjamin.baylink.com>, Jay Ashworth write s: > - Original Message - > > From: "William Herrin" > > > That your computer is not globally addressable ADDS one layer of > > security in a process you hope has enough layers to prevent an

Re: Arguing against using public IP space

Sent from my iPad On Nov 15, 2011, at 4:10 PM, Jay Ashworth wrote: > - Original Message - >> From: "Owen DeLong" > >> If your firewall is not working, it should not be passing packets. > > Yes; your arguments all seem to depend on that property being true. > > But we call it a *fai

Re: Arguing against using public IP space

- Original Message - > From: "Owen DeLong" > >> If your firewall is not working, it should not be passing packets. > > > > And of course, things always fail just the way we want them to. > > Your stateful firewall is no more likely to fail open than your > header-mutilating device. Ple

Re: Arguing against using public IP space

- Original Message - > From: "Joe Greco" > And some products, say like FreeBSD (which forms the heart of things > like pfSense, so let's not even begin to argue that it "isn't a > firewall") can actually be configured to default either way. By Owen's definition, it's not. > So basically

Have they stopped teaching Defense in Depth?

- Original Message - > From: "William Herrin" > That your computer is not globally addressable ADDS one layer of > security in a process you hope has enough layers to prevent an attack > from penetrating. > > And make no mistake: successful security is about layers, about DEPTH. > You ca

Re: Arguing against using public IP space

- Original Message - > From: "Owen DeLong" > If your firewall is not working, it should not be passing packets. Yes; your arguments all seem to depend on that property being true. But we call it a *failure* for a reason, Owen. What the probability is of a firewall failing in such a f

Re: Arguing against using public IP space

- Original Message - > From: "Valdis Kletnieks" > And this is totally overlooking the fact that the vast majority of *actual* > attacks these days are web-based drive-bys and similar things that most > firewalls are configured to pass through. Think about it - if a NAT'ed > firewall provi

Re: Arguing against using public IP space

On Nov 15, 2011, at 9:14 AM, Leigh Porter wrote: > > On 15 Nov 2011, at 15:36, "Owen DeLong" wrote: > >> >> On Nov 15, 2011, at 2:57 AM, Leigh Porter wrote: >> >>> >>> >>> On 14 Nov 2011, at 18:52, "McCall, Gabriel" >>> wrote: >>> Chuck, you're right that this should not happen- bu

Re: Arguing against using public IP space

On Nov 15, 2011, at 9:15 AM, William Herrin wrote: > On Mon, Nov 14, 2011 at 7:35 PM, Jeroen van Aart wrote: >> William Herrin wrote: >>> If your machine is addressed with a globally routable IP, a trivial >>> failure of your security apparatus leaves your machine addressable >>> from any other

Re: Arguing against using public IP space

On 11/13/11 07:36, Jason Lewis wrote: I don't want to start a flame war, but this article seems flawed to me. It seems an IP is an IP. http://www.redtigersecurity.com/security-briefings/2011/9/16/scada-vendors-use-public-routable-ip-addresses-by-default.html I think I could announce private IP

Re: Arguing against using public IP space

On 11/15/11 09:15, William Herrin wrote: On Mon, Nov 14, 2011 at 7:35 PM, Jeroen van Aart wrote: William Herrin wrote: If your machine is addressed with a globally routable IP, a trivial failure of your security apparatus leaves your machine addressable from any other host in the entire world

Re: Arguing against using public IP space

> On Tue, 15 Nov 2011, Joe Greco wrote: > > Or perhaps a better argument would be that routers really ought to > > default to deny. :-) I'd be fine with that, but I can hear the > > screaming already. > > er. you've forgotten "en; conf t; ip routing" to turn off the default "no > ip routing" (

Re: Arguing against using public IP space

On Tue, 15 Nov 2011 17:16:23 GMT, Leigh Porter said: > Quite right.. I bet all Iran's nuclear facilities have air gaps but they let > people in with laptops and USB sticks. And that's the point - *most* networks have so many bigger issues that the whole "NAT makes us secure" mantra is dangerous se

Re: Arguing against using public IP space

On Tue, Nov 15, 2011 at 5:57 AM, Leigh Porter wrote: > As somebody else mentioned on this thread, a NAT box with private space on > one side fails closed. This is a myth; just like NAT provides security is a myth. It doesn't matter if your firewall performs NAT or not; if it fails, traffic will

Re: Arguing against using public IP space

On Tue, 15 Nov 2011, Joe Greco wrote: Or perhaps a better argument would be that routers really ought to default to deny. :-) I'd be fine with that, but I can hear the screaming already. er. you've forgotten "en; conf t; ip routing" to turn off the default "no ip routing" (or "no ip forwar

Re: Arguing against using public IP space

> On Nov 15, 2011, at 7:54 AM, Joe Greco wrote: > >> If you put a router where you needed a firewall, then, this is not a = > >> failure of the firewall, but, a > >> failure of the network implementor and the address space will not have = > >> any impact whatsoever > >> on your lack of security. >

Packets dropped passing from Qwest to Verizon

Hello, I'm looking looking for a POC at Qwest (AS209) or Verizon (AS701) to help diagnose what looks like a stale bogon filter. The packets drop where Qwest (63.146.26.210) peers with Verizon (152.63.2.130). Thanks in advance! Regards, Tim H.

Re: Arguing against using public IP space

On Tue, 15 Nov 2011 09:56:38 EST, William Herrin said: > A firewall's job is to prevent the success of ACTIVE attack vectors > against your network. If your firewall successfully restricts > attackers to passive attack vectors (drive-by downloads) and social > engineering vectors then it has done

RE: Cell-based OOB management devices

We pay $4 per SIM with at&t then about $2.50 per MB. Cheers Ryan From: PC [mailto:paul4...@gmail.com] Sent: Tuesday, November 15, 2011 12:15 PM To: Ryan Finnesey Cc: rche...@rochester.rr.com; nanog@nanog.org; David Hubbard Subject: Re: Cell-based OOB management devices Second this.

Re: Arguing against using public IP space

On Mon, Nov 14, 2011 at 7:35 PM, Jeroen van Aart wrote: > William Herrin wrote: >> If your machine is addressed with a globally routable IP, a trivial >> failure of your security apparatus leaves your machine addressable >> from any other host in the entire world which wishes to send it > > Isn't

Re: Cell-based OOB management devices

Second this. Custom APN to AT&T with ipsec lan2lan VPN built to the provider. Works great for this. Once you get rid of the vpn need, you can use any cheap console server. I've seen solutions ranging from little opengear boxes (which are great to ship to a remote site to help a tech set somethin

Re: Arguing against using public IP space

Quite right.. I bet all Iran's nuclear facilities have air gaps but they let people in with laptops and USB sticks. -- Leigh On 15 Nov 2011, at 14:48, "Chuck Church" wrote: > -Original Message- > From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] > Sent: Tuesday, Novembe

Re: Arguing against using public IP space

On 15 Nov 2011, at 15:36, "Owen DeLong" wrote: > > On Nov 15, 2011, at 2:57 AM, Leigh Porter wrote: > >> >> >> On 14 Nov 2011, at 18:52, "McCall, Gabriel" >> wrote: >> >>> Chuck, you're right that this should not happen- but the reason it should >>> not happen is because you have a prope

Re: Arguing against using public IP space

On Nov 15, 2011, at 7:54 AM, Joe Greco wrote: >> If you put a router where you needed a firewall, then, this is not a = >> failure of the firewall, but, a >> failure of the network implementor and the address space will not have = >> any impact whatsoever >> on your lack of security. > > And the

RE: Cell-based OOB management devices

We do this with at&t with a custom APN works great no need to VPN. If you want to use Sprint take a look at Sprint Data Link. You can use your IPs on the data cards. Cheers Ryan -Original Message- From: rche...@rochester.rr.com [mailto:rche...@rochester.rr.com] Sent: Tuesday, Novemb

Re: Minimum Allocation Size by RIRs (IPv4)

On Tue, Nov 15, 2011 at 12:56 PM, Fredy Kuenzler wrote: > I'm trying to compile a comprehensive and up-to-date list of Minimum > Allocation Sizes by the various RIRs. Any hint would be appreciated. I have > so far: NIRs (National Internet Registries) in the APNIC and LACNIC area need to be mapped

Re: Minimum Allocation Size by RIRs (IPv4)

On Tue, Nov 15, 2011 at 9:56 AM, Fredy Kuenzler wrote: > I'm trying to compile a comprehensive and up-to-date list of Minimum > Allocation Sizes by the various RIRs. Any hint would be appreciated. I have > so far: Hi Fredy, Due to the transfer processes which will sustain IPv4 as the regional fr

Re: Minimum Allocation Size by RIRs (IPv4)

Hello Fredy, Am 15.11.2011 15:56, schrieb Fredy Kuenzler: > I'm trying to compile a comprehensive and up-to-date list of Minimum > Allocation Sizes by the various RIRs. Any hint would be appreciated. I have so > far: > > ARIN: https://www.arin.net/knowledge/ip_blocks.html > > APNIC: > http://ww

Re: Arguing against using public IP space

> If you put a router where you needed a firewall, then, this is not a = > failure of the firewall, but, a > failure of the network implementor and the address space will not have = > any impact whatsoever > on your lack of security. And the difference between a router and a firewall is ...? Appa

Re: Ok; let's have the "Does DNAT contribute to Security" argument one more time...

Against my better judgment to get in the middle of this classic discussion, two points... One, many firewalls have fail-safe capabilities, in addition to fail-secure; even if they didn't it could be trivially programmed, or configured to do so in series, and as configuration is fairly arbitrary t

Re: Arguing against using public IP space

On Nov 15, 2011, at 2:57 AM, Leigh Porter wrote: > > > On 14 Nov 2011, at 18:52, "McCall, Gabriel" > wrote: > >> Chuck, you're right that this should not happen- but the reason it should >> not happen is because you have a properly functioning stateful firewall, not >> because you're using

Re: Arguing against using public IP space

I see your side Cameron. -Hammer- "I was a normal American nerd" -Jack Herer On 11/15/2011 09:20 AM, Cameron Byrne wrote: On Nov 15, 2011 7:09 AM, "-Hammer-" > wrote: > > Guys, >Everyone is complaining about whether a FW serves its purpose or not. Take a ste

Re: Arguing against using public IP space

On Nov 15, 2011 7:09 AM, "-Hammer-" wrote: > > Guys, >Everyone is complaining about whether a FW serves its purpose or not. Take a step back. Security is about layers. Router ACLs to filter whitenoise. FW ACLs to filter more. L7 (application) FWs to inspect HTTP payload. Patch management at th

Re: Ok; let's have the "Does DNAT contribute to Security" argument one more time...

There are some methods of security that NAT has a good use for. We use NAT to prevent reachibility. In other words, not only does an ACL have to allow traffic thru the FW, but a complimenting NAT rule has to allow the actual layer 3 reachibility. If not, even with the ACL, the routing path

Re: Arguing against using public IP space

Guys, Everyone is complaining about whether a FW serves its purpose or not. Take a step back. Security is about layers. Router ACLs to filter whitenoise. FW ACLs to filter more. L7 (application) FWs to inspect HTTP payload. Patch management at the OS and Application layer on the server. He

Re: Ok; let's have the "Does DNAT contribute to Security" argument one more time...

> > On the other hand, since a firewall's job is to stop packets you don't want, > if it stops doing it's just as a firewall, it's likely to keep on doing it's > other job: passing packets. It certainly depends on the fundamental design > of the firewall, which I can't speak to generally... but y

Re: Minimum Allocation Size by RIRs (IPv4)

On Tue, 15 Nov 2011, Fredy Kuenzler wrote: I'm trying to compile a comprehensive and up-to-date list of Minimum Allocation Sizes by the various RIRs. Any hint would be appreciated. I have so far: ARIN: https://www.arin.net/knowledge/ip_blocks.html APNIC: http://www.apnic.net/publications/r

Re: Arguing against using public IP space

On Tue, Nov 15, 2011 at 9:17 AM, wrote: > And this is totally overlooking the fact that the vast majority of *actual* > attacks these days are web-based drive-bys and similar things that most > firewalls are configured to pass through. Valdis, A firewall's job is to prevent the success of ACTIV

Minimum Allocation Size by RIRs (IPv4)

I'm trying to compile a comprehensive and up-to-date list of Minimum Allocation Sizes by the various RIRs. Any hint would be appreciated. I have so far: ARIN: https://www.arin.net/knowledge/ip_blocks.html APNIC: http://www.apnic.net/publications/research-and-insights/ip-address-trends/minimu

Re: Arguing against using public IP space

On Nov 14, 2011, at 11:32 AM, William Herrin wrote: > On Mon, Nov 14, 2011 at 1:50 PM, McCall, Gabriel > wrote: >> Chuck, you're right that this should not happen- but >> the reason it should not happen is because you have >> a properly functioning stateful firewall, not because >> you're using

RE: Arguing against using public IP space

-Original Message- From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] Sent: Tuesday, November 15, 2011 9:17 AM To: Leigh Porter Cc: nanog@nanog.org; McCall, Gabriel Subject: Re: Arguing against using public IP space > And this is totally overlooking the fact that the vast majo

Re: Arguing against using public IP space

On Tue, 15 Nov 2011 10:57:32 GMT, Leigh Porter said: > Well this is not quite true, is it.. If your firewall is not working and you > have private space internally then you are a lot better off then if you have > public space internally! So if your firewall is not working then having > private >

Re: Cell-based OOB management devices

A very flexible solution can be done with the Mikrotik family of routerssee this as an example for more details.. http://mum.mikrotik.com/presentations/BR09/3G_Applications.pdf Faisal On Nov 15, 2011, at 6:34 AM, wrote: > David, a Sprint aircard can be had with a static-ip, so that should

Re: Cell-based OOB management devices

David, a Sprint aircard can be had with a static-ip, so that should ease remote connectivity requirements. Or, you can opt for the Datalink (private VPN) service, which separates your aircard traffic from other customers within a VRF, obviating the need to run a separate VPN client. -RC

Re: Cell-based OOB management devices

David, a Sprint aircard can be had with a static-ip, so that should ease remote connectivity requirements. Or, you can opt for the Datalink (private VPN) service, which separates your aircard traffic from other customers within a VRF, obviating the need to run a separate VPN client. -RC

Re: Arguing against using public IP space

On 14 Nov 2011, at 18:52, "McCall, Gabriel" wrote: > Chuck, you're right that this should not happen- but the reason it should not > happen is because you have a properly functioning stateful firewall, not > because you're using NAT. If your firewall is working properly, then having > publi

Re: Foundry MRP cohabit with STP

Hi, You cannot enable MRP and STP on the same physical interface, but you can enable MRP on a specific interface and STP on another, the only issue is MRP and STP are using the CPU, so if you loose a hello packet you may have some network instability. Regards Fabien P.S je suis en France si

Foundry MRP cohabit with STP

Hi, We are deploying a network using MRP of Foundry (Metro Ring Protocol of Brocade now) and STP (in this case Rapid Spanning Tree Protocol-802.1W). The problem is that in some networking segment, we must enable both of protocols in the same interfaces and vlans for the correct function of ou