Re: WEBCAST: Is Asia Pacific and China doing well on IPv6 Deployment? - just started

> > ** > >[image: isoc-hk] The Internet Society's Hong Kong > Chapter (ISOC HK ), continuing its pioneering series > of IPv6 events, will mark today June 6 2012 Global IPv6 Launch with a > seminar: 'Is Asia Pacific and China doing well on IPv6 > Deployment?

Re: IPv6 day and tunnels

>>> Bigger packets makes it rather circuit switching than packet >>> switching. The way to lose. >>> >>> Faster is the way to go. >> >> Why only fast when you can have both big *and* fast? > > Because bigger packets makes it rather circuit switching than > packet switching, which is the way to l

Re: IPv6 day and tunnels

On Jun 5, 2012, at 6:02 PM, Jimmy Hess wrote: > On 6/5/12, Owen DeLong wrote: >> This is a horrible misconfiguration of the devices on that link. >> If your MTU setting on your interface is larger than the smallest MTU >> of any L2 forwarder on the link, then, you have badly misconfigured > > N

Re: ROVER routing security - its not enumeration

On Tue, Jun 5, 2012 at 5:39 PM, Tony Tauber wrote: > Shane A. gave a Lightning Talk the slides for which will be posted at some > time soon. I figured the talk was shane's. > They came in at the last minute which is why they're not up already. > ok, cool. thanks -chris > Tony > > On Tue, Jun 5

Trouble viewing slides for Automated Configuration and Validation of a Large Scale Network

I am having trouble view the slides for this morning's presentation by Vijay Gill. It appears conversion from power point to a PDF cropped the slides. Can someone else try? Is there an email for reporting issues with the slides? Thanks. http://www.nanog.org/meetings/nanog55/presentations/Tu

Re: IPv6 day and tunnels

Templin, Fred L wrote: >> You can't carry a 65516B IPv6 packet in an IPv4 packet. > > No, but you can carry a ((2^32 - 1) - X) IPv6 packet in > an IPv6 packet. I'm afraid you wrote: >> General statement for IPv6-in-IPv4 tunneling, yes. But and >> What I am after is a tunnel MTU of infinity.

Re: Penetration Test Assistance

Tim, In the past I've used high level diagrams to illustrate the overall network topology with individual tabs (drill down) per data center or POP. The first step to assessing risk is to identify your assets. I'd suggest performing a discovery of your network. Keep in mind Pen tests are typi

Re: IPv6 day and tunnels

On 6/5/12, Owen DeLong wrote: > This is a horrible misconfiguration of the devices on that link. > If your MTU setting on your interface is larger than the smallest MTU > of any L2 forwarder on the link, then, you have badly misconfigured Not really; The network layer and L2 protocols should bo

RE: IPv6 day and tunnels

> -Original Message- > From: Masataka Ohta [mailto:mo...@necom830.hpcl.titech.ac.jp] > Sent: Tuesday, June 05, 2012 3:41 PM > To: Templin, Fred L > Cc: nanog@nanog.org > Subject: Re: IPv6 day and tunnels > > Templin, Fred L wrote: > > >> Infinity? You can't carry 65516B in an IPv4 packe

Re: IPv6 day and tunnels

On Jun 5, 2012, at 5:21 AM, Joe Maimon wrote: > > > Owen DeLong wrote: > >> >> But that's a whole lot more packets than working PMTU-D to get there and >> you're also waiting for all those round trips, not just the 4 timeouts. >> >> The round trips add up if you're dealing with a 100ms+ RTT.

Re: ipv6 book recommendations?

Apologies for the double post... Mistakenly hit send instead of cancel on the first one. Owen On Jun 5, 2012, at 3:32 PM, Owen DeLong wrote: > > On Jun 5, 2012, at 3:23 PM, William Herrin wrote: > >> On 6/5/12, Owen DeLong wrote: >>> On Jun 5, 2012, at 2:23 PM, William Herrin wrote: c.

Re: IPv6 day and tunnels

Templin, Fred L wrote: >> Infinity? You can't carry 65516B in an IPv4 packet. >2) For tunnels over IPv6, let infinity equal (2^32 - 1) You can't carry a 65516B IPv6 packet in an IPv4 packet. >> Instead, see the last two lines in second last slide of: >> >> http://meetings.apnic.net/__da

Re: ipv6 book recommendations?

On Tue, Jun 5, 2012 at 4:29 PM, Owen DeLong wrote: > > On Jun 5, 2012, at 3:15 PM, Chris Grundemann wrote: > >>> On Jun 5, 2012, at 2:23 PM, William Herrin wrote: >> 2. Subnetting in v6 in a nutshell: >> >> FWIW - There is a published BCOP on IPv6 subnetting: >> http://www.ipbcop.org/ratified

Re: ipv6 book recommendations?

Sure, but with the neighbor discovery cache issues that come up with > /64's under attack, why open yourself to trouble where you can't > realize any benefit? > I happen to be a fan of /126s, but if you chose to use a /64, presumably your infrastructure ACLs would provide protection against such a

Re: ipv6 book recommendations?

On Jun 5, 2012, at 3:23 PM, William Herrin wrote: > On 6/5/12, Owen DeLong wrote: >> On Jun 5, 2012, at 2:23 PM, William Herrin wrote: >>> c. If it's a point to point, a reasonable practice seems to be a /64 >>> per network area and around /124 per link. Works OK for ethernet point >>> to points

Re: ipv6 book recommendations?

On Jun 5, 2012, at 3:23 PM, William Herrin wrote: > On 6/5/12, Owen DeLong wrote: >> On Jun 5, 2012, at 2:23 PM, William Herrin wrote: >>> c. If it's a point to point, a reasonable practice seems to be a /64 >>> per network area and around /124 per link. Works OK for ethernet point >>> to points

Re: ipv6 book recommendations?

On Jun 5, 2012, at 3:15 PM, Chris Grundemann wrote: >> On Jun 5, 2012, at 2:23 PM, William Herrin wrote: > >>> 2. Subnetting in v6 in a nutshell: > > FWIW - There is a published BCOP on IPv6 subnetting: > http://www.ipbcop.org/ratified-bcops/bcop-ipv6-subnetting/ > Unfortunately, this BCOP re

Re: ipv6 book recommendations?

On 6/5/12, Owen DeLong wrote: > On Jun 5, 2012, at 2:23 PM, William Herrin wrote: >> c. If it's a point to point, a reasonable practice seems to be a /64 >> per network area and around /124 per link. Works OK for ethernet point >> to points too. > > /64 is perfectly reasonable per point to point a

Re: ipv6 book recommendations?

> On Jun 5, 2012, at 2:23 PM, William Herrin wrote: >> 2. Subnetting in v6 in a nutshell: FWIW - There is a published BCOP on IPv6 subnetting: http://www.ipbcop.org/ratified-bcops/bcop-ipv6-subnetting/ Cheers, ~Chris -- @ChrisGrundemann http://chrisgrundemann.com

Re: ipv6 book recommendations?

On Jun 5, 2012, at 2:23 PM, William Herrin wrote: > On 6/5/12, David Hubbard wrote: >> Does anyone have suggestions on good books to really get >> a thorough understanding of v6, subnetting, security practices, >> etc. Or a few books. Just turned up dual stack with our >> peers and a test netw

RE: IPv6 day and tunnels

> -Original Message- > From: Masataka Ohta [mailto:mo...@necom830.hpcl.titech.ac.jp] > Sent: Tuesday, June 05, 2012 2:44 PM > To: Templin, Fred L; nanog@nanog.org > Subject: Re: IPv6 day and tunnels > > Templin, Fred L wrote: > > > General statement for IPv6-in-IPv4 tunneling, yes. But >

Re: IPv6 day and tunnels

Templin, Fred L wrote: > General statement for IPv6-in-IPv4 tunneling, yes. But > inner fragmentation applies equally for *-in-* tunneling. > >> Even though you assume tunnel MTU 1500B > > What I am after is a tunnel MTU of infinity. 1500 is > the minimum packet size that MUST get through. 1501+

Re: ROVER routing security - its not enumeration

Shane A. gave a Lightning Talk the slides for which will be posted at some time soon. They came in at the last minute which is why they're not up already. Tony On Tue, Jun 5, 2012 at 3:28 PM, Christopher Morrow wrote: > On Tue, Jun 5, 2012 at 2:42 PM, Daniel Massey > wrote: > > > > ROVER is not

Re: ROVER routing security - its not enumeration

> putting origin-validation data into IRR's happens today, it's not > 'secured' in any fashion, and lots of proof has shown that 'people > fill it with junk' :( So being able to bounce the IRR data off some > verifiable source of truth seems like a plus. so i should use the sow's ear as the author

Re: ROVER routing security - its not enumeration

On Tue, Jun 5, 2012 at 5:00 PM, Randy Bush wrote: > routing protection without enumeration. I can see a use-case for something like:   "Build me a prefix list from the RIR data" >>> this requires a full data fetch, not doable in dns. >> does it? shane implied (and it doesn't seem UNR

Re: ipv6 book recommendations?

On 6/5/12, David Hubbard wrote: > Does anyone have suggestions on good books to really get > a thorough understanding of v6, subnetting, security practices, > etc. Or a few books. Just turned up dual stack with our > peers and a test network but I'd like to be a lot more > comfortable with it be

Re: New routing systems (Was: IPv6 day and tunnels)

On 2012-06-05 11:44, Owen DeLong wrote: [..] > LISP et. al requires a rather complicated deployment and would be even > more complex to troubleshoot when it fails. > > What I am proposing could, literally, be deployed with the existing system > still running as it does. The difference would be tha

Re: ROVER routing security - its not enumeration

routing protection without enumeration. >>> I can see a use-case for something like: >>>   "Build me a prefix list from the RIR data" >> this requires a full data fetch, not doable in dns. > does it? shane implied (and it doesn't seem UNREASONABLE, modulo some > 'doing lots of spare queries')

Re: ipv6 book recommendations?

And you get a t-shirt at the end! That was enough motivation for me, anyway :) -- Adam Kennedy Network Engineer Omnicity, Inc. From: Owen DeLong mailto:o...@delong.com>> To: isabel dias mailto:isabeldi...@yahoo.com>> Cc: "nanog@nanog.org" mailto:nanog@nanog.org>> Subject:

Re: ATT DSL IPv6

After talking with someone else, i am guessing that your Toredo statement is correct. However, i don't know why that would have stopped working as it works fine when i am at school on TWTC circuit. I do not have a Cisco gateway however, i have been looking into switching to one that i have layin

Re: Penetration Test Assistance

On Jun 5, 2012, at 11:34 AM, Darden, Patrick S. wrote: > > I'm with Barry--a network diagram showing everything from the pov of the pen > team should be part of the end report. Maybe, maybe not. It all depends on the scope of the engagement. I've had customers ask for very specific pen test o

Re: Penetration Test Assistance

On 12-06-05 03:48 PM, Brett Watson wrote: On Jun 5, 2012, at 9:52 AM, Peter Kristolaitis wrote: As far as horror stories... yeah. My most memorable experience was a guy (with a CISSP designation, working for a company who came highly recommended) who: - Spent a day trying to get his Ba

Re: Penetration Test Assistance

You should have a look at the Pentest Standards page, it was created by some very skilled Pen Testers how are trying to create a minimum standard for all tests and reporting. http://www.pentest-standard.org/index.php/Main_Page Also you should just have to give them your external net-block allocat

RE: IPv6 day and tunnels

> -Original Message- > From: Masataka Ohta [mailto:mo...@necom830.hpcl.titech.ac.jp] > Sent: Tuesday, June 05, 2012 12:42 PM > To: Templin, Fred L > Cc: nanog@nanog.org > Subject: Re: IPv6 day and tunnels > > Templin, Fred L wrote: > > > I am making a general statement that applies to all

Re: Drupal-GEO maping

The overall goal is to look similar to this but inside Drupal. ( http://wildkatzenwegeplan.geops.de/) But thanks everyone for for your input. On 12-06-05 04:36 PM, Richard Barnes wrote: http://lmgtfy.com/?q=drupal+geo+ip http://lmgtfy.com/?q=joomla+geo+ip On Tue, Jun 5, 2012 at 3:19 PM, Anur

Re: Penetration Test Assistance

On Jun 5, 2012, at 9:52 AM, Peter Kristolaitis wrote: > > As far as horror stories... yeah. My most memorable experience was a guy > (with a CISSP designation, working for a company who came highly recommended) > who: >- Spent a day trying to get his Backtrack CD to "work properly". Whe

Re: ROVER routing security - its not enumeration

On Tue, Jun 5, 2012 at 3:40 PM, Randy Bush wrote: >>> There are number of operational models that provide the needed >>> routing protection without enumeration. >> I can see a use-case for something like: >>   "Build me a prefix list from the RIR data" > > this requires a full data fetch, not doab

Re: IPv6 day and tunnels

Templin, Fred L wrote: > I am making a general statement that applies to all tunnels > everywhere. General statement? Even though you assume tunnel MTU 1500B and tunnel overhead 20B? > For those, specs say that all that is required > for MRU is 1500 and not 1500+20. That is a requirement for h

Re: Drupal-GEO maping

Hello, Generic Mapping Tools http://gmt.soest.hawaii.edu/ PostGIS http://postgis.refractions.net/ Eduardo.- Quoting James Smith : Hello, I am looking for advise on mapping data in Drupal. We are building a Portal using the Drupal core. i am looking for a way to be able to map ip addresses t

Re: ROVER routing security - its not enumeration

>> There are number of operational models that provide the needed >> routing protection without enumeration. > I can see a use-case for something like: > "Build me a prefix list from the RIR data" this requires a full data fetch, not doable in dns. and, at the other end of the spectrum, for any

Re: Drupal-GEO maping

Hi Anrag, FYI:Depending on the type of information you running joomla is not always safest bet. But I do know Drupal works well for data maping. On 12-06-05 04:36 PM, Richard Barnes wrote: http://lmgtfy.com/?q=drupal+geo+ip http://lmgtfy.com/?q=joomla+geo+ip On Tue, Jun 5, 2012 at 3:19 P

Re: rpki vs. secure dns?

On Mon, 28 May 2012, David Conrad wrote: As far as I can tell, ROVER is simply Yet Another RPKI Access Method like rsync and bittorrent with its own positives and negatives. Not quite. ROVER's SRO & RLOCK statements have different semantics than RPKI ROAs, and there are semantics that may no

Re: Drupal-GEO maping

http://lmgtfy.com/?q=drupal+geo+ip http://lmgtfy.com/?q=joomla+geo+ip On Tue, Jun 5, 2012 at 3:19 PM, Anurag Bhatia wrote: > Hi James > > > Nice question. I am interested if someone can suggest some similar > extension or some code to integrate it within Joomla too. > > > > Thanks. > > On Wed, Ju

Re: ROVER routing security - its not enumeration

On Tue, Jun 5, 2012 at 2:42 PM, Daniel Massey wrote: > did not need such an enumeration.     Enumeration is not a goal in itself. > There are number of operational models that provide the needed routing > protection > without enumeration. which are? I can see a use-case for something like: "

Re: ROVER routing security - its not enumeration

One correction below. On Jun 5, 2012, at 12:42 PM, Daniel Massey wrote: [--snip--] > I think the first step is to step back and ask whether every operational > model needs > enumeration. For example, the talk yesterday by Level3 used the DNS and > IRR > did not need such an enumeration. T

Re: IPv6 day and tunnels

On Jun 5, 2012, at 10:15 AM, Jimmy Hess wrote: > On 6/5/12, Owen DeLong wrote: > [snip] >> But that's a whole lot more packets than working PMTU-D to get there and >> you're also waiting for all those round trips, not just the 4 timeouts. >> The round trips add up if you're dealing with a 100ms+

Re: Drupal-GEO maping

Hi James Nice question. I am interested if someone can suggest some similar extension or some code to integrate it within Joomla too. Thanks. On Wed, Jun 6, 2012 at 12:42 AM, James Smith wrote: > Hello, > > I am looking for advise on mapping data in Drupal. > We are building a Portal using t

Drupal-GEO maping

Hello, I am looking for advise on mapping data in Drupal. We are building a Portal using the Drupal core. i am looking for a way to be able to map ip addresses to countries etc. Is anyone aware of any modules available that could accomplish this task. -- Sincerely; James Smith CEO, CEH, Se

RE: IPv6 day and tunnels

> -Original Message- > From: Masataka Ohta [mailto:mo...@necom830.hpcl.titech.ac.jp] > Sent: Tuesday, June 05, 2012 11:36 AM > To: Templin, Fred L; nanog@nanog.org > Subject: Re: IPv6 day and tunnels > > Templin, Fred L wrote: > > >> You don't have to do it with core routers. > > > > Tunn

Re: ipv6 book recommendations?

Shameless plug: Certification wise, the IPv6 Sage certification at Hurricane Electric (http://www.tunnelbroker.net) uses a practical step-by-step approach where you actually have to deploy IPv6 and make it work to progress through the steps. Owen On Jun 5, 2012, at 10:07 AM, isabel dias wrote

Re: New routing systems (Was: IPv6 day and tunnels)

On Jun 5, 2012, at 7:44 AM, Jeroen Massar wrote: > On 2012-06-04 23:06, Owen DeLong wrote: >> >> On Jun 4, 2012, at 6:11 PM, Jeroen Massar wrote: >> >>> On 2012-06-04 17:57, Owen DeLong wrote: [..] If you're going to redesign the header, I'd be much more interested in having 32 bits f

ROVER routing security - its not enumeration

Hi, Just wanted to clarify a few things about the ROVER approach. One key misunderstanding seems to be that ROVER is an approach for enumerating all potentially valid routes. This is not the case. Slides on ROVER are posted for the NANOG 55 talk and there was an additional Lightning talk

Re: Penetration Test Assistance

The bit of information that's missing here is what are you trying to pentest, and by extension how much do you want to pay your pentest firm? For some folks a pentest means starting with zero information and trying to get IP packets passed a firewall or IDS's undetected. Basically pentesting laye

Re: IPv6 day and tunnels

Templin, Fred L wrote: >> You don't have to do it with core routers. > > Tunnel endpoints can be located either nearer the edges > or nearer the middle. Tunnel endpoints that are located > nearer the edges might be able to do reassembly at nominal > data rates, but there is no assurance of a maxi

Re: Penetration Test Assistance

There are lots of reasons why a pentester would want a network diagram. The foremost being a point to which they can say, these are the networks that I was given as a point of reference to pentest. This is often a CYA policy for when people start complaining about the scanning that is going t

RE: Penetration Test Assistance

I'm with Barry--a network diagram showing everything from the pov of the pen team should be part of the end report. --p -Original Message- From: Barry Greene [mailto:bgre...@senki.org] Hi Tim, A _good_ pen test team would not need a network diagram. Their first round of penetration t

RE: Penetration Test Assistance

Seriously. --p -Original Message- From: Aled Morris [mailto:al...@qix.co.uk] I'd treat this as the first of their pen tests - a social engineering attack to obtain secret information about the network, and refuse. Aled

Re: Penetration Test Assistance

Hi Tim, A _good_ pen test team would not need a network diagram. Their first round of penetration test would have them build their own network diagram from their analysis of your network. Barry On Jun 5, 2012, at 7:52 AM, Green, Timothy wrote: > Howdy all, > > I'm a Security Manager of a l

Re: Penetration Test Assistance

On Jun 5, 2012, at 12:52 PM, Peter Kristolaitis wrote: > In general, my experience with most "pen testers" is a severe disappointment, > and isn't anything that couldn't be done in-house by taking the person in > your department who has the most ingrained hacker/geek personality, giving > them

Re: Penetration Test Assistance

On 5 June 2012 15:52, Green, Timothy wrote: > Howdy all, > > I'm a Security Manager of a large network, we are conducting a Pentest > next month and the testers are demanding a complete network diagram of the > entire network. > > I'd treat this as the first of their pen tests - a social engineer

Fwd: [arin-announce] IPv4 Countdown Plan Update

NANOG Folks - Apologies for cross-posting, but this is very important information for all organizations about how requests for IPv4 address space will be handled as we approach runout in this region. FYI (& Thanks!) /John John Curran President and CEO ARIN Begin forwarded message: From: ARIN

RE: IPv6 day and tunnels

> -Original Message- > From: Masataka Ohta [mailto:mo...@necom830.hpcl.titech.ac.jp] > Sent: Tuesday, June 05, 2012 9:37 AM > To: Templin, Fred L > Cc: nanog@nanog.org > Subject: Re: IPv6 day and tunnels > > Templin, Fred L wrote: > > >> Have egresses with proper performance. That's the p

Re: IPv6 day and tunnels

On 6/5/12, Owen DeLong wrote: [snip] > But that's a whole lot more packets than working PMTU-D to get there and > you're also waiting for all those round trips, not just the 4 timeouts. > The round trips add up if you're dealing with a 100ms+ RTT. 22 RTTs at > 100ms is 2.2 seconds. That's a long t

Re: Penetration Test Assistance

On 6/5/12, Green, Timothy wrote: > I'm a Security Manager of a large network, we are conducting a Pentest next > month and the testers are demanding a complete network diagram of the entire > network. We don't have a "complete" network diagram that shows everything > and everywhere we are. At mo

Re: ipv6 book recommendations?

http://long.ccaba.upc.es/long/070Related_Activities/020Documents/IPv6_An_Internet_Revolution.pdf     worth going through certification From: Seth Mos To: nanog@nanog.org Sent: Tuesday, June 5, 2012 3:45 PM Subject: Re: ipv6 book recommendations

Re: Penetration Test Assistance

On 12-06-05 11:32 AM, Andrew Latham wrote: On Tue, Jun 5, 2012 at 10:52 AM, Green, Timothy wrote: Howdy all, I'm a Security Manager of a large network, we are conducting a Pentest next month and the testers are demanding a complete network diagram of the entire network. We don't have a "

Re: ipv6 book recommendations?

On Tue, Jun 5, 2012 at 7:29 AM, David Hubbard wrote: > Does anyone have suggestions on good books to really get > a thorough understanding of v6, subnetting, security practices, > etc.  Or a few books.  Just turned up dual stack with our > peers and a test network but I'd like to be a lot more > c

Re: IPv6 day and tunnels

Templin, Fred L wrote: >> The proper solution is to have a field in IPv7 header to >> measure PMTU. It can be a 8 bit field, if fragment granularity >> is 256B. > We tried that for IPv4 and it didn't work very well [RFC1063]. IP option is a bad idea, which is partly why IPv6 sucks.

RE: Penetration Test Assistance

Not discounting the need for network diagrams, there are also differing approaches to pen testing. One alternative is a sort of black-box approach where the pen testers are given little or no advanced knowledge of the network. It is up to them to 'discover' what they can through open source mea

Re: IPv6 day and tunnels

Templin, Fred L wrote: >> Have egresses with proper performance. That's the proper >> operation. > How many core routers would be happy to reassemble at > line rates without a forklift upgrade and/or strong > administrative tuning? You don't have to do it with core routers. >>> End systems are

Re: Penetration Test Assistance

It's not much of a penetration test, imho, if the "attackers" have detailed knowledge of your network and systems before the attack. You should determine what kind of a scenario you are trying to simulate, and how the results will be used to improve security. Is this a "black box" situation, wher

IPv6 Facebook

Hello, Somewhere from GlobalCrossing/Level3 here to contact me off list? Here from Brazil we are going thru Europe to reach the Facebook on USA. # mtr -c 100 -wr www.facebook.com HOST: border02.scr Loss% Snt Last Avg Best Wrst StDev 1.|-- 2.|-- 3.|-- 2

Re: Penetration Test Assistance

On 6/5/12 07:52 , Green, Timothy wrote: > Howdy all, > > I'm a Security Manager of a large network, we are conducting a > Pentest next month and the testers are demanding a complete network > diagram of the entire network. We don't have a "complete" network > diagram that shows everything and eve

Re: Our first inbound email via IPv6 (was spam!)

On 6/5/2012 7:42 AM, Seth Mos wrote: Op 5-6-2012 16:10, Livingood, Jason schreef: In preparation for the World IPv6 Launch, inbound (SMTP) email to the comcast.net domain was IPv6-enabled today, June 5, 2012, at 9:34 UTC. Roughly one minute later, at 9:35:30 UTC we received our first inbound e

Re: Penetration Test Assistance

A complete diagram makes their life easier, may make for a more complete test, but they are working for you, so if you don't have it, you don't have. I'm not a big fan of having a single diagram with everything laid out anyway, but I'm from the old shcool. -jim On Tue, Jun 5, 2012 at 11:52 AM,

Re: Penetration Test Assistance

On Tue, 5 Jun 2012, Green, Timothy wrote: I'm a Security Manager of a large network, we are conducting a Pentest next month and the testers are demanding a complete network diagram of the entire network. We don't have a "complete" network diagram that shows everything and everywhere we are.

Re: Penetration Test Assistance

On Tue, Jun 5, 2012 at 10:52 AM, Green, Timothy wrote: > Howdy all, > > I'm a Security Manager of a large network, we are conducting a Pentest next > month and the testers are demanding a complete network diagram of the entire > network.  We don't have a "complete" network diagram that shows eve

Re: Our first inbound email via IPv6 (was spam!)

On Tuesday, June 5, 2012 at 3:42 PM, Seth Mos wrote: > Op 5-6-2012 16:10, Livingood, Jason schreef: > > I enabled v6 for my email before my website since the impact if it > didn't work on the 1st try was almost nil. > > Still waiting for the 1st Country to top Romania' 6% deployment. I'm > sure

RE: IPv6 day and tunnels

> -Original Message- > From: Mark Andrews [mailto:ma...@isc.org] > Sent: Tuesday, June 05, 2012 7:55 AM > To: Templin, Fred L > Cc: Owen DeLong; Jimmy Hess; nanog@nanog.org > Subject: Re: IPv6 day and tunnels > > > In message 01V.nw.nos.boeing > .com>, "Templin, Fred L" writes: > > A q

Penetration Test Assistance

Howdy all, I'm a Security Manager of a large network, we are conducting a Pentest next month and the testers are demanding a complete network diagram of the entire network. We don't have a "complete" network diagram that shows everything and everywhere we are. At most we have a bunch of netwo

RE: IPv6 day and tunnels

> The proper solution is to have a field in IPv7 header to > measure PMTU. It can be a 8 bit field, if fragment granularity > is 256B. We tried that for IPv4 and it didn't work very well [RFC1063]. You are welcome to try again in IPv7 when we have a green field. Fred fred.l.temp...@boeing.com

Re: IPv6 day and tunnels

In message , "Templin, Fred L" writes: > A quick comment on probes. Making the tunnel ingress probe > is tempting but fraught with difficulties; believe me, I > have tried. So, having the tunnel ingress fragment when > necessary in conjunction with the original source probing > is the way forward,

Re: Our first inbound email via IPv6 (was spam!)

On 6/5/12 10:33 AM, "Jeroen Massar" wrote: >Though it can work, it used to be a really bad idea as there where a >couple of SMTP systems (Communigate Pro being one of them I recall) >which just failed when not seeing an "A" on an MX, this as they did not >understand IPv6... > >There is bound to

RE: IPv6 day and tunnels

> -Original Message- > From: Masataka Ohta [mailto:mo...@necom830.hpcl.titech.ac.jp] > Sent: Monday, June 04, 2012 4:40 PM > To: Templin, Fred L; nanog@nanog.org > Subject: Re: IPv6 day and tunnels > > Templin, Fred L wrote: > > > I'm not sure that a randomly-chosen "skip" value is even >

Re: Our first inbound email via IPv6 (was spam!)

Hi! Seth, In the past several hours we have of course seen other messages from a range of hosts, many of which were legitimate email ­ so it wasn't just spam! ;-) Since the Internet is of course more than just the web, we encourage others to start making non-HTTP services available via IPv6 as

Re: Our first inbound email via IPv6 (was spam!)

On 6/5/12 10:22 AM, "Raymond Dijkxhoorn" wrote: >You specificly tell 'inbound' ... by that you mean the MX record was >added. But just to be sure. Comcast is also sending out over IPv6 now >right? And if so, what protocol is preferred by default? Outgoing mail >over IPv4 or over IPv6? Outbound S

New routing systems (Was: IPv6 day and tunnels)

On 2012-06-04 23:06, Owen DeLong wrote: > > On Jun 4, 2012, at 6:11 PM, Jeroen Massar wrote: > >> On 2012-06-04 17:57, Owen DeLong wrote: [..] >>> If you're going to redesign the header, I'd be much more >>> interested in having 32 bits for the destination ASN so that IDR >>> can ignore IP prefix

Re: ipv6 book recommendations?

I believe that Silvia Hagan's book [1] is still the primary reference available, but there are others reviewed here: http://getipv6.info/index.php/Book_Reviews. Cheers, ~Chris PS - Shameless plug: If you're running Juniper, I wrote two books for them that you can get for free [2][3]. And I have a

Re: ipv6 book recommendations?

Op 5-6-2012 16:29, David Hubbard schreef: Does anyone have suggestions on good books to really get a thorough understanding of v6, subnetting, security practices, etc. Or a few books. Just turned up dual stack with our peers and a test network but I'd like to be a lot more comfortable with it b

Re: Our first inbound email via IPv6 (was spam!)

Op 5-6-2012 16:10, Livingood, Jason schreef: In preparation for the World IPv6 Launch, inbound (SMTP) email to the comcast.net domain was IPv6-enabled today, June 5, 2012, at 9:34 UTC. Roughly one minute later, at 9:35:30 UTC we received our first inbound email over IPv6 from 2001:4ba0:fff4:1c:

RE: IPv6 day and tunnels

A quick comment on probes. Making the tunnel ingress probe is tempting but fraught with difficulties; believe me, I have tried. So, having the tunnel ingress fragment when necessary in conjunction with the original source probing is the way forward, and we should advocate both approaches. RFC4821

Re: ipv6 book recommendations?

On Jun 5, 2012, at 9:29 PM, David Hubbard wrote: > security practices --- Roland Dobbins // <

Re: Our first inbound email via IPv6 (was spam!)

On 2012-06-05 07:29, Raymond Dijkxhoorn wrote: [..] > ;; ANSWER SECTION: > comcast.net.358 IN MX 5 mx3.comcast.net. > comcast.net.358 IN MX 10 mx1.comcast.net. > comcast.net.358 IN MX 5 mx2.comcast.net. > > ;; ADDITIONAL

ipv6 book recommendations?

Does anyone have suggestions on good books to really get a thorough understanding of v6, subnetting, security practices, etc. Or a few books. Just turned up dual stack with our peers and a test network but I'd like to be a lot more comfortable with it before looking at our customer network. Than

Re: Our first inbound email via IPv6 (was spam!)

Hi! In preparation for the World IPv6 Launch, inbound (SMTP) email to the comcast.net domain was IPv6-enabled today, June 5, 2012, at 9:34 UTC. Roughly one minute later, at 9:35:30 UTC we received our first inbound email over IPv6 from 2001:4ba0:fff4:1c::2. That first bit of mail was spam, and w

Re: Our first inbound email via IPv6 (was spam!)

Jason, In preparation for the World IPv6 Launch, inbound (SMTP) email to the comcast.net domain was IPv6-enabled today, June 5, 2012, at 9:34 UTC. Roughly one minute later, at 9:35:30 UTC we received our first inbound email over IPv6 from 2001:4ba0:fff4:1c::2. That first bit of mail was spam, an

Our first inbound email via IPv6 (was spam!)

In preparation for the World IPv6 Launch, inbound (SMTP) email to the comcast.net domain was IPv6-enabled today, June 5, 2012, at 9:34 UTC. Roughly one minute later, at 9:35:30 UTC we received our first inbound email over IPv6 from 2001:4ba0:fff4:1c::2. That first bit of mail was spam, and was cau

Re: ATT DSL IPv6

Probably, you were using Teredo or some other method to use IPv6. BTW if you have a Cisco gateway I have a blog post on how to set up a dynamic tunnel with HE. While native IPv6 would be best, the tunnel should work for you as I also have Bellsouth/AT&T DSL. http://www.brianraaen.com/2011/10/21/d

Re: IPv6 day and tunnels

Owen DeLong wrote: But that's a whole lot more packets than working PMTU-D to get there and you're also waiting for all those round trips, not just the 4 timeouts. The round trips add up if you're dealing with a 100ms+ RTT. 22 RTTs at 100ms is 2.2 seconds. That's a long time to go without fi

Re: NOC presentations

On 2012-06-04 12.46, Stefan Liström wrote: Hi all, In TF-NOC we have been collecting information about NOCs for some time now[1]. Most of the NOCs are from research and educational organizations and we think it would also be very interesting to get the same kind of information from commercial NO

  1   2   >