Re: site that shows overview of current cyber attacks

On 3/12/2013 3:40 PM, Scott Weeks wrote: I saw this over on the Vanuatu Internet Users Group and thought it might be interesting for some: http://www.sicherheitstacho.eu scott http://map.honeycloud.net/ as well

Re: Network mapping software

At 12:16 12/03/2013 -0700, Garrett Skjelstad wrote: I have seen NetBrain mentioned a few times here on this mailing list. Does anyone have any experience with it, and could they tell me some of the pros & cons that they had of their installations? Any limitations or pain points? Feel free to hit

Re: site that shows overview of current cyber attacks

Scott Weeks wrote: I saw this over on the Vanuatu Internet Users Group and thought it might be interesting for some: http://www.sicherheitstacho.eu scott And I still question the wisdom of connecting an air traffic control system or nuclear reactor to that mess. --Michael

Re: Network security on multiple levels (was Re: NYT covers China cyberthreat)

On 3/12/2013 4:16 PM, Warren Bailey wrote: Contractors with facility clearances? I would find it hard to believe dot gov would run secure circuits to a non secure facility. ;) The word "Contractor" is usually used to refer to anyone that has a contract to do work with the government. Having sp

Re: Network security on multiple levels (was Re: NYT covers China cyberthreat)

Contractors with facility clearances? I would find it hard to believe dot gov would run secure circuits to a non secure facility. ;) >From my Android phone on T-Mobile. The first nationwide 4G network. Original message From: Mike A Date: 03/12/2013 3:04 PM (GMT-08:00) To: n

Re: Network security on multiple levels (was Re: NYT covers China cyberthreat)

On Thu, Feb 21, 2013 at 04:41:42PM +, Warren Bailey wrote: > Not to mention, the KG units are dot government only.. For obvious reasons. Erm ... yesandno. Lots of defense contractors have one end of a secured circuit. Been there, installed-and-maintained them. -- Mike Andrews, W5EGO mi...@mi

Re: What do you have in your datacenters' toolbox?

Aaron Glenn wrote: <> I have a requirement to stock an actual, physical toolbox with power <> tools, drill bits, and other useful accoutrements one would use in a <> 'typical' datacenter. Can any one recommend brands/models of <> (preferably cordless) power tools they've used successfully? I'm pa

Re: traffic accounting

I guess if you are only counting bytes is possible to use firewall filters with counters? I guess it depends on how many match conditions vs lookup time are acceptable? Sent from some sort of iDevice. On 13/03/2013, at 2:18 AM, "Dobbins, Roland" wrote: > > On Mar 12, 2013, at 8:53 PM, Joe Ab

Re: What Should an Engineer Address when 'Selling' IPv6 to Executives?

On Mar 12, 2013, at 12:27 PM, William Herrin wrote: > On Tue, Mar 12, 2013 at 1:45 PM, Owen DeLong wrote: >> Once IPv6 is sufficiently ubiquitous (rough estimate, >> but say 900+ of the Alexa 1000 sites have IPv6 and ~95% >> of eyeball networks), you'll see a rapidly declining desire to >> pay

Re: What Should an Engineer Address when 'Selling' IPv6 to Executives?

On 03/12/2013 12:27 PM, William Herrin wrote: On Tue, Mar 12, 2013 at 1:45 PM, Owen DeLong wrote: Once IPv6 is sufficiently ubiquitous (rough estimate, but say 900+ of the Alexa 1000 sites have IPv6 and ~95% of eyeball networks), you'll see a rapidly declining desire to pay the increased cost o

Re: What Should an Engineer Address when 'Selling' IPv6 to Executives?

On Tue, Mar 12, 2013 at 1:45 PM, Owen DeLong wrote: > Once IPv6 is sufficiently ubiquitous (rough estimate, > but say 900+ of the Alexa 1000 sites have IPv6 and ~95% > of eyeball networks), you'll see a rapidly declining desire to > pay the increased cost of supporting IPv4. While that is surely

Re: Network mapping software

On 2013-03-12, at 3:16 PM, Garrett Skjelstad wrote: > I have seen NetBrain mentioned a few times here on this mailing list. Does > anyone have any experience with it, and could they tell me some of the pros > & cons that they had of their installations? > > Any limitations or pain points? Feel

Network mapping software

I have seen NetBrain mentioned a few times here on this mailing list. Does anyone have any experience with it, and could they tell me some of the pros & cons that they had of their installations? Any limitations or pain points? Feel free to hit me off list. -Garrett

Re: Network Configuration Management

On 2013-03-12, at 14:35, Jeffrey Negro wrote: > We use Rancid and have it run every hour against Juniper and Cisco gear. If > there's a change, we get an email, and all the revisions are automatically > saved in SVN. Attach WebSVN and you have a nice web viewer. You administer > the device

RE: Network Configuration Management

We use Rancid and have it run every hour against Juniper and Cisco gear. If there's a change, we get an email, and all the revisions are automatically saved in SVN. Attach WebSVN and you have a nice web viewer. You administer the devices as you normally would, but you'll have automatic versio

RE: Network Configuration Management

Just an FYI on "if you can tolerate their sales borg". If you request a quote and do not purchase, get ready for a borg attack of emails and calls. On topic: We're trying to survive with RANCID, which is great for pushing changes without any feedback... Last job we used Solarwinds NCM, and th

Re: Network Configuration Management

Hi Chip, AOL published some good looking open source software, it does not handle BGP at this moment, but it does other tasks like ACLs quite well. It's designed to be tightly integrated with your existing CMDB/RANCID, and it even takes timezones into account for pushing new configurations.

Re: Network Configuration Management

Solar winds ncm is great if you can tolerate their sales borg. >From my Android phone on T-Mobile. The first nationwide 4G network. Original message From: chip Date: 03/12/2013 11:09 AM (GMT-08:00) To: c...@2bithacker.net Cc: North American Network Operators Group Subject:

Re: Network Configuration Management

I've never found anything that hits all of my needs. The closest off the shelf thing I've ever found is the Network Control System from Tail-F ( http://www.tail-f.com/network-control-system/). We're using a custom built app that's been refined over the last decade and does a really nice job. It

Network Configuration Management

Just curious what people are using for network configuration manangement systems. I'm guessing most places have something built in-house, but before starting down that road I figured it would be a good idea to see if people have any off-the-shelf systems they like. Some features I'd like to have:

Re: What Should an Engineer Address when 'Selling' IPv6 to Executives?

Once IPv6 is sufficiently ubiquitous (rough estimate, but say 900+ of the Alexa 1000 sites have IPv6 and ~95% of eyeball networks), you'll see a rapidly declining desire to pay the increased cost of supporting IPv4. Combine that with the fact that as the internet continues to try and grow, the

Re: What Should an Engineer Address when 'Selling' IPv6 to Executives?

From: Owen DeLong >Dual stack is a (very) temporary solution while waiting for some others to >catch >up and deploy IPv6. Contemplating dual-stack as a permanent or long-term >solution ignores the extent to which IPv4 is utterly unsustainable at this >point. >Owen   Owen, when do you think IPv

Re: Bing/MSN/Microsoft contact

This might help: http://www.bing.com/webmaster/help/how-to-report-an-issue-with-bingbot-25c19802 How do I Report an Issue With Bingbot? Bingbot is the name of the crawler used by Bing to crawl or “spider” the web. It is Bingbot's job to find new and updated pages on websites across the Internet

Re: What Should an Engineer Address when 'Selling' IPv6 to Executives?

Dual stack is a (very) temporary solution while waiting for some others to catch up and deploy IPv6. Contemplating dual-stack as a permanent or long-term solution ignores the extent to which IPv4 is utterly unsustainable at this point. Owen On Mar 12, 2013, at 02:45 , kpospi...@bigpond.com wrote

Re: What do you have in your datacenters' toolbox?

On Tue, Mar 12, 2013 at 8:30 AM, Jay Ashworth wrote: > - Original Message - >> From: "Matt Taylor" > >> Also, last year on NANOG - similar (huge) thread: >> >> http://mailman.nanog.org/pipermail/nanog/2012-February/046106.html > > Ah, *there's* my thread. > > The head is here: > > http://

Re: Odd announcement from AS27048

On Mar 12, 2013, at 10:23 AM, Christopher Morrow wrote: > On Tue, Mar 12, 2013 at 9:55 AM, Alain Hebert wrote: >>Hi, >> >>On the 5th we notice that 27048 was announcing 2 of ours /24 >> >>812 3549 209 721 27064 27047 27047 27047 27048 >> > > maybe 721 doesn't have prefix AND

Bing/MSN/Microsoft contact

If possible, I need someone from Microsoft/Bing (a la the MSN and Bing crawler bots) to contact me off list. Several IPs going back to AS8075 (with the user agent MSN and "bingbot") are basically attacking several IPs on my network with hundreds of requests per second. Thanks, Blair

Re: traffic accounting

On Mar 12, 2013, at 8:53 PM, Joe Abley wrote: > Can you use cflow/jflow/ipfix exports with 1:1 sampling on an MX480 without > an MS-DPC? I'm not a Juniper person, so I'm not sure; note however that a) MS-DPC is necessary for NetFlow v9 (which is required for IPv6, for example), and b) sampled

Re: traffic accounting

On 3/12/2013 8:53 AM, Joe Abley wrote: Can you use cflow/jflow/ipfix exports with 1:1 sampling on an MX480 without an MS-DPC? Joe If you use MPC/trio with appropriate licensing, you might be able to hit 1:1 with ipfix. They were still working on IPv6 and other features when I looked a year a

Re: traffic accounting

On 3/12/13 10:18 AM, Christopher Morrow wrote: On Tue, Mar 12, 2013 at 9:53 AM, Joe Abley wrote: On 2013-03-12, at 09:30, "Dobbins, Roland" wrote: On Mar 12, 2013, at 8:25 PM, Joe Abley wrote: What are better approaches? Flow telemetry. Can you use cflow/jflow/ipfix exports with 1:1 samp

Re: traffic accounting

On 2013-03-12, at 10:32, valdis.kletni...@vt.edu wrote: > On Tue, 12 Mar 2013 09:25:29 -0400, Joe Abley said: > >> Imagine you have a number of GE and 10GE interfaces spread across multiple >> MX-class Juniper routers, and for each interface you want to maintain an >> accurate count of bytes sen

Re: traffic accounting

On Tue, 12 Mar 2013 09:25:29 -0400, Joe Abley said: > Imagine you have a number of GE and 10GE interfaces spread across multiple > MX-class Juniper routers, and for each interface you want to maintain an > accurate count of bytes sent, categorised by destination address. An important question tha

Re: Odd announcement from AS27048

On Tue, Mar 12, 2013 at 9:55 AM, Alain Hebert wrote: > Hi, > > On the 5th we notice that 27048 was announcing 2 of ours /24 > > 812 3549 209 721 27064 27047 27047 27047 27048 > maybe 721 doesn't have prefix AND as-path filters? (or 209 maybe?) or intentional filtering gone wrong

Re: traffic accounting

On Tue, Mar 12, 2013 at 9:53 AM, Joe Abley wrote: > > On 2013-03-12, at 09:30, "Dobbins, Roland" wrote: > >> On Mar 12, 2013, at 8:25 PM, Joe Abley wrote: >> >>> What are better approaches? >> >> Flow telemetry. > > Can you use cflow/jflow/ipfix exports with 1:1 sampling on an MX480 without > an

Re: What Should an Engineer Address when 'Selling' IPv6 to Executives?

I would be concerned in strongly spruiking advantages of IPv6 to executives if an IPv6 dual stack solution is actually being deployed. (ie. some given IPv6 SS advantages below do not apply to IPv6 DS) 1. Decreased application complexity: Because we will be a

Odd announcement from AS27048

Hi, On the 5th we notice that 27048 was announcing 2 of ours /24 812 3549 209 721 27064 27047 27047 27047 27048 It lasted about 9h but didn't impact anything due to its prepend and such... My inquiry is: . False positive? . Broken 16b <=> 32b ASN's?

Re: traffic accounting

On 2013-03-12, at 09:30, "Dobbins, Roland" wrote: > On Mar 12, 2013, at 8:25 PM, Joe Abley wrote: > >> What are better approaches? > > Flow telemetry. Can you use cflow/jflow/ipfix exports with 1:1 sampling on an MX480 without an MS-DPC? Joe

Re: traffic accounting

On Mar 12, 2013, at 8:25 PM, Joe Abley wrote: > What are better approaches? Flow telemetry. --- Roland Dobbins // Luck is the residue of opportunity and design.

traffic accounting

Hi all, Imagine you have a number of GE and 10GE interfaces spread across multiple MX-class Juniper routers, and for each interface you want to maintain an accurate count of bytes sent, categorised by destination address. There is no layer-2 aggregation going on beyond the router, so no opportu