Hi,
> OpenGear all the way. Models for every need.
+1 OpenGear all the time - just ensure you are patching/manageing them(!)
alan
Hi,
really not the right place for this...
however, its pretty well documented elsewhere, eg
https://www.reddit.com/r/PS4/comments/5drvcc/an_update_on_psn_download_speeds/
alan
Hi,
as others have said, need to engage with one of their other units to get this
sorted
out - as a network provider, their customers are relying on YOU to access their
service, PSN should
care.
technically, you could start looking at netflows to the PSN and see if anyone
is engaged in DDoS
v
Hi,
whilst we're posting YouTube clips. maybe they'd have been better off
keeping
a copy of the Internet
https://www.youtube.com/watch?v=iDbyYGrswtg
;-)
alan
Hi,
> https://www.youtube.com/watch?v=NITBfc1EOBo#t=27s
"This video contains content from B_Viacom, who has blocked it in your country
on copyright grounds."
I love YouTube and copyright regional laws :/
alan
Hi,
> I was working within the limits of what I had available.
Google offer several trouble shooting tools for their service too,
you might want to look at their toolbox eg
https://toolbox.googleapps.com/apps/messageheader/
(part of their 'why is my email slow to deliver?' process)
alan
Hi,
> administrator reaching out to peers for assistance with a particular
> problem that is clearly network related is inappropriate for a network
clearly network related? people have an interesting expectation of email -
expecting instant delivery. you might check their level of expectation
Hi,
> Since this morning Speedtest.net is not accessible in Chrome
> Reason:
> https://www.google.com/transparencyreport/safebrowsing/diagnostic/#url=c.speedtest.net
someones complained about the URL based on them stupidly installing
'cleanmymac' or such?
use the non flash junk HTML5 version in
Hi,
> Leap second handling code is not well-tested and is an ultimate corner
> case. There's been debate about abolishing leap seconds; with all the
well, we've gone through a few of these now...so if it was all okay before
its likely to be again... exception: any NEW code that
you are running s
Hi,
> This is pretty O/T for this list, isn't it?
not if he's using his routers ASICs to do it! ;-)
(or maybe its related to the bitcoin network traffic volumes...but
thats too logical...)
alan
Hi,
> Right. But how long is it going to take to secure the Palo Alto firewall?
around 5 minutes?
recover password, restart, log in, fix rules.
https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Reset-the-Administrator-Password/ta-p/57581
obviously the firewall is also blocking
Hi,
> > The Palo-Alto's also don't support anything but NAT64,
>
> They don't support proper dual-stack?? Or NAT64 is the only NAT flavor
of course they support native IPv6 ...or IPv4 with IPv6 in dual-stack.
i believe the comment was related to the 6/4 xlat stuff - ie just NAT64 and not
464X
Hi,
I would go through the password recovery options on the PaloAlto.
as a next gen firewall you need to ensure you are getting all the latets
rulesets
and detection code through - check your subscription with them
once you've sorted out access you can look at the policies and ensure that
the
Hi,
well, you an say one thing - the talk got a lot of conversation going - most
of it useful
and positive and informational.isnt that the sign of a good talk? ;-)
seriously, this thread has been very active/alive based on the initial trigger
of his talk.
as for the talk itselfevery
Hi,
> > Looking for options on converting a large amount of Fortinet rules to
> > Checkpoint. Ultimately converting the entire configuration to Checkpoint
> > would be nice.
theres a post online asking the same question back in early 2010 with no
responses...
there are also a lost of tools tha
Hi,
> The problem is IPv6-enabled customers complaints see captcha, and Google
> NOC refuses to help solve it saying like find out some of your customer
> violating some of our policy. As you can imagine, this is not possible.
your customers are getting addresses when looking up google addres
Hi,
I'm not sure I'm keen on a colour standard - especially given our recent
difficulties
sourcing cabling to our spec in certain colours...or lengths!however, what
we do - and others
do based on this thread - is have our own internal colour scheme for
purposes/systems/customers.
fibre is
Hi,
> Fortunately the two groups came together in the IEEE, and there are no
> competing standards.
right! so why do both keep updating their own marketing and web pages each
month? ;-)
thanks for the info though - our future world isnt messed up for multigig
> - Optional Energy Efficient Eth
Hi,
> I've a couple 10 port Cisco switches that support 2.5 and 5gbps over cat5e,
> just wondering if there are any other vendors out there with offerings that
> support these newer ethernet speeds. Supporting cat5e for these multi-gig
> speeds is a real boon in many circumstances given the wide
Hi,
> I'm wondering when we reach another significant milestone - 50% :-)
half of us will celebrate, the other half will cry ;-)
alan
Hi,
> > > persuading people to move to IPv6. Especially when everyone
> > > already understands DHCP in the v4 world.
> > enterprise) and once they stop thinking "I want to do everything
> > in IPv6 in exactly the same way as I have always done in IPv4"
exactly.
as my thoughts often gather at
Hi,
> > Should we blame Juniper for letting a git repository open to
> > "unauthorized code" or should we congratulate them for their frankness
> > (few corporations would have admitted the problem)?
'un-authorized' - not authorized.
this could be code/idea by some/one engineer for eg debugging
hi
okay...so lots of gig connections with 10g interconnects etc - have you
actually done network
analysis/flows of the events in the past to see what you actually require to
run the event?
what sort of stuff are they doing - multiplayer PvP stuff or are they shipping
images/ISOs across to eac
Hi,
> F5 Silverline, Arbor Networks, Incapsula, to name a few can do ddos
> protection. Don't pay up, use ddos protection.
you know how many ponder whether AV companies write some of the viruses
;-)
alan
hi,
...and SamKnows?
alan
Hi,
> About RIPE ATLAS, I already have one of their boxes and it never worked.
> Simply doesn't appear as online. Their support just barely gave me some
> tips but with no meaningful result. I need something reliable and I'm
> willing to pay for this service. RIPE Atlas falls in the category of 'b
Hi,
> Just a heads up, even the latest CentOS 7 package has the wrong IPv4 and v6
> address.
whilst the new H-ROOT is alive now, the official switch-over date is 1st
December 2015
and the old address will be available for 6 months after thatso if any BIND
package
comes out AFTER 1st Decembe
Hi,
> BTW, the proposed law, being done by lawyers, will have the list of
you say law but this idea of blocking all competitors to the states
lotto sounds very unlawful and anti-competitive - yes, I can
understand states or countries blocking ALL gambling , thats a simple
'we dont allow it h
Hi,
> not even close to more discussing than from the original spam. Not even
> close.
data volume wise, the discussion of spam is easily beating the volume of spam
(which some people had issue with) as the SPAM emails were very small with just
a
URL - the discusions about it is now spread int
Hi,
> The differences between the two protocols are so small, that people
> really grasp at straws when 'proving' that one is better over the
> other. 'IS-IS doesn't work over IP, so its more secure'. 'IS-IS uses
> TLVs so new features are quicker to implement'. While these may be
> vaguely valid
Hi,
> Sure, would be fun to try DHCPv6. Last time when I checked only OS X was
> supporting it with limited sense.
Windows..
alan
Hi,
> Android does not have a complete IPv6 implementation and should not be IPv6
> enabled. Please do your part and complain to Google that Android does not
> support DHCPv6 for address assignment.
no different to other devices historically it can get IPv6 connectivity via
SLAAC and then rel
Hi,
> IPv6 traffic roughly doubled in my view of the internet in the past ~2 weeks
> as the 9.0 GM image hit and the public release of 9.0 came out.
0.001% of traffic to 0.002% ;-)
joking aside as I'm a big IPv6 champion IPv6 is picking up a lot
recentlyand whilst
the bahviour change
Hi,
> my own experience is the misinterpretation of the above properties in
> traceroute is pathological to the point of making it useless in the
> hands of novices...
correct. you should be looking at the output of other data transit systems
such as iperf, bwctl etc - thats why such tools as Per
Hi,
> For most of us, the issue is that we don’t want to do this over the Internet,
> since that’s what we are monitoring :)
exactly :-)
alan
Hi,
> Today we use a product from MultiTech Systems call MultiModem iSMS to send
> SMS text messages from our monitoring system to our on call staff. This is a
> 2G product and we need to replace it soon. I know there are more generic
> cellular modems that can do texting if you are willing to
Hi,
very nice but I now have an urge to getting this integrated with RANCID
and I just dont have the time, frustrating! ;-)
alan
Hi,
> What would be the point of spoofing the source IPs to be identical? You're
> just making the attack trivial to block. Plus you could never do any kind of
> TCP session attack, since you can't complete a handshake. I would have to
> call this sort of attack a LAAADDoS (Lame Attempt At A D
Hi,
> No. My DNS (using the roots) gets it right. ;-)
so if you choose google DNS you dont see the right stuff..in which case its
your DNS
and not microsoft or Akamai not doing IPv6 ;-)same true for OpenDNS?
likely...
alan
Hi,
however...this revelation is shocking...my users can access www.microsoft.com
material via IPv6?? turn this filth off!! ;-)
alan
Hi,
> And there isn't
its your DNS ;-)
host e10088.dspb.akamaiedge.net
e10088.dspb.akamaiedge.net has address 104.70.251.201
e10088.dspb.akamaiedge.net has IPv6 address 2a02:26f0:cb:2a4::2768
e10088.dspb.akamaiedge.net has IPv6 address 2a02:26f0:cb:29a::2768
alan
Hi,
> This is actually a good idea. Roll out an IPV6 only network and only pass
> out an IPV4 address if it's needed based on actual traffic.
yes...shame someones applied for a patent on that! ;-)
alan
Hi,
> I've done fairly extensive testing, and IPv6 support, while pretty solid on
> the carrier side, is still iffy on WiFi. Both iOS and Android have various
> reliability problems with IPv6 and WiFi, mostly related to acquiring a DNS
> address or maintaining a connection while roaming. Combine
Hi,
> It is a stupid idea if you ask me,
..and thus, based on most of the current technology patents out there,
perfectly patentable.
dont worry, the rest of the internet will probably need something like this in
the future...
and whats happened here is some coffee-room tech chat or water coo
Hi,
>I knew several people who built their career path on the assumptions of IPX.
>Ouch.
or DECnet ;-)
alan
Hi,
> I just ran a tcpdump looking for NTP packets going to 128.173.14.71. In 90
> minutes, I got hits from 330 unique IP addresses, including some that were
> chatty enough to indicate there were dozens of hosts behind a NAT.
ah yes. the joy of the usual 2 scenarios
1) your IP got used in som
Hi,
> Ok, let's see how that goes, even among the few people on this thread.
>
> Question for everyone on this thread that has said that DHCPv6 NA is a
> requirement: suppose that Android supported stateful DHCPv6 addressing,
> requested a number of addresses, and did not use any of them if the n
Hi,
> Asking for more addresses when the user tries to enable features such as
> tethering, waiting for the network to reply, and disabling the features if
> the network does not provide the necessary addresses does not seem like it
> would provide a good user experience.
talking of the user expe
Hi,
> No, the premise is that from a user's point of view, DHCPv6-only networks
what about DHCPv6 for IPv6 and DHCP for IPv4 - the client should still be able
to
pick up an IPv6 addressinstead of forcing the only option to be SLAAC ?
alan
Hi,
> Agreed - apparently the solution is to implement SLAAC + DNS advertisements
> *AND* DHCPv6. Because you need SLAAC + DNS advertisements for Android, and
> you need DHCPv6 for Windows.
Windows has been dealing with SLAAC for ages...and OSX... DHCPv6 is
relatively new in that arena...
howe
Hi,
> and we wonder at the pitiful ipv6 deployment.
if more network admins actually did network stuff then IPv6
deployment would be plentiful and we could even start the
discussion about turning off IPv4 ;-)
alan
Hi,
> supporting DHCPv6 seems to be that mobile networks don't need it, but that
> totally ignores 802.11 which is equally important.
...and what about 802.3 for those Android boxes/systems on the wired? :-)
> I would hope we're past the religious arguments of SLAAC vs DHCPv6 but it
> seems like
Hi,
> Have you thought about application layer tests - e.g. is the
> client's character set/language set to Swedish? Has the user
> identified himself/herself/henself as living in or being from
> Sweeden?
...just waiting for someone to suggest checking their web cookies
to see what area they've g
Hi,
> 2. "There are no Russian soldiers in Crimea"
eh? we know there are as it got annexed last year. I think you meant
"There are no Russian soldiers in Ukraine" ?
alan
54 matches
Mail list logo
