Ingress filtering is the correct tool for the job. The whole point here is that
packets are coming from somewhere they should not, and they are thus spoofed.
The tools have been in place to deal with this for a very long time now. The
drafts that became RFC 2267 (precursor of RFC 2827 / BCP38) d
On Jul 13, 2010, at 11:11 AM, Greg Whynott wrote:
>>>
>>
>> They are all software based, no matter who builds them. Cisco IOS,
>> Juniper JunOS, etc.
>
> controlling hardware asic's and fpga's.
Which are in essence software burned into chips. They can provide some
acceleration, but will
I've deployed SonicWALL NSA appliances for use on FiOS with good results. With
any firewall, size it to be able to handle the bandwidth and applications
involved.
On May 27, 2010, at 11:26 AM, David Storandt wrote:
> Would a hardware firewall appliance do the trick? Limited routing features
> s
While the equipment may well be affected by an EM pulse, if the gear returns to
normal after a power cycle, then the equipment vendor didn't do their job fully
developing the product. A product should be tested to take such pulses and
should recover provided it has not suffered a catastrophic fa
On Apr 21, 2010, at 9:57 AM, Dan White wrote:
> On 21/04/10 10:49 -0300, Claudio Lapidus wrote:
>> Hello all,
>>
>> At our ISP operation, we are seeing increasing levels of traffic in our
>> outgoing MTA's, presumably due to spammers abusing some of our subscribers'
>> accounts. In fact, we are
On Apr 21, 2010, at 9:25 AM, Christopher Morrow wrote:
> On Wed, Apr 21, 2010 at 1:29 AM, Owen DeLong wrote:
>> While I think this is an improvement, unless the distribution of ULA-C is no
>> cheaper
>> and no easier to get than GUA, I still think there is reason to believe that
>> it is likel
I see a need for stable, permanent blocks of addresses within an organization.
For example, a branch office connecting to a central office over VPN: firewall
rules need to be predictable. If the branch office' IPv6 block changes, much
access will break. This is directly analogous to how RFC1918
On Apr 20, 2010, at 3:55 PM, Joe Abley wrote:
>
> On 2010-04-20, at 15:31, Roger Marquis wrote:
>
>> If this were really an issue I'd expect my nieces and nephews, all of whom
>> are big
>> game players, would have mentioned it. They haven't though, despite being
>> behind
>> cheap NATing CP
It's been clear for a very long time that the NANOG crowd likes to socialize.
At NANOGs, social settings are where connections are made, beers consumed,
sometimes scuba dives shared or other local attractions explored. It is
certainly a good thing, and fosters much useful discussion among peers
On Mar 22, 2010, at 6:53 PM, Stan Barber wrote:
> In this case, I am talking about an IPv6<->IPv6 NAT analogue to the current
> IPv4<->IPv4 NAT that is widely used with residential Internet service
> delivery today.
>
> I believe that with IPv6 having much larger pool of addresses and each
>
On Mar 18, 2010, at 2:25 PM, Owen DeLong wrote:
>
> On Mar 18, 2010, at 9:34 AM, Fred Baker wrote:
>
>> Are they using them only within their domain(s), and ARIN addresses outside,
>> or are they advertising them to their upstream(s) to be readvertised into
>> the backbone?
>>
>> If they are
Well, it's like this... there's still no native IPv6 connectivity in most data
centers, residences, businesses or wireless, most vendors of networking
equipment have not had a lot of mileage on their IPv6 code if they even have it
fully working, and, frankly, the IPv6 community has been predicti
mance testing).
>
>
>
>> -Original Message-
>> From: Michael Sokolov [mailto:msoko...@ivan.harhan.org]
>> Sent: Friday, February 26, 2010 3:35 PM
>> To: nanog@nanog.org
>> Subject: Locations with no good Internet (was ISP in Johannesburg)
>>
&g
solution.
On Feb 26, 2010, at 4:40 PM, James Jones wrote:
> The Massachusetts Broadband Institute is currently working a middle mile
> solution to help with some of the issues in western ma. Thing do sound
> promising.
>
>
> On 2/26/10 4:34 PM, Michael Soko
Better than western Massachusetts, where there's just no connectivity at all.
Even dialup fails to function over crappy lines. I'd take monopoly pricing over
no connectivity, I guess.
On Feb 25, 2010, at 9:08 PM, Randy Bush wrote:
>> Internet connectivity here in 'deepest darkest Africa' is act
On Feb 20, 2010, at 8:08 AM, Rich Kulawiec wrote:
> On Fri, Feb 19, 2010 at 08:20:36PM -0500, William Herrin wrote:
>> Whine all you want about backscatter but until you propose a
>> comprehensive solution that's still reasonably compatible with RFC
>> 2821's section 3.7 you're just talking trash
On Feb 20, 2010, at 12:28 AM, Scott Howard wrote:
> On Fri, Feb 19, 2010 at 5:20 PM, William Herrin wrote:
>> On Fri, Feb 19, 2010 at 3:30 PM, Rich Kulawiec wrote:
>>> Barracuda's engineers apparently think
>>> that using SPF stops backscatter -- and it most emphatically does not.
>>>
>>> Reje
On Jan 26, 2010, at 9:54 AM, Joe Maimon wrote:
> For me, the entire debate boils down to this question.
>
> What should the objective be, decades or centuries?
If centuries, how many planets and moons will the address space cover? (If we
as a species manages to spread beyond this world before
On Jan 14, 2010, at 1:53 PM, John Payne wrote:
>
> On Jan 14, 2010, at 1:41 PM, Kevin Loch wrote:
>
>> Ketan Mangal wrote:
>>> Yes there is a Newyork to Philadelphia fiber cut is there It might not be
>>> an outage it might be high latency due to multiple
>>> routes going out via there buffalo
The SonicWALL firewall appliances have had decent multi-port NAT functionality
for a long time. In the most recent software revision for the latest generation
of appliances, they've extended this beyond 2 upstreams. The smaller units in
the line also can use various 3G wireless cards and USB don
I disagree. There was considerable concern with a misuse of a mechanism and its
effect on various systems. That, from discussion on the IETF mailing list I was
on when it was discussed there. There was no rough consensus that I could see.
On Dec 15, 2009, at 2:09 PM, Tony Finch wrote:
> On Tue
On Aug 28, 2009, at 9:47 AM, Jack Bates wrote:
Robert E. Seastrom wrote:
The problem is that if you break down the costs, you'll find out that
it almost doesn't matter what you put in as a cost of the total
build;
the big costs are the engineering and the labor to install, not the
"cost of
On Apr 9, 2009, at 7:15 AM, Robert E. Seastrom wrote:
Seth Mattinen writes:
I have a few Sprint EVDO cards. They go into standby when nothing is
actively going on and fire up within seconds when there is
something to
do. I regularly use everything from SSH to streaming video without
any
ct
equivalent or better functionality.
Ultimately the only bit of light emerging above all the heat generated
by this thread is a simple observation: "Engineers make lousy salespeople."
--
-
Daniel Senie
idance, not compliancy
requirements. Nonetheless, application developers can find useful
information on how to avoid problems.
--
---------
Daniel Senied...@senie.com
Amaranth Networks Inc.
Mike Lyon wrote:
> That makes two of us...
>
> Anyways, for residential VOIP, where are we these days with E911? Are
> providers like Vonage and such providing reliable E911 when people
> call 911? That is one of the major problems I see with the residential
> realm going with VOIP offerings...
>
At 06:54 PM 11/2/2008, Daniel Roesen wrote:
On Sun, Nov 02, 2008 at 04:40:20PM -0500, Randy Epstein wrote:
> Problem resolved?
https://www.sprint.net/cogent.php
Reading this accounting of Sprint's side of the story reveals
something that's not too surprising about Sprint. They've got serious
At 09:33 AM 11/2/2008, Mikael Abrahamsson wrote:
On Sun, 2 Nov 2008, Rod Beck wrote:
It is a short term issue that probably doesn't merit government intervention
The only government intervention I can imagine as being productive
would be to mandate what the "Internet" is, and if someone is
At 01:20 PM 10/31/2008, Randy Epstein wrote:
If you haven't already seen it, the great Todd Underwood of Renesys
published an article today on his blog regarding this subject:
http://www.renesys.com/blog/2008/10/wrestling-with-the-zombie-spri.shtml
Just read through Todd's blog posting. Since
At 06:05 PM 10/12/2008, Nathan Ward wrote:
On 13/10/2008, at 9:53 AM, Stephen Sprunk wrote:
Mikael Abrahamsson wrote:
This brings up an interesting question, should we stop announcing
our 6to4 relays outside of Europe? Is there consensus in the
business how this should be done? I have heard o
At 11:08 AM 9/30/2008, Charles Wyble wrote:
I like to use ntop (from ntop.org) for this, along with MRTG. Others
prefer cacti. I found MRTG easier to setup. It comes down to
personal preference.
MRTG provides graphs of usage, but I'm not aware of it providing a
monthly total usage (or 95% or
At 06:13 PM 9/25/2008, Adam Rothschild wrote:
Another vote for APC here. We've deployed many hundreds in various
receptacle configurations, and n'er any failures. The build quality
is definite cut above the competition, some with interiors that look
like they were assembled from duct tape and
At 12:48 PM 9/3/2008, you wrote:
Do you operate your mailserver on a residential cablemodem or adsl
rather than a business account?
No, we co-lo equipment at a professional facility that our customers
on any type of connection need to have access to send mail through,
regardless of whether t
At 03:10 PM 10/19/2007, John C. A. Bambenek wrote:
I love how the framed it as "data discrimination". Let's just be
honest... 99% of it was illegal traffic taking up far more than their
fair share of bandwidth.
Let's be honest. The US ISPs have been advertising "unlimited"
service, but hea
At 02:29 PM 10/16/2007, Pekka Savola wrote:
On Tue, 16 Oct 2007, Alain Durand wrote:
Classifying it as private use should come with the health warning "use this
at your own risk, this stuff can blow up your network". In other words, this
is for experimental use only.
Do we need to classify
At 08:04 PM 10/3/2007, Stephen Sprunk wrote:
Thus spake "Daniel Senie" <[EMAIL PROTECTED]>
A number of people have bemoaned the lack of any IPv6-only
killer-content that would drive a demand for IPv6. I've thought
about this, and about the government's push to
At 04:07 PM 10/2/2007, Iljitsch van Beijnum wrote:
On 2-okt-2007, at 16:53, Mark Newton wrote:
By focussing on the mechanics of inbound NAT traversal, you're
ignoring the fact that applications work regardless. Web, VoIP,
P2P utilities, games, IM, Google Earth, you name it, it works.
O re
At 09:13 AM 10/2/2007, Iljitsch van Beijnum wrote:
On 2-okt-2007, at 15:05, Adrian Chadd wrote:
Please explain how you plan on getting rid of those protocol-aware
plugins
when IPv6 is widely deployed in environments with -stateful
firewalls-.
You just open up a hole in the firewall where a
esting way to advance two goals
in synergy.
Dan
--
-----
Daniel Senie[EMAIL PROTECTED]
Amaranth Networks Inc.http://www.amaranth.com
"Our lives begin to end the day we
At 09:07 PM 6/4/2007, Jason Lewis wrote:
I figured SMB would chime in...but his research says it's not so anonymous.
http://illuminati.coralcdn.org/docs/bellovin.fnat.pdf
Give or take NAT boxes / firewalls that specifically have features to
mess with the IP ID. The SonicWALL products have,
At 03:20 PM 6/4/2007, Jim Shankland wrote:
[EMAIL PROTECTED] writes:
> On Mon, 04 Jun 2007 11:32:39 PDT, Jim Shankland said:
> > *No* security gain? No protection against port scans from Bucharest?
> > No protection for a machine that is used in practice only on the
> > local, office LAN? O
41 matches
Mail list logo
