hi all
I would like to know how you guys handle encypted rpc across firewalls.
We utilize an ASA platform and the DCERPC inspection cant handle encrypted RPC
(which is standard in most windows 2008 and default in all communication in
exchange 2010). Ciscos says: disable encryption or create "a
On Thu, Nov 10, 2011 at 1:01 AM, Randy Bush wrote:
>> 1) The concept of Inter-RIR transfers is a bad idea. Insuring
>> "compatible" rules between RIR's will always be difficult at
>> best.
>
> no need to coordinate rules/policies at all. what we suggested in a/p
> three years back was simp
On Thu, 10 Nov 2011 09:56:51 +0100, Lasse Birnbaum Jensen said:
> I would like to know how you guys handle encypted rpc across firewalls.
You can always just set the firewall to ban RPC in general, whether or not it's
encrypted (while you're there, close off ports 137-139 and other chucklehead
stu
On Thu, 10 Nov 2011 07:39:15 EST, William Herrin said:
> Such a process creates a back-door requirement that participating
> registries race to the bottom eliminating eligibility requirements for
> address recipients.
When was the last time this industry turned down a chance to have
a race to the
>> no need to coordinate rules/policies at all. what we suggested in a/p
>> three years back was simple. seller must abide by seller's local
>> selling policy and buyer must abide by buyer's local receiving policy.
>
> Such a process creates a back-door requirement that participating
> registrie
On Wed, Nov 9, 2011 at 2:44 PM, Nick Hilliard wrote:
> On 09/11/2011 19:07, C. Jon Larsen wrote:
> As I said, it's not a pf problem. Commercial firewalls will do all this
> sort of thing off the shelf. It's a pain to have to write scripts to do
> this manually.
Ah... the high cost of 'free'
So Randy.. Are you in favor or opposed to 2011-1?
Thanks!
Cathy
On Thu, Nov 10, 2011 at 6:28 AM, Randy Bush wrote:
> >> no need to coordinate rules/policies at all. what we suggested in a/p
> >> three years back was simple. seller must abide by seller's local
> >> selling policy and buyer
Also,
Most enterprises that support Exchange remote access use RPC over HTTPS which
is encrypted and easy to allow on the firewall.
Matthew Huff | 1 Manhattanville Rd
Director of Operations | Purchase, NY 10577
OTA Management LLC | Phone: 914-460-4039
aim: matthewbhuff
> So Randy.. Are you in favor or opposed to 2011-1?
against
On Thu, Nov 10, 2011 at 8:28 AM, Randy Bush wrote:
> i am sure the americans who think all address space should righfully be
> theirs can dream up paranoid scenarios for anything. but dear canute,
> the tide is coming, get over it or get wet.
Randy,
You're fortunate that you speak for a minorit
> You're fortunate that you speak for a minority.
actually, that time has passed. you're the minority. there are more
non-americans than american rir members, there are more legacy holders
than arin junior vigilantes, ...
observe how the american 'global' proposal flew.
randy
In a message written on Thu, Nov 10, 2011 at 02:28:50PM +0100, Randy Bush wrote:
> i am sure the americans who think all address space should righfully be
> theirs can dream up paranoid scenarios for anything. but dear canute,
> the tide is coming, get over it or get wet.
I believe you have made
> The real problem is, if people spent even 10% of the time spent
> arguing over how to buy/sell/trade/swap IPv4 space deploying IPv6
> space we wouldn't be havng this discussion, as no one would need
> any more IPv4 space at this point since we would all be removing
> it from our network.
>
> The
The other high cost of "free" that people sometimes overlook is
liability. Many organizations want/need someone to hold the fire to in
the event of an issue. I believe in open source and am an advocate of
open source computing (this email is from my Debian (NOT UBUNTU) laptop
and my BSD worksta
On Thu, Nov 10, 2011 at 08:52:22AM -0600, -Hammer- wrote:
> The other high cost of "free" that people sometimes overlook is
> liability.
Please point to an instance (case citation, please) where a commercial
firewall vendor has been successfully litigated against -- that is, held
responsible by a
OK. Right off the bat you know I can't and won't. But in some places it
is common practice to make sure agreements are in place to make sure all
parties are protected based on how a product is expected/designed to
perform. I can't say more than that. Realize I'm speaking about things
that are s
In a message written on Thu, Nov 10, 2011 at 10:14:26AM -0500, Richard Kulawiec
wrote:
> Please point to an instance (case citation, please) where a commercial
> firewall vendor has been successfully litigated against -- that is, held
> responsible by a court of law for a failure of their product
Original Message -
> From: "Leo Bicknell"
> Just ask folks like AutoZone or DaimlerChrysler how much it cost to use
> Linux when they were sued by SCO and had to defend themselves. Sure,
> they prevailed, but I bet tens of thousands of dollars were spent on
> litigation.
Sure. But comp
Your hypothetical scenario assumes you're the only organization
compromised by the flaw (or one of very few), and not #3972 on the list,
in which case the company could go bankrupt before a court can hear your
case, and the "liability protection" they offered you is worth the
electrons it's pri
Look the thread was about considerations for various firewalls.
Eventually it spun off to be considerations and issues with Open Source
options. I was merely pointing out a consideration that some folks have
to take into account. You don't have to like it, agree with it, or even
believe it. But
Anyone with twtelecom who can contact me off list about a possible congestion
issue at one of your handoffs?
Thanks
EKG
On Wed, Nov 9, 2011 at 12:44 PM, Nick Hilliard wrote:
> On 09/11/2011 19:07, C. Jon Larsen wrote:
>>
>> put the main portion of the conf in subversion as an include file and
>> factor out local differences in the configs with macros that are defined
>> in
>> pf.conf
>>
>> Easy.
>
> As I said, it's
Bill,
On Nov 10, 2011, at 5:48 AM, William Herrin wrote:
> On Thu, Nov 10, 2011 at 8:28 AM, Randy Bush wrote:
>> i am sure the americans who think all address space should righfully be
>> theirs can dream up paranoid scenarios for anything. but dear canute,
>> the tide is coming, get over it or
On 10/11/2011 16:59, David Conrad wrote:
Tell King Canute's advisors I said "hi".
My OCD is screaming at me to point out that King Knut was attempting to
show his advisers that even he couldn't control the tides.
Nick
On Thu, Nov 10, 2011 at 08:30:46AM -0800, Jonathan Lassoff wrote:
> > As I said, it's not a pf problem. ?Commercial firewalls will do all this
> > sort of thing off the shelf. ?It's a pain to have to write scripts to do
> > this manually.
>
> Agreed. This is rather a pain to have to do manually ea
On Thu, Nov 10, 2011 at 09:39:29AM -0600, -Hammer- wrote:
> OK. Right off the bat you know I can't and won't.
Right. I know you can't and won't. I can't either. So we can
summarily dismiss all the concerns about liability because they
have no relationship to reality. You will not be suing Bi
WOW. You really are naive
-Hammer-
"I was a normal American nerd"
-Jack Herer
On 11/10/2011 12:12 PM, Richard Kulawiec wrote:
On Thu, Nov 10, 2011 at 09:39:29AM -0600, -Hammer- wrote:
OK. Right off the bat you know I can't and won't.
Right. I know you can't and won't. I ca
- Original Message -
> From: "Richard Kulawiec"
> Right. I know you can't and won't. I can't either. So we can
> summarily dismiss all the concerns about liability because they
> have no relationship to reality. You will not be suing BigFirewallCo,
> no matter how horribly their product f
You guys are hilarious. OK. I give up. It never happens. I'll leave this
thread alone.
-Hammer-
"I was a normal American nerd"
-Jack Herer
On 11/10/2011 12:19 PM, Jay Ashworth wrote:
- Original Message -
From: "Richard Kulawiec"
Right. I know you can't and won't. I c
On Thu, 10 Nov 2011 12:12:21 CST, -Hammer- said:
> WOW. You really are naive
I think Rich has been around long enough that he gets called a *lot* of things
(many of them non-complimentary), but this is the first time this century
anybody's called him *naive*... ;)
pgpe1XQ1ubv8i.pgp
Descript
OK. Maybe I jumped to hard. But to tell me that what I'm referring to
has never happened (even though I've participated) just because he
hasn't heard of it is not the best way to approach an argument. When
these things happen, there are agreements in place so it's not
discussed. Especially when
Litigation? Wow.
To answer the OP:
Any of the Cisco, Juniper, Sonic, Fortinet, etc can be easy to use to maintain.
But I'd make sure you have a good understanding of what you intend to do, and
what products will satisfy your needs. Demo's are a good idea. One person's
definition of easy may n
I changed my mind. I want to clear this up. Here is an example of where
a patent troll skipped over the manufacturer and went straight for the
end customer. There are dozens of these attacking all verticals and
manufacturers alike for various reasons.
http://dockets.justia.com/docket/texas/txe
Please contact me off-list.
It was pointed out to me that 'k12.fl.us' is not an organization, but rather a
container. Clarification - I'm looking for a security contact from
broward.k12.fl.us
Nathan Eisenberg
> -Original Message-
> From: Nathan Eisenberg
> Sent: Thursday, November 10, 2011 2:07 PM
> To: NANOG lis
On 11/10/2011 12:24 PM, valdis.kletni...@vt.edu wrote:
I think Rich has been around long enough that he gets called a*lot* of things
(many of them non-complimentary), but this is the first time this century
anybody's called him*naive*...;)
Given that all of humankind is naive, it would be redu
> And you believe the couple of hundred folks who participate in ARIN
> are going to stand in the way of those business interests? I might
> gently suggest it would probably be more useful to figure out how the
> new market players and the "legacy" RIRs can coexist in a way that
> doesn't do sever
On Nov 10, 2011, at 6:56 AM, Leo Bicknell wrote:
> The tide is coming. The tide is wet. The tide is full of IPv6 water.
> Get over it.
Awesome, so you've solved the multi-homing issues with v6? The RA/DHCPv6
issues? (I'll just leave it at those three).
-b
38 matches
Mail list logo
