Been looking for Verizon and AT&T AVPN MPLS, specifically. Pointers highly
appreciated, as the nanog archive does not seem to have searchable items
ref such. Cisco docs have some info, but I am mostly looking for tried and
proven configs with the specifics that Verizon and AT&T offer.
Traditional
Is there a program which users can run on an end-site workstation which
would test whether they are being some link which is doing BCP38, or some
related type of source-address ingress filtering?
I'm hoping for something that could be downloaded by users and run, and
try to forge a few packets to
You mean like this? :-)
http://spoofer.csail.mit.edu/
- ferg
On Sun, Mar 31, 2013 at 7:48 AM, Jay Ashworth wrote:
> Is there a program which users can run on an end-site workstation which
> would test whether they are being some link which is doing BCP38, or some
> related type of source-addr
- Original Message -
> From: "Paul Ferguson"
> You mean like this? :-)
>
> http://spoofer.csail.mit.edu/
I dunno; does that automatically submit the details to a central site,
and not bother the user with anything more than "Your connection appears
to be protected with BCP38 filtering"
They should updated their autoconf. It fails on modern 64-bit Linux.
On Sun, 31 Mar 2013, Paul Ferguson wrote:
You mean like this? :-)
http://spoofer.csail.mit.edu/
- ferg
On Sun, Mar 31, 2013 at 7:48 AM, Jay Ashworth wrote:
Is there a program which users can run on an end-site workstat
On 3/29/13, Scott Noel-Hemming wrote:
>> Some of us have both publicly-facing authoritative DNS, and inward
>> facing recursive servers that may be open resolvers but can't be
>> found via NS entries (so the IP addresses of those aren't exactly
>> publicly available info).
> Sounds like your makin
This article talks about convincing direct peers and transit providers to
stop Net connectivity to the culprit
http://www.darkreading.com/blog/240151931/who-supplies-cyberbunker.html
Would it not be easier if a majority of the ISPs simply filter BGP prefixes
containing the aforementioned ASes i
On 2013-03-31, at 10:48 AM, Jay Ashworth wrote:
> Is there a program which users can run on an end-site workstation which
> would test whether they are being some link which is doing BCP38, or some
> related type of source-address ingress filtering?
>
> I'm hoping for something that could be do
On Mar 31, 2013, at 5:09 PM, Jimmy Hess wrote:
> On 3/29/13, Scott Noel-Hemming wrote:
>>> Some of us have both publicly-facing authoritative DNS, and inward
>>> facing recursive servers that may be open resolvers but can't be
>>> found via NS entries (so the IP addresses of those aren't exactl
On 2013-03-31, at 9:43 PM, Peter Baldridge wrote:
> I can assume that If you are spoofing packets, resetting passwords on cpe and
> replacing the box would be trivial. So it's questionable how useful this is.
> It seems like it just adds cost to for customers that can't spoof a packet
> to
Someone privately emailed me asking about the problems I had. When I
looked at it some more, I found the autoconf error was just very
misleading, and my build environment was incomplete. With all the right
tools installed, it built just fine on the Ubuntu 12.04 64-bit machine I
was playing on
On 03/31/13 21:50, Jason Lixfeld wrote:
> On 2013-03-31, at 9:43 PM, Peter Baldridge wrote:
>
>> I can assume that If you are spoofing packets, resetting passwords on cpe
>> and replacing the box would be trivial. So it's questionable how useful
>> this is. It seems like it just adds cost to
Hi Alejandro,
Also inline.
On Sat, Mar 30, 2013 at 10:17 PM, Alejandro Acosta
wrote:
> Hi William,
> Thanks for your response, my comments below:
>
> On 3/30/13, William Herrin wrote:
> > On Fri, Mar 29, 2013 at 11:21 PM, Alejandro Acosta
> > wrote:
> >> On 3/29/13, Patrick wrote:
> >>> On
- Original Message -
> From: "Alain Hebert"
> An easy target would be anti-virus/trojan/security software
> providers that could add a BCP38 check to their software =D
Yes, but penetration is a problem, which is why I was thinking about
people like YouTube, Ookla, and the like.
Any Flas
- Original Message -
> From: "Jason Lixfeld"
> I believe that most everyone has a CPE of some sort, whether their
> service is resi or commercial. So, what about shifting the focus to
> the CPE manufacturers? They bend to technology and/or market pressures
> by bringing things like NAT, F
On Sun, 31 Mar 2013 16:09:35 -0500, Jimmy Hess said:
> On 3/29/13, Scott Noel-Hemming wrote:
> >> Some of us have both publicly-facing authoritative DNS, and inward
> >> facing recursive servers that may be open resolvers but can't be
> >> found via NS entries (so the IP addresses of those aren't
On Sun, 2013-03-31 at 22:32 -0400, Jay Ashworth wrote:
> This thought crossed my mind earlier today, when I asked Jeff if IP-forged
> packets would make it through a NAT, outbound. He said no (I think), but
> I'm not entirely sure that's right.
Welll - the packets might make it out, and be trans
In message <1364787851.2136.7.camel@karl>, Karl Auer writes:
> On Sun, 2013-03-31 at 22:32 -0400, Jay Ashworth wrote:
> > This thought crossed my mind earlier today, when I asked Jeff if IP-forged
> > packets would make it through a NAT, outbound. He said no (I think), but
> > I'm not entirely s
On Mon, 2013-04-01 at 15:07 +1100, Mark Andrews wrote:
> In message <1364787851.2136.7.camel@karl>, Karl Auer writes:
> > A side effect of NAT is to clamp the source address range
> > of outbound packets to the configured NAT outside address
> > range.
> It depends on how the nat is configured.
OK
On 3/31/13, Karl Auer wrote:
> On Mon, 2013-04-01 at 15:07 +1100, Mark Andrews wrote:
>> In message <1364787851.2136.7.camel@karl>, Karl Auer writes:
>> > A side effect of NAT is to clamp the source address range
>> It depends on how the nat is configured.
> OK - how does one configure NAT so tha
20 matches
Mail list logo
