On 01/02/2014 10:30 PM, TJ wrote:
I'd argue that while the timing may be different, RA and DHCP attacks
are largely the same and are simply variations on a theme.
Utter nonsense. The ability to nearly-instantly switch traffic for
nearly-all nodes on the network is a very different thing than w
On Fri, Jan 3, 2014 at 9:40 AM, Doug Barton wrote:
> On 01/02/2014 10:30 PM, TJ wrote:
>
>> I'd argue that while the timing may be different, RA and DHCP attacks
>> are largely the same and are simply variations on a theme.
>>
>
> Utter nonsense. The ability to nearly-instantly switch traffic for
On 01/03/2014 01:15 AM, Baldur Norddahl wrote:
On Fri, Jan 3, 2014 at 9:40 AM, Doug Barton wrote:
On 01/02/2014 10:30 PM, TJ wrote:
I'd argue that while the timing may be different, RA and DHCP attacks
are largely the same and are simply variations on a theme.
Utter nonsense. The ability
On Fri, Jan 03, 2014 at 12:40:42AM -0800, Doug Barton wrote:
> Further, by far the common case is for network gear to _already_ be
> configured to avoid permitting hosts to act as DHCP servers unless
> they are supposed to be. It's rare to even find a network device
> that has RA Guard capabilities
Good point Jimmy, there is a world of hurt involved, although it may be
slightly less painless when you realize that the alternative is: "*the NSA
[who] has modified the firmware of computers and network hardware—including
systems shipped by Cisco, Dell, Hewlett-Packard, Huawei, and Juniper
Network
On Fri, Jan 3, 2014 at 10:24 AM, Doug Barton wrote:
> ... and yet most IPv4 networks are not "completely unprotected."
>
We are apparently talking about "completely unprotected" networks here.
Otherwise there is simply no problem. You would be filtering RA and many
other things, because that is
You actually buy brand-name SFP's? That's like buying the gold-plated HDMI
Monster Cable at Best Buy at markup ...
I just find the the companies that the vendors contract to make their OEM
SFP's and buy direct. Same SFP from the same factory except one has a
Cisco sticker. ;-)
You can even get t
>
> Vyatta and now VyOS are important projects for networking. We really need
> to get away from locked down non-free hardware and software for critical
> infrastructure.
>
> It's natural that most of the people in this community (myself included)
> will be fans of companies like Cisco and Junip
On Jan 3, 2014:12:01 AM, at 12:01 AM, Jimmy Hess wrote:
> On Thu, Jan 2, 2014 at 8:53 PM, Andrew Duey <
> andrew.d...@widerangebroadband.net> wrote:
>
>> I'm surprised nobody's mentioned vyatta.org or the new fork of VyOs. We
>> are currently using the vyatta community edition and so far it's
On (2014-01-03 07:48 -0500), Ray Soucy wrote:
>
> Juniper is a FreeBSD shop, and Cisco's new OS lines are based on Linux.
> Ciena is largely based on Linux as well. In poking around at these
> platforms recently one of the big things I'm noticing is that there is a
> lot less done in hardware th
Comcast having saturated links to other providers is a common and
frequently discussed issue. Here is one previous NANOG thread on the topic:
http://mailman.nanog.org/pipermail/nanog/2010-December/029251.html
And a related article:
http://www.dslreports.com/shownews/Claims-Resurface-Concerning
On Jan 3, 2014, at 12:30 AM, TJ wrote:
> I'd argue that while the timing may be different, RA and DHCP attacks are
> largely the same and are simply variations on a theme.
Rogue RA's can take down statically IPv6'ed boxes.
Rogue DHCP servers will never affect a statically configured IPv4 box.
On Fri, Jan 3, 2014 at 4:09 PM, Leo Bicknell wrote:
> Rogue RA's can take down statically IPv6'ed boxes.
>
> Rogue DHCP servers will never affect a statically configured IPv4 box.
I believe that that would depend on whether your configuration
of a static IPv6 address on your box also disable
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, LacNOG,
TRNOG, CaribNOG and the RIPE Routing Working Group.
Daily listings are sent to bgp-st...@lists.ap
This report has been generated at Fri Jan 3 21:13:36 2014 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/2.0 for a current version of this report.
Recent Table History
Date
BGP Update Report
Interval: 26-Dec-13 -to- 02-Jan-14 (7 days)
Observation Point: BGP Peering with AS131072
TOP 20 Unstable Origin AS
Rank ASNUpds % Upds/PfxAS-Name
1 - AS30783 47548 2.8%1398.5 -- RSD Rased Maral Ava Jonoob JSC
2 - AS35819 43311
On 1/3/2014 2:05 AM, Daniël W. Crompton wrote:
Good point Jimmy, there is a world of hurt involved, although it may be
slightly less painless when you realize that the alternative is: "*the NSA
[who] has modified the firmware of computers and network hardware—including
systems shipped by Cisco, D
On 01/03/2014 04:01 AM, Baldur Norddahl wrote:
On Fri, Jan 3, 2014 at 10:24 AM, Doug Barton wrote:
And you still haven't provided an argument about why the default route
should not be added to DHCPv6.
I was not arguing that it didn't. Just that the perceived problem is not
real.
Your opin
On Jan 3, 2014, at 12:40 AM, Doug Barton wrote:
> On 01/02/2014 10:30 PM, TJ wrote:
>> I'd argue that while the timing may be different, RA and DHCP attacks
>> are largely the same and are simply variations on a theme.
>
> Utter nonsense. The ability to nearly-instantly switch traffic for nearl
What DHCP attacks?
Humor me... What DHCP "attacks"?
- ferg
On 1/3/2014 5:52 PM, Owen DeLong wrote:
On Jan 3, 2014, at 12:40 AM, Doug Barton wrote:
On 01/02/2014 10:30 PM, TJ wrote:
I'd argue that while the timing may be different, RA and DHCP attacks
are largely the same and are simply
> >> There is simply no good reason not to include default route in the
> configuration for DHCPv6, and it's long overdue.
> >
> > As I've said before, if we're going to bother doing it, we should just
include
> RIO options, but otherwise, I agree with you.
> >
Are DHCPv6 and/or NDP extendible for
On Fri, 03 Jan 2014 20:52:25 -0500, Owen DeLong wrote:
Not entirely true, actually… If you’re willing to work hard enough at
it, most hosts can be “encouraged” to renew early.
Short of commandline access, no there isn't. (crashing or otherwise
triggering a reboot, isn't a "renew"; that's a
On 04.01.2014 07:49, Darren Pilgrim wrote:
Dell, HP, Cisco, etc. were named because the leaked docs mention
hardware-specific BIOS/firmware bugging such as ILO piggybacking in a
Proliant. I think it's foolhardy believing they wouldn't have similar
attacks for just about everything.
Highly unli
23 matches
Mail list logo
