Hi, Brandon,
On 04/17/2014 08:20 PM, Brandon Ross wrote:
> On Thu, 17 Apr 2014, Sander Steffann wrote:
>
>>> Also, I note your draft is entitled "Requirements for IPv6 Enterprise
>>> Firewalls." Frankly, no "enterprise" firewall will be taken seriously
>>> without address-overloaded NAT. I realiz
On 4/18/14 10:16 PM, "Matt Palmer" wrote:
>On Fri, Apr 18, 2014 at 10:04:35PM -0400, Jeff Kell wrote:
>> As to address the other argument in this threat on NAT / private
>> addressing, PCI requirement 1.3.8 pretty much requires RFC1918
>>addressing
>> of the computers in scope... has anyone hi
From: George Herbert
Date: Friday, April 18, 2014 7:11 PM
To: Lee Howard
Cc: Eugeniu Patrascu ,
"draft-gont-opsec-ipv6-firewall-r...@tools.ietf.org"
, "nanog@nanog.org"
Subject: Re: Requirements for IPv6 Firewalls
> Lee Howard:
>> So, yeah, you have to give your firewall administrator ti
On Mon, 21 Apr 2014, Fernando Gont wrote:
Are you argung against of e.g. "default-deny inbound traffic"?
Absolutely not, default deny of traffic should most certainly be one of
the tools in the toolbox.
--
Brandon Ross Yahoo & AIM: BrandonNRoss
+1-404-6
On Mon, 21 Apr 2014 12:10:31 -0400, Lee Howard said:
> "Methods used to meet the intent of this
> requirement may vary depending on the specific
> networking technology being used. For example,
> the controls used to meet this requirement may be
> different for IPv4 networks than for IPv6 networks
Anyone know if pluggable coherent DWDM 10Gig optics exist? (I'm finding no
such thing.)
How about narrow-band/filtered receive 10Gig optics? (Inline FBG filter
receive side might be doable?)
--
Tim:>
p.s. Before you ask, DTAG Terastream has got me thinking...
As a follow up, I did not miss a zero. TenGig. If you want to know why:
https://ripe67.ripe.net/presentations/131-ripe2-2.pdf
(I'll take 100Gig once I can get the optics for less than the cost of a
v.nice sports car...)
On Mon, Apr 21, 2014 at 2:42 PM, Tim Durack wrote:
> Anyone know if plugga
On Mon, Apr 21, 2014 at 9:32 AM, Lee Howard wrote:
>
> You're describing best practice. Yes, of course, you should have well
> documented technical and business needs for what's open and what's closed
> in firewalls, and should have traceability from the rules in place to the
> requirements, and
You can get 100G-LR4 CFP for ~10k from good vendors. You can get them sub-10k
from china what i'm hearing, but those failure rates are higher..
- Jared
On Apr 21, 2014, at 2:57 PM, Tim Durack wrote:
> As a follow up, I did not miss a zero. TenGig. If you want to know why:
> https://ripe67.rip
* Christopher Morrow:
> I sort of wonder if this is really just yahoo trying to use a stick to
> motivate people to do the right thing?
But what is the right thing here?
Do we really want that *all* mailing lists must not provider "reply to
sender" option to all their users? Will this list make
On Mon, Apr 21, 2014 at 2:57 PM, Tim Durack wrote:
> On Mon, Apr 21, 2014 at 2:42 PM, Tim Durack wrote:
>
>> Anyone know if pluggable coherent DWDM 10Gig optics exist? (I'm finding
>> no such thing.)
>>
>> How about narrow-band/filtered receive 10Gig optics? (Inline FBG filter
>> receive side mi
Hi Everyone,
We are soliciting presentation proposals for a 30m time slot during
the Data Center Track being held at NANOG 61 in Bellevue, WA. See
http://bit.ly/1rg4eyn for dates/location.
The topics that we'd like to hear from you on are:
- Data Center Infrastructure Management "DCIM" (use case
On Fri, Apr 18, 2014 at 03:47:25PM -0700, Scott Weeks wrote:
>
> :: There being no cable between the Hawaiian Islands
> :: and the mainland at the time
>
> Wait...what?
>
> https://en.wikipedia.org/wiki/Submarine_communications_cable#Submarine_cables_across_the_Pacific
>
> "The first trans-pac
--- mi...@mikea.ath.cx wrote:
From: Mike A
On Fri, Apr 18, 2014 at 03:47:25PM -0700, Scott Weeks wrote:
>
> :: There being no cable between the Hawaiian Islands
> :: and the mainland at the time
>
> Wait...what?
>
> https://en.wikipedia.org/wiki/Submarine_communications_cable#Submarine_cable
FYI...
Say it isn't so
In today's Heartbleed state of affairs...
attrition.org uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
The certificate is only valid for Lyger The certificate expired on
12/21/2012 1:44 PM.
The current time i
The default TTL should be 300 secs, esp with everyone switching A records
to cloud providers, imho.
That way, who ever is the SOA and the zone master, can update it based on
design scale or sla of that provider.
DNS needs a protocol refresh anyways.
Dennis B.
On Apr 16, 2014 7:30 PM, "John Peach
16 matches
Mail list logo
