Hi all,
Thanks so much for the responses. It looks like the issue has now been resolved!
Ammar
> On 14 Feb 2015, at 5:51 am, Adam Davenport wrote:
>
> Ammar,
>
> Feel free to contact me off-list, and I'd be happy to take a look into this
> issue for you. Thanks!
>
>> On 2/13/2015 8:10 PM,
> I've been tasked by our company president to learn about, investigate and
> recommend an intrusion detection system for our company.
>
> We're a smaller outfit, less than 100 employees, entirely Apple-based.
> Macs, iPhones, some Mac Mini servers, etc., and a fiber connection to the
> world. We
My views are that if artistic endeavour is involved, then it is IP.
Architecture is certainly that... the look... but, the pipes, sewerage,
electricity, door locks... are not. They are products, bought of the shelf
and assembled.
It would be debatable if there is artistic endeavour in Network
Arch
I'm having a hard time seeing how this reduces cable costs or increases network
durability. Each individual server is well connected to 3-4 other servers in
the rack, but the rack still only has two uplinks. For many servers in the
rack you're adding 3-4 routing hops between an end node and th
Hi NANOG.
It was suggested I try this list to contact a Yahoo Network Engineer to
help me with this problem I'm seeing. I have around 200-300 of my Yahoo
hosting customers experiencing this issue where http requests to their
websites are timing out.
For the last week, I've been trying to reach o
On Fri, Feb 13, 2015 at 03:45:30PM -0600, Rafael Possamai wrote:
> What is the alternative then... Does he have the time to become a BSD guru
> and master ipfw and pf? Probably not feasible with all other job duties,
> unless he locks himself in his mom's basement for the next 5 years.
I know this
On Fri, 13 Feb 2015, Rich Kulawiec wrote:
On Fri, Feb 13, 2015 at 02:45:46PM -0600, Rafael Possamai wrote:
I am a huge fan of FreeBSD, but for a medium/large business I'd definitely
use a fairly well tested security appliance like Cisco's ASA.
Closed-source software is faith-based security.
We did similar way back in the day (2001?) when GBE switches were ridiculously
expensive and we wanted many nodes instead of expensive gear. The
(deplorably hot!) NatSemi 83820 gbe cards were a mere $40 or something however.
Uplink for loading data via NFS/control was the onboard FE (via desktop
Thanks for the awesome response, you have valid points. This could be me
trying to simplify things by suggesting something like Cisco ASA, but the
FreeBSD solution will need much more than just a well written ipfw or pf
set of rules. In his scenario, I would also most likely need to setup VPN,
CARP
(placeholder, responded off-list)
Matt
On Sat, Feb 14, 2015 at 3:26 AM, Harrison Hung
wrote:
> Hi NANOG.
>
> It was suggested I try this list to contact a Yahoo Network Engineer to
> help me with this problem I'm seeing. I have around 200-300 of my Yahoo
> hosting customers experiencing this
Hello,
I have a client who hosts a web facing service on the west coast of the
United States. He has a number of customers in France who have been
reporting connectivity issues starting about ten days ago. He has been
hosting with us for a number of years and this appears to be the first time
he h
On Sat, Feb 14, 2015 at 2:38 AM, Randy Bush wrote:
Bro, SNORT, SGUIL, Tcpdump, and Wireshark are some nice tools.
By itself, a single install of Snort/Bro is not necessarily a complete
IDS, as it cannot inspect the contents of outgoing SSL sessions, so
there can still be Javascript/attacks aga
On Sat, 2015-02-14 at 10:42 -0800, Joe Renwick wrote:
Hello Joe,
> I have a client who hosts a web facing service on the west coast of the
> United States. He has a number of customers in France who have been
> reporting connectivity issues starting about ten days ago. He has been
> hosting with
Checkout security onion. Its got a pretty nice suite of tools and can run a (or
many) dedicated sensor system and communicate back to a central system.
As for SSL MITM, see the recent nanog thread for a full layer 2 to layer 8
ramifications of that activity.
For ssh mitm, I don't know of any t
On Fri, Feb 13, 2015 at 6:45 PM, Rafael Possamai wrote:
> I am a huge fan of FreeBSD, but for a medium/large business I'd definitely
> use a fairly well tested security appliance like Cisco's ASA.
Or maybe Juniper, Cisco's Ironport, IPSO?
They are all FreeBSD based, big and large critical netw
On Sat, Feb 14, 2015 at 10:19 AM, Rich Kulawiec wrote:
> On Fri, Feb 13, 2015 at 03:45:30PM -0600, Rafael Possamai wrote:
> > What is the alternative then... Does he have the time to become a BSD
> guru
> > and master ipfw and pf? Probably not feasible with all other job duties,
> > unless he loc
On Sat, Feb 14, 2015 at 12:57:29PM -0600, Jimmy Hess wrote:
> By itself, a single install of Snort/Bro is not necessarily a complete
> IDS, as it cannot inspect the contents of outgoing SSL sessions, so
> there can still be Javascript/attacks against the browser, or SQL
> injection attempts encap
On Fri, Feb 13, 2015 at 12:43 PM, J. Oquendo wrote:
[...]
> For the most part
> though, this practice of half-baked security will continue,
> vendors will make bucketloads of money, consumers of IPS/IDS
> devices will still complain how much the product sucks, and
> I as a pentester... I stay hap
Things have been running well for us since about an hour after things
came back up.
-A
On Fri, Feb 13, 2015 at 10:55 AM, Warsaw LATAM Operations Group
wrote:
>
>
>> From: aa...@heyaaron.com
>> Date: Thu, 12 Feb 2015 14:13:56 -0800
>> Subject: Vancouver WA Comcast Outage?
>> To: nanog@nanog.org
>
On Sat, Feb 14, 2015 at 12:04 PM, BPNoC Group wrote:
The thing to note about ipfw, is it only provides you with essentially
5-tuple based access lists based on source and destination, as this
functions strictly by looking at packet headers.There's no
ipfw rule you can make that will tell
On Sat, 14 Feb 2015 22:21:00 +1100, Skeeve Stevens said:
> Personally, I don't think so. Sure some awesomely smart engineers designed
> this... but did they 'create' anything to do it?
I already cited legislative history that indicates that even things like
phone directories are suitable for cop
> I have a client who hosts a web facing service on the west coast of
> the United States. He has a number of customers in France who have
> been reporting connectivity issues starting about ten days ago. He has
> been hosting with us for a number of years and this appears to be the
> first time he
On Fri, Feb 13, 2015 at 10:26 PM, Skeeve Stevens <
ske...@eintellegonetworks.com> wrote:
> My views are that if artistic endeavour is involved, then it is IP.
> Architecture is certainly that... the look... but, the pipes, sewerage,
> electricity, door locks... are not. They are products, bought o
> Copyright law basically says that if there is any substantive creative input
> into a work's creation then the work is not only copyrightable, unless the
> author explicitly says different it's also copyrighted. Throw a paint filled
> balloon at a canvas and the resulting splatter is copyright
24 matches
Mail list logo
