Re: Routing Insecurity (Re: BGP in the Washington Post)

On 2 Jun 2015, at 11:07, Mark Andrews wrote: If you have secure BGP deployed then you could extend the authenication to securely authenticate source addresses you emit and automate BCP38 filter generation and then you wouldn't have to worry about DNS, NTP, CHARGEN etc. reflecting spoofed traff

Re: Routing Insecurity (Re: BGP in the Washington Post)

> the possibility of building a true 'Internet kill switch' with effects far > beyond what various governmental bodies have managed to do so far in the DNS > space. > Could you elaborate ? I don't see how it could be worse. Comparing with DNS is not relevant IMHO. Everyone is managing its own rou

Re: Routing Insecurity (Re: BGP in the Washington Post)

On 2 Jun 2015, at 15:46, Denis Fondras wrote: Everyone is managing its own routing policy, not everyone is managing its own DNS root. Everyone CAN manage his own DNS root; everyone CAN use /etc/hosts; everyone CAN switch to an altogether different name resolution such as PNRP. Everyone CA

Re: AWS Elastic IP architecture

> On Jun 1, 2015, at 4:30 PM, Christopher Morrow > wrote: > > On Mon, Jun 1, 2015 at 3:06 AM, Owen DeLong > wrote: >> >>> On May 31, 2015, at 7:46 PM, Christopher Morrow >>> wrote: >>> >>> On Sun, May 31, 2015 at 9:07 PM, Owen DeLong wrote: As I said before: >

Re: AWS Elastic IP architecture

> On Jun 1, 2015, at 6:49 PM, Matthew Kaufman wrote: > > On 6/1/2015 12:06 AM, Owen DeLong wrote: >> ... Here’s the thing… In order to land IPv6 services without IPv6 support on >> the VM, you’re creating an environment where... > > Let's hypothetically say that it is much easier for the cloud

Re: WiFi courses/vendors recommendation

On Mon, Jun 1, 2015 at 8:23 PM, Hugo Slabbert wrote: > Doubt how much PoE you'd use for the MetroWifi stuff, but for the > "small/medium events Wifi coverage": > > Ubiquiti Networks. >>> >>> Its cheap and it works great. Support sucks though. >>> >> > Just watch it here if you're expecting to pl

Re: AWS Elastic IP architecture

> On Jun 2, 2015, at 5:49 AM, Matthew Kaufman wrote: > > On 6/1/2015 6:32 PM, Mark Andrews wrote: >> In message >> >> , Christopher Morrow writes: >>> On Mon, Jun 1, 2015 at 9:02 PM, Ca By wrote: On Monday, June 1, 2015, Mark Andrews wrote: > > In message > > , Ch

Re: AWS Elastic IP architecture

On 6/1/15 10:12 PM, Mark Andrews wrote: In message <556d35df.8080...@matthew.at>, Matthew Kaufman writes: On 6/1/2015 6:32 PM, Mark Andrews wrote: In message com , Christopher Morrow writes: On Mon, Jun 1, 2015 at 9:02 PM, Ca By wrote: On Monday, June 1, 2015, Mark Andrews wrote: In mess

Re: AWS Elastic IP architecture

On 6/2/15 2:35 AM, Owen DeLong wrote: On Jun 2, 2015, at 5:49 AM, Matthew Kaufman wrote: On 6/1/2015 6:32 PM, Mark Andrews wrote: In message , Christopher Morrow writes: On Mon, Jun 1, 2015 at 9:02 PM, Ca By wrote: On Monday, June 1, 2015, Mark Andrews wrote: In message , Christopher Mo

Re: Routing Insecurity (Re: BGP in the Washington Post)

Thus spake Roland Dobbins (rdobb...@arbor.net) on Tue, Jun 02, 2015 at 03:05:13PM +0700: > > On 2 Jun 2015, at 11:07, Mark Andrews wrote: > > >If you have secure BGP deployed then you could extend the authenication > >to securely authenticate source addresses you emit and automate > >BCP38 filte

Password Decryption Methods?

All: I have a video camera that I need to recover the password. I have a password hash that is stored in a database, but any online decryption sites are not working. Can someone push me in the right direction on where I go from here? Thanks, Lorell

Re: AWS Elastic IP architecture

Tell me how do you plan find printer in /64 subnet, scan it? On 02.06.2015 18:08, Matthew Kaufman wrote: > > I can't run my laser printer without a firewall in front of it, and I > can't even guess how secure the controller in the septic system pump box > might be... so I don't risk it. And I *kn

Re: Password Decryption Methods?

Need to recover the *actual* password because of forensic reasons? .. if it's just for usability then 100% of the units I've encountered have some reset routine that wipes the defaults and resets to admin:admin (or whatever). If it was forensics it'd probably be faster to just image the flash ch

Re: AWS Elastic IP architecture

On Tue, Jun 02, 2015 at 07:21:12PM +0300, Nikolay Shopik wrote: > Tell me how do you plan find printer in /64 subnet, scan it? > > On 02.06.2015 18:08, Matthew Kaufman wrote: > > > > I can't run my laser printer without a firewall in front of it, and I > > can't even guess how secure the controll

Re: AWS Elastic IP architecture

Ah, the "IPv6 subnets are so big you can't find the hosts" myth. Let's see... to find which hosts are active in IPv6 I can: - run a popular web service that people connect to, revealing their addresses - run a DNS server that lots of folks directly use (see Google) - use the back door login your r

Re: AWS Elastic IP architecture

Matthew, Good list - Windows doesn't run non-privacy addresses, so it won't work next time. - If you could guess address of router props to you - Before using SNMP you still need device address. - If you can install software on remote PC, when you probably have same result in IPv4 world. - If you

Any routing issues with TWT in Seattle today?

Hey folks, Just wondering if anyone is seeing any issues with TWT routing this morning around Seattle. We've seen a few routing problems and connection issues which appear to be related to this. -AA

MaxMind contact

Hi there, Sorry for the noise. Is there anyone from MaxMind on here? I would appreciate it if anyone on, or off-list can provide any contact details Thanks in advance, Alejandro Acosta,

Re: Password Decryption Methods?

On Jun 2, 2015, at 9:23 AM, Michael O Holstein wrote: > If you can share the other details (make, model, firmware revision, processor > type, etc.) .. whatever you know and can share) .. it would be more helpful. > Also, how'd you get the hash? .. from a config file backup or from another > de

FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation

Hello, Nanog! I'm very pleased to present my open source DoS/DDoS attack monitoring toolkit here! We have spent about 10 months for development of FastNetMon and could present huge feature list now! :) Stop! What is FastNetMon? It's really very fast toolkit which could find attacked host in you

Re: BGP Multihoming 2 providers full or partial?

but I don't do email like that why is it hard to read? it's really hard to read email this way. because it's out of order umm, ok. I fixed it for you - You've obviously never been hounded by sales folks scraping this list that believe they should never

Re: AWS Elastic IP architecture

In message <556dc6fd.7040...@matthew.at>, Matthew Kaufman writes: > > On 6/1/15 10:12 PM, Mark Andrews wrote: > > In message <556d35df.8080...@matthew.at>, Matthew Kaufman writes: > >> On 6/1/2015 6:32 PM, Mark Andrews wrote: > >>> In message > >>> >> com > , Christopher Morrow writes: > >

Re: BGP in the Washngton Post

In message <556c8ebc.7080...@netassist.ua>, Max Tulyev writes: > Is there *IN THEIORY* any possibility to make BGP secure enough now? > > Yes, RPKI protects from fat fingered people, but NOT protects from > people doing hijacks knowlingly. At the moment because not enough of the net is covered.

Re: WiFi courses/vendors recommendation

With respect to vendor neutral training I would suggest starting with CWNP @ www.cwnp.com. They specialize in providing vendor-neutral Wi-Fi training and certification. Instructor led training is available via certified training partners. In addition, there are study guides available for purcha

Re: WiFi courses/vendors recommendation

If he's wanting to make a "metro/muni/variousterm" "wireless" network though, he's very likely not going to be using "Wi-Fi" at all. Sure, many of the products may have a WiFi PHY layer, but for outdoor PtMP environments you're talking TDMA, not CSMA. He would be better served by some RF Engin

Re: BGP Multihoming 2 providers full or partial?

I wouldn't call that product marketing. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com - Original Message - From: "Scott Weeks" To: nanog@nanog.org Sent: Tuesday, June 2, 2015 6:00:38 PM Subject: Re: BGP Multihoming 2 providers full or partial? b

Re: Routing Insecurity (Re: BGP in the Washington Post)

The same folks also followed up that workshop paper with a longer paper on the topic: https://www.cs.bu.edu/~goldbe/papers/sigRPKI.pdf On Tue, Jun 2, 2015 at 8:16 AM Dale W. Carder wrote: > Thus spake Roland Dobbins (rdobb...@arbor.net) on Tue, Jun 02, 2015 at > 03:05:13PM +0700: > > > > On 2 Ju

Re: Routing Insecurity (Re: BGP in the Washington Post)

In message <20150602151233.ga29...@doit-2nw1mrfy-x.doit.wisc.edu>, "Dale W. Car der" writes: > Thus spake Roland Dobbins (rdobb...@arbor.net) on Tue, Jun 02, 2015 at 03:05: > 13PM +0700: > > > > On 2 Jun 2015, at 11:07, Mark Andrews wrote: > > > > >If you have secure BGP deployed then you could

Re: BGP in the Washngton Post

> Yes, RPKI protects from fat fingered people, but NOT protects from > people doing hijacks knowingly. the rpki protects from fat fingers as well as the telephone white pages protects from wrong number dialing. it doesn't. for the 312th time (i had to make this clear once again from the floor of

Re: Password Decryption Methods?

Grab the firmware and run it through BinWalk. Your should be able to pull out the firmware and see what it does to the password before storing it. On 2 Jun 2015 22:03, "Landon Stewart" wrote: On Jun 2, 2015, at 9:23 AM, Michael O Holstein wrote: > If you can share the other details (make, model,

Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation

Thank you for interest! Feel free to ask me about anything! Feature requests very appreciate! On Wed, Jun 3, 2015 at 9:31 AM, Johan Kooijman wrote: > Interesting project, Pavel. I'll most certainly give this a trial run. > > On Tue, Jun 2, 2015 at 10:16 PM, Pavel Odintsov > wrote: >> >> Hello, N