The short answer is you can't. ARIN only cares about /24s or bigger. If the
network were a /24 or larger, then your customer would need to get an ASN
(autonomous system number) and then you could register the network to them.
More info here: https://www.arin.net
--Patrick Darden
-Origi
Watch out for licensing gotchyas.
In active/active ClusterXL situations (load sharing multicast mode) be
careful of multicast--make sure any traversed switches and routers are
compatible with Ethernet Multicast (make sure they don't partition ports
due to high broadcast traffic). Active/Active cl
nmap has some modes that are useful for this:
nmap -sX network#christmas treepackets are sent, nastygram,
kamikaze, should light up any IPS
nmap -sS network#stealth syn scan, should light up any good IPS
nmap -O network #OS scan, should light up any sensit
Seriously.
--p
-Original Message-
From: Aled Morris [mailto:al...@qix.co.uk]
I'd treat this as the first of their pen tests - a social engineering
attack to obtain secret information about the network, and refuse.
Aled
I'm with Barry--a network diagram showing everything from the pov of the pen
team should be part of the end report.
--p
-Original Message-
From: Barry Greene [mailto:bgre...@senki.org]
Hi Tim,
A _good_ pen test team would not need a network diagram. Their first round of
penetration t
Could a Google Op get in touch with me off-list please? I have a fairly
stupid situation
--p
Athens GA, tried to call in a ticket (Metro Ethernet) and was told a
master ticket was already in place for my circuits. Other than the
ticket # they wouldn't give me any details. Anybody know anything?
--p
I noticed this as well around 11:50 eastern.
--Patrick Darden
-Original Message-
From: Maria Iano [mailto:ma...@iano.org]
Sent: Thursday, May 21, 2009 11:56 AM
To: nanog@nanog.org
Subject: facebook DNS
It looks like facebook is having DNS troubles. The www.facebook.com
subdomain is de
es special algorithms to speed it up.
--p
-Original Message-
From: devang patel [mailto:[EMAIL PROTECTED]
Sent: Friday, November 14, 2008 10:52 AM
To: Darden, Patrick S.
Cc: nanog@nanog.org
Subject: Re: OSPF with Multiple ABR & ASBR
Sorry about that!!!
1. Do these remote areas
You can do it multiple ways:
1. old fashioned hunt groups for multiple analog lines.
2. getting a PRI with one outward facing number.
3. talk to your local Bell about what would best suit your needs (digital
calls? 56K? 64k? 128K? ISDN? Analog? dialout capability, or just dialin?
etc.
My first thought for this was: route filtering. My second thought
was: use different AS#s. Then I reread your question and thought
of something far simpler.
It seems to me if you are migrating from provider A to provider B
then you should set everything up for B, then shut down the
interface
I don't think you will have any troubles with industry standard hardware for
the rates you are quoting. When you get in excess of 300Mbps you have to
start worrying about PPS. When you are looking at >600Mbps then you
should pick out your system more carefully (tcpoe nics, pcie(X), cpu
at over
I think your next step is your lawyer. Put all your missives, your
email, your phone conversations, your logs, your auditing results, your
detection troubleshooting and sleuthing trails etc. in a folder, create
a one page summary including any damages you feel might have been caused
(e.g. time, e
I'm not aware of any hard rules regarding this. I'll include yours below:
--packet fragmentation due to inconsistent MTUs and/or bandwidth (e.g. moving
from ATM at 150Mbps to a fractional DS3 at 3.088Mbps)
--ttl changes from hop to hop
--dest ip changes from hop to hop
--PAT/NAT changes in last
I cannot reproduce this.
--Patrick Darden
-Original Message-
From: Adam Fields [mailto:[EMAIL PROTECTED]
Sent: Friday, June 06, 2008 3:19 PM
To: Lasher, Donn
Cc: nanog@nanog.org
Subject: Re: OT: www.Amazon.com down?
On Fri, Jun 06, 2008 at 11:24:18AM -0700, Lasher, Donn wrote:
> Checke
Hi all,
Does anyone know of an easy way to scan for issues with path mtu discovery
along a hop path? E.g. if you think someone is ICMP black-holing along a
route, or even on the endpoint host, could you use some obscure nmap flag to
find out for sure, and also to identify the offending hop/r
I have one of these (Imagestream T3 WAN adapter on an Imagestream router) for
5+ years to back up my Cisco 7204 with a channelized T3 card. I like the
system, I like the card.
The other engineers in my office call it the "bling router". Lots of gold
chrome. Pimped out.
--Patrick Darden
--
Yes. 1918 (10/8, 172.16/12, 192.168/16), D, E, reflective (outgoing
mirroring), and as always individual discretion.
--Patrick Darden
-Original Message-
From: Leo Bicknell [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 06, 2008 9:10 AM
To: nanog@nanog.org
Subject: Is it time to aba
st private networks start at the bottom and work up: 192.168.0.X++,
10.0.0.X++, etc. This makes
any internetworking (ptp, vpn, etc.) ridiculously difficult. I've seen
a lot of hack jobs
using NAT to get around this. Ugly.
--Patrick Darden
-Original Message-----
From: Darden, Patrick S.
it to
work this way (imho).
--p
-Original Message-
From: Joel Jaeggli [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 06, 2008 11:21 AM
To: Darden, Patrick S.
Cc: nanog@nanog.org
Subject: Re: was bogon filters, now "Brief Segue on 1918"
Darden, Patrick S. wrote:
>*r
12:36 PM
To: Darden, Patrick S.
Cc: nanog@nanog.org
Subject: Re: was bogon filters, now "Brief Segue on 1918"
Darden, Patrick S. wrote:
> Most organizations that would be doing this would not randomly pick out
> subnets, if I understand you. They would randomly pick out a subne
Actually, rereading this, I agree. My experience is large companies take it
all, using huge swathes inefficiently, instead of doing it right. In my
previous post I was answering the question I thought you were asking, not your
real question.
I agree with you both.
I think that RFC1918 Could
1. DOS of Cymru (as noted below).
2. False Positives. Your network is suddenly stranded. Maybe on purpose.
(DOS of a network, e.g. China or Youtube).
3. False Negatives. A bogus network is suddenly centrally rubber-stamped.
Could happen. We've seen a lot of shenanigans with the domain
r
al Message-
From: Joel Jaeggli [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 06, 2008 1:31 PM
To: Darden, Patrick S.
Cc: nanog@nanog.org
Subject: Re: was bogon filters, now "Brief Segue on 1918"
That's comical thanks. come back when you've done it.
//Ok.
Marshall is correct.
Hi Jay,
Jay Ashworth:
> Sure. And he's not always right either; none of us are.
> But he gave cogent arguments to support his point, and you gave us
He gave good arguments. You, however, did not.
> None of which amounts to "wants to hurt people", which is what you
>accused him of.
I was out
Joe makes some good points here. I'd have to add one caveat though:
it depends.
It depends on the server. Busy email servers definitely depend on
having fast DNS, and benefit *greatly* from a caching DNS server using
local sockets instead. Web servers generally don't. Centralized
logging serv
I think Colin just said everything I said, but in 1/10'th the words.
And he posted before me. Drats.
--Patrick Darden
-Original Message-
From: Colin Alston [mailto:[EMAIL PROTECTED]
Sent: Monday, August 11, 2008 8:38 AM
To: Joe Greco
Cc: [EMAIL PROTECTED]
Subject: Re: maybe a dumb idea
1. I think ARP is effectively a ping for a mac. It verifies connectivity on
level 2 between two hosts. You have to be on the same segment though
To make it work, you would have to know the mac address of the remote host,
clear the arp table the local host, then send the ARP request out.
Somebody's going to bring in Emacs now. Then somebody else will claim VI can
do it faster and using less memory
Argh. ;-)
--p
-Original Message-
From: Joe Greco [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 27, 2008 1:29 PM
To: [EMAIL PROTECTED]
Cc: nanog@nanog.org
Subject: Re
Check your ARP tables, local and on intervening switches/routers. Make sure
there are no duplicate entries for that IP. If you note the response time, the
second packet is always higher which might be indicative. I would also check
for a botched MITM a la C&A.
Even if there is no obvious AR
Or his DSL is set to bridging.
--p
-Original Message-
From: Nathan Ward [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 16, 2008 12:47 AM
To: nanog list
Subject: Re: confusing packet data
On 16/09/2008, at 4:43 PM, Hank Nussbacher wrote:
> Are you running Skype? Have you become a s
It's been up and down since maybe 11am eastern. We have a ticket in
with them, but no response as of yet.
--Patrick Darden
Athens Regional Medical Center
-Original Message-
From: Raleigh Apple [mailto:rap...@rapidlink.com]
Sent: Tuesday, February 09, 2010 3:14 PM
To: nanog@nanog.org
There's not that much overhead--your certs should be ok. TCP for SQL would
just make sense. I personally wouldn't want to do what you are contemplating.
Here's some stuff to think about:
1. your modems will not be able to do compression. You can't easily compress
random data (e.g. encrypt
33 matches
Mail list logo
