Hi, Blake,
Thanks a lot for your comments! In-line
On Fri, 2021-06-04 at 11:13 -0500, Blake Hudson wrote:
> Current gen Cisco ASA firewalls have logic so that if the connection
> from a private host originated from a privileged source port, the
> NAT
> translation to public IP also uses an
Hi, Jean,
On Fri, 2021-06-04 at 08:36 -0400, Jean St-Laurent wrote:
> I believe all devices will translate a privileged ports, but it won't
> translate to the same number on the other side. It will translate to
> an unprivileged port. Is it what you meant or really there are some
> devices that wi
Hi, Bjørn,
On Thu, 2021-06-10 at 12:10 +0200, Bjørn Mork wrote:
> Fernando Gont via NANOG writes:
>
> > What has been reported to us is that some boxes do not translate
> > the
> > src port if it's a privileged port.
> >
> > IN such scenarios, NTP imp
Hi, Jean,
On Thu, 2021-06-10 at 06:54 -0400, Jean St-Laurent via NANOG wrote:
> Hi Fernando,
>
> NTP sounds simple but it could be very complex when you dig deep down
> and/or get lost in details.
> Here are 2 things to consider:
>
> 1. NTP clients can query NTP servers by using SRC UDP ports >
Hi, Jean,
On Thu, 2021-06-10 at 08:23 -0400, Jean St-Laurent wrote:
> Let's start with this example. When I click sync my clock in windows,
> this happened.
>
> On the inside or Private side
> 08:15:07.434344 IP 192.168.254.205.123 > 13.86.101.172.123: NTPv3,
> Client, length 48
> 08:15:07.47368
Hi, folks,
After almost 7+ years of working on this topic, our internet-draft
entitled Operational Implications of IPv6 Packets with Extension
Headers¨
(
https://datatracker.ietf.org/doc/html/draft-ietf-v6ops-ipv6-ehs-packet-drops-08
), has been approved for publication as an IETF RFC.
I beli
On Sun, 2021-06-27 at 23:19 -0400, Scott Aldrich wrote:
> Anyone have an idea how to get HE/ShadowServer,org servers to stop
> attempting to penetrate the comcast drop at my house?
>
> Their website claims altruism.. but my logs dont support that claim.
In theory (at least), your ISP asked for it
On Mon, 2021-06-28 at 13:04 -0400, Jean St-Laurent via NANOG wrote:
> What is the difference between shodan.io and shadowserver.org ?
At least in theory, for the former anyone that pays for the service (or
employs free credit) has access to the scan data, whereas for the
later, only the responsibl
8 matches
Mail list logo
