A partner had a security audit done on their site. The report said they were
at risk of a DoS due to the fact they didn't have a SPF record.
I commented to his team that the SPF idea has yet to see anything near mass
deployment and of the millions of emails leaving our environment yearly,
>
> On Mon, Oct 4, 2010 at 9:47 AM, Greg Whynott wrote:
>>
>> A partner had a security audit done on their site. The report said they
>> were at risk of a DoS due to the fact they didn't have a SPF record.
>>
>> I commented to his team that the SP
ume of spam back splatter.. 8)
over all, I'm inclined to accept your assumptions.
-g
On Oct 4, 2010, at 2:38 PM, Suresh Ramasubramanian wrote:
> On Mon, Oct 4, 2010 at 12:47 PM, Greg Whynott wrote:
>>
>> A partner had a security audit done on their site. The repo
get a VAR involved, it'll be more efficient and accurate than asking here.
things change weekly.
-g
On Oct 5, 2010, at 10:25 AM, Eric Gauthier wrote:
> Heya,
>
> I'm trying to quickly pull together some very rough
> budget numbers for purchasing a full monitoring
> system (network, server
the question of which is better, onboard vrs plug in would in part be
determined by the type (make/model) of motherboard you are speaking of. How
they have IRQs allocated (which is something you may be able to adjust), where
it is attached to the bus etc… Also, what comes with the main bo
Hi,
most of our traffic is heading directly into memory, not hitting the local
disks, on the HPC end of things. Our file servers are feeding the network
with around 24 x 10Gibit (active/active clusters), and regularly run at over
80 percent on all ports during runs.. this is all HPC /
Especially for Facebook alerts.. You are propagating a false perception
that everyone cares.
-g
On Oct 6, 2010, at 2:20 PM, christian koch wrote:
> +1
>
>
>
> On Wed, Oct 6, 2010 at 12:57 AM, Zaid Ali wrote:
>
>> I think the Outages mailing list is more appropriate for this.
>>
>>
> just because you don't want to play facebook games doesn't make a facebook
> outage any less operationally relevant than, say, an akamai or limelight
> outage.
IMO which may be way off base, when akamai goes off the air, people lose
potential sales/revenue. when facebook goes off the
its sad that the list apparently has become a sounding board for these
'operators' who think others care about their plights and opinions which have
nothing to do with L1/2/3 issues.
*i'm taking my ball and going home!*
-g
On Oct 12, 2010, at 12:44 PM, Kevin Oberman wrote:
> Pardon me, but
this has nothing to do with ports.as others have said, think of a web
server. httpd listens on tcp80 (maybe 443 too) and all the facebooker's on
earth hit that port. could be hundreds of thousands, and only one port.
Available memory and open files will be the limiting factor as to h
probably going out on a limb here, but i suspect you'll never see BGP support
in any of Cisco's firewall products. In routers which have FW bits included,
yes, but not in an ASA product.
perhaps the marketing thinking is 'if you can afford an asa 558x, you can
afford one of our fine router
off topic…
you recently converted from token ring to ethernet? i had no idea there was
still token ring networks out there, or am i living in a bubble?
-g
On Oct 31, 2010, at 9:07 PM, Paul WALL wrote:
> I don't know what the big deal is. I've rolled at least 20 of these
> switches into my
i couldn't disagree with this statement more than I do.
they could make a box do it all if they wanted to, but it does not make
business sense.
On Nov 2, 2010, at 1:42 PM, Dylan Ebner wrote:
> IMHO, I don't think this is a marketing issue for cisco. It's a design issue.
> PIX/ASA is good a
if you are using KVM (or even VMware) and you can write shell scripts, you can
do this in house.both have the ability to create VMs from the command line.
in KVM you can create a VM with a one liner.
-g
On Nov 9, 2010, at 11:17 AM, Brandon Kim wrote:
>
> Hey gents:
>
> As always I val
no copper cables 10G and FC is all you need to deploy images. 8)
-g
On Nov 9, 2010, at 11:38 AM, Holmes,David A wrote:
> We've been looking at Cisco's Unified Computing System (UCS) blade
> server, which appears to have great potential. Very fast, and eliminates
> almost all top-of-rack copper
Recently I adjusted the maxas-limit option on our router,logs started
reporting routes being refused because the AS path is to long. seems to work
as expected.
when I looked at the logs I was a bit confused at what i was looking at...
why is it there are multiple AS's in the path that
5) FLSPEED x106
[http://www.flhsi.com/files/emaillogo.jpg]
____
From: "Greg Whynott" mailto:greg.whyn...@oicr.on.ca>>
Sent: Wednesday, November 10, 2010 3:23 PM
To: "nanog@nanog.org<mailto:nanog@nanog.org> list"
mailto:nanog@nanog.org&
IPPlan does this fairly well for ipv4 space, and they have recently added ipv6.
-g
On Nov 17, 2010, at 12:22 PM, chip wrote:
> There's been lots of discussion on how we should allocate space to various
> bits of the network. What I haven't yet seen is how people are tracking
> these allocati
good for you Mike, for contributing. thanks.
-g
>>
>> Open Source world - leaching off the good will and effort of the Open Source
>> community, yet give nothing in return.
> then you would also want to grab
> the patch I posted to the bug tracker. Enjoy, I do.
>
> --
> Mike Oliver, KT2T
i was pinging a host from a windows machine and made a typo which seemed
harmless. the end result was it interpreted my input differently than what I
had intended. thinking this was a m$ issue I quickly took the opportunity to
poke fun at windows as the senior m$ admin was near by.
"look at
of
> decimal or hex.
>
> Ken Matlock
> Network Analyst
> Exempla Healthcare
> (303) 467-4671
> matlo...@exempla.org
>
>
> -Original Message-
> From: Greg Whynott [mailto:greg.whyn...@oicr.on.ca]
> Sent: Monday, November 22, 2010 12:53 PM
> To: nanog list
>
> Cooling: Raised floor vs. Underfloor
forgive me, but what is the difference between raised floor and underfloor?
>
> Ethernet: 40GE vs. 100GE
people are debating which is better? really?
>
> Optics: XFP vs. SFP+
?
some interesting choices of things to debate.. are these serious deb
>
> Excuse me. Raised floor vs. overhead.
ahh that makes much more sense, thanks Tom.
>
> I'm sure someone has an opinion…
i suspect you are correct, not sure who would elect for the slower standard,
considering they hit the streets fairly close to each other and I can't see
there being a h
i found it funny how M$ started giving away virus/security software for its OS.
it can't fix the leaky roof, so it includes a roof patch kit. (and puts about
10 companies out of business at the same time)
>>> Many Windows infections
>>> I've seen occur not due to the OS, but due to lack of
update.. hoax it appears.
http://www.itworld.com/open-source/130820/openbsdfbi-allegations-denied-named-participant
--
This message and any attachments may contain confidential and/or privileged
information for the sole use of the intended recipient. Any review or
distribution by anyone ot
Hello,
we have multiple internet connections of which one is a research network where
many medical institutions and universities are also connected to threw out the
country. This research network (ORION) also has internet access but is not
meant to be used as a primary path to the internet b
to drop traffic as described in the original
post in your opinion?
-g
On Jan 7, 2011, at 1:15 PM, John Kristoff wrote:
> On Fri, 7 Jan 2011 12:40:32 -0500
> Greg Whynott wrote:
>
>> we have multiple internet connections of which one is a research
>> network where many m
Thanks Ken,
Some good stuff there, thanks.
Since my original email, i think i've come up with a partial solution not
requiring the far end's involvement. If not, at least it would get us into
a better position to utilize the ORION network when possible. We peer over a
L2 tunnel with a
Randy your assumptions are correct, all outbounds get that slapped on them,
automagically. good thing you have read the same magic book and can counter!
8)
I don't or ever did expect anything from you, not sure why you thought i might.
do you think I should quit this organization because w
I've tried to use other vendors threw out the years for internal L2/L3. Always
Cisco for perimeter routing/firewalling.
from my personal experience, each time we took a chance and tried to use
another vendor for internal L2 needs, we would be reminded why it was a bad
choice down the road,
>>
>> Brandon
>>
>>
> Just as a pointer - one of the largest and most utilized IX (AMS-IX) has
> their platform built on Brocade devices.
>
Brocade device's pre Foundry purchase correct? I can't see anyone that large
using Foundry in large deployments..
-g
--
This message and any attachment
the pro curve line is cheap and the standard support contract price can't be
beat (life time free). For many ' normal ' deployments it would be a good
choice.in a 10Gbit HPC or highly redundant environment I'd probably be
looking at Extreme or Force 10.
There is a feature on the Cisco 65
i think it really depends on who answers your call. I've called Cisco a few
times before for inter vendor issues and they gave us the " call the other
vendor " finger. .. Other times they saved the day.
i know some shops negotiate their support contract which precludes them from
going th
#x27;m reminded that if you have a lot of Cisco on the network, the
>> rest should be cisco too, unless there is a very good technical/financial
>> reason for it, but you should be prepared to be your own help in those
>> cases.
>>
>> Vendors love to point at the oth
gt;>>> VendorX, we can't help you. You should have bought Cisco for both
>>> sides.
>>>>> I had that happen when I was troubleshooting LLDP between 3750s and
>>> Avaya
>>>>> phones, TACACS between Cisco and tac_plus daemon, link bundling
>&g
alone do not denote intelligence, if so cockroaches would rule the
world. 8)
-g
On Jan 10, 2011, at 5:32 PM, Jeff Kell wrote:
> On 1/10/2011 3:20 PM, Greg Whynott wrote:
>> HP probably was the most helpful vendor i've dealt with in relation to
>> solving/providing inte
V
- Original Message -
From: Greg Whynott
Sent: Wednesday, January 12, 2011 09:46 AM
To: 'timothy.gr...@mantech.com'
Subject: Re: Cisco Sanitization
Replace the flash cards. If you are really concerned about information being
disclosed, formatting/deleting files will not d
list, sorry for this but this is getting a little annoying. I've tried
sending Randy email without luck.. think i'm black listed by his kit, so if
someone would kindly forward this to him…
Randy,
I'm not trying to be difficult or annoy you. Please stop sending me this
email which is cons
my bad list,i'll stay on topic in the future and ensure i keep personal
messages out of here and your inbox.
bad bad greg… interesting how brain dead and un respectful i am till
sufficiently caffeinated.
On Jan 12, 2011, at 11:19 AM, Lynda wrote:
> On 1/12/2011 8:04 AM, Greg
at one shop were i considered using Juniper instead of a Cisco internet edge
router, the cost of the Juniper was so close to the Cisco it was a non
consideration.The only reason we went with Cisco that time was due to the
fact most of the other gear was Cisco, and it seemed to make more se
Following a few documents on how to use route-maps to set preference of routes
(related to my last thread regarding asymmetrical routing) all the ones I have
looked at today (about 6or so) use the below method to apply the route map
under the router section:
router bgp YOURAS#
neighbour x.x.x.x
gt; Try doing it under the 'address-family ipv4'?
>
> I've never seen any version of IOS not take it.
>
> -Original Message-
> From: Greg Whynott [mailto:greg.whyn...@oicr.on.ca]
> Sent: Friday, January 14, 2011 9:00 AM
> To: nanog@nanog.org list
> Subje
uter even accept 'neighbour' instead of ' neighbor'?
>
>
> -----Original Message-
> From: Greg Whynott [mailto:greg.whyn...@oicr.on.ca]
> Sent: Friday, January 14, 2011 9:00 AM
> To: nanog@nanog.org list
> Subject: BGP route-map options
>
> Following a
send/expect?
On Jan 18, 2011, at 2:12 PM, Brian R. Watters wrote:
> We are looking for the following solution.
>
> Honey pot that collects attacks against SSH/FTP and so on
>
> Said attacks are then sent to a master ACL on a edge Cisco router to block
> all traffic from these offenders ..
>
> Of
Hello,
Up until today we have been able to reach hosts in the
59.229.189.0/24network via AS174, Cogent, in Toronto. Now we can
not, our packets
stop at 38.112.36.101. The support team at Cogent informed me that network
isn't in the internet routing table.
I attempted to do an AS lookup on
014 at 5:26 PM, Paul Ferguson wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 3/24/2014 2:13 PM, Paul Ferguson wrote:
>
> > On 3/24/2014 1:53 PM, Christopher Morrow wrote:
> >
> >> On Mon, Mar 24, 2014 at 4:49 PM, greg whynott
> >&g
and ones who don't read posts before responding.
On Mon, Dec 17, 2012 at 8:14 AM, Randy Bush wrote:
> > Actually, I have an excellent memory also. The one thing I do NOT
> > remember is this much Sturm und Drang over any of the past changes.
>
> increase in number of people who can't resist te
Hello,
I am wanting to purchase a /22 from one of the online auction sites
(Hilco). Before we move ahead with it I wanted to check the history of
IPs within the allocation.I find many sites where you can enter 1 IP to
do a check but they don't seem to accept subnets to check.
Are you aware
Thank you everyone for the responses, I now have about 10 options to look
at due to the many replies.
greg
On Wed, Feb 17, 2016 at 1:25 PM, Bernd Spiess
wrote:
> > I find many sites where you can enter 1 IP to
> > do a check but they don't seem to accept subnets to check.
>
> Maybe this i
Team NANOG,
I will summarize once I get to looking at things. This isn't an immediate
need but with that said I expect to start on it next week. I may not
evaluate all of them but what I do try I will share.
My next challenge is finding a router that will forward on 4 x 1 gig
interfaces (2 in
Recently I have taking over the responsibility of managing about 18 remote
routers and firewalls. None of these have a console port for 'out of
band' access accessible today.
Most sites has available IPs between the ISP and us (typically a /29) or a
backup DSL connection available for use. I
n add it to our monitoring systems.
have a great day,
greg
On Tue, Mar 8, 2016 at 10:33 AM, Christopher Morrow wrote:
> for singular serial .. there are many, do you want something that's
> "appliance" or are you willing to deploy 18 raspnberry-pi-like
> thingies?
>
>
now both SGI and Apple will sue them!
sad how apple can get a patent on curved corners...
it has a nice tezro look to it. wrong color tho.
On Mon, Aug 6, 2012 at 10:40 PM, Andrew Jones wrote:
> I did manage to get my hands on it this morning (thanks Brandon!).
> I've put it up for anyone
I can confirm this, our WLC from Cisco came with a default IP setting of
1.1.1.1 for the portal.
-g
On Jun 14, 2010, at 2:48 PM, Jens Link wrote:
> Tom writes:
>
>> DHCPACK from 1.2.1.3
>>
>> Perhaps someone should mention this to the hotel? :)
>
> I've senn DHCPACK from 1.1.1.1 I was
Haven't seen these same issues either, but have seen others..
We use HP 8212's here to connect our storage and hpc devices. each 8212 has
about 20 or more 10Gbit connections. Everyone is happy with them from an
availability and performance perspective. Two things which I noticed, 1.
Und
they may require a deposit before you load their web site..
-g
-Original Message-
From: Seth Mattinen [mailto:se...@rollernet.us]
Sent: Thursday, June 17, 2010 2:07 PM
To: nanog@nanog.org
Subject: Re: Advice regarding Cisco/Juniper/HP
On 6/17/2010 11:01, Sandone, Nick wrote:
> I would
depending on your vendor equipment you'll need an ACL or a route map to define
the traffic you wish to Nat and apply it to the 'nat engine'.
if you are doing this on cisco ASA or similar it might look something like this:
-define the interesting traffic with an ACL:
access-list 110 permit ip
On Jun 30, 2010, at 12:07 PM, George Bonser wrote:
> if I want to
> know which vlans a port is in, you look at the port config and there it
> is. Other gear you need to look through each vlan configuration and
> note which vlans the port appears in and hope you don't overlook one.
or become fam
On Jun 30, 2010, at 4:50 PM, Ricky Beam wrote:
> Personally, I prefer a bit of both.
same here. both have some things which I don't agree with. prime example
again is adding more than X vlans to an interface, why the "add"?
interface TenGigabitEthernet5/5
switchport trunk allowed vlan 2
>>
>
> They are all software based, no matter who builds them. Cisco IOS,
> Juniper JunOS, etc.
controlling hardware asic's and fpga's.
-g
Cisco has VSS (on 6500 class) and H3C has IRF; allowing you to virtualize 2
or more physical switches/routers in an active/active configuration where you
can use all links and terminate LACP aggregates between the two devices. Is
anyone using this or similar technology from another vendor?
it works, i see folks creating networks of hosts under ESXi protected by an
ASA instance.. not for production.I'm sure its not legal but Cisco doesn't
seem to have a strong stand on it, I'd think as long as you are using it for
educational use and not commercial, they may not care a whole
GNS is just a front end for dynamips/qemu. ASA will run under qemu without
the use of extra wrappers/tools. it will run natively under vmware too. ASA
is basically an application running above a linux kernel. I forget what the
internal name is, lisa or similar…
-g
On Aug 4, 2010, at 1
I am fairly sure Squid has the concept of bandwidth pools which you can apply
via ACLs within the squid conf.
That may meet your proxy requirements but would not help with traffic not being
proxied.
Squid will also allow you to define access to the inet based on ACLs which can
use various thi
how does ARIN or whomever deal with similar situations where someone is
advertising un-allocated, un-assigned by ARIN IP space in NA? do they have a
deal/agreement with the 'backbone' providers?
-g
>>
>
> 6.ARIN receives a fraud/abuse complaint that A's space is being used by B.
>
>
>
> I would consider a transit provider who subverted an ARIN revocation to be
> disreputable, and seek other sources of transit.
easy to say, but the reality is you may chose not to do so due to logistical,
monetary or management/boss reasons which trumps your constitutionally
balanced
puck.nether.net]
Sent: Friday, August 13, 2010 5:00 PM
To: Greg Whynott
Cc: Nathan Eisenberg; nanog@nanog.org
Subject: Re: Lightly used IP addresses
I know of several large providers that would stop routing such "rogue" space.
Any provider that isn't prepared to deal with such a possib
I set up an OS X server which hosts updates for the rest of the company, so
the OS X client machines poll/pull updates from the internal machine as opposed
to 100 of them pulling the same updates over the internet. saves bucket loads
of bandwidth and you can "pre ok" individual packages, so
t update issues.
-g
On Aug 18, 2010, at 3:07 PM, JoeSox wrote:
> Interesting.
> Do you have to configure the iPhone devices or just use its standard settings?
>
> --
> Thanks, Joe
>
>
> On Wed, Aug 18, 2010 at 12:03 PM, Greg Whynott
> wrote:
>> I set up an
probably an odd question …
we have been assigned a few large blocks of IPs, and while configuring BGP i
got to wondering what these block's history might be. who had them in the
past,etc..
is there a publicly accessible db or similar which tracks that type of
information, or is that li
; isn't."
> Radia Perlman
> Please consider the environment before printing e-mail
>
> -Original Message-
> From: Greg Whynott [mailto:greg.whyn...@oicr.on.ca]
> Sent: Tuesday, September 14, 2010 2:52 PM
> To: nanog@nanog.org list
> Subject
; the past, and from where.
>
> google and rbl lists are also worth querying in that context.
>
> joel
>
> On 9/14/10 1:51 PM, Greg Whynott wrote:
>> probably an odd question …
>>
>> we have been assigned a few large blocks of IPs, and while configuring BGP
&
productivity in NA just sky rocketed!
-g
On Sep 23, 2010, at 3:39 PM, Ernie Rubi wrote:
> Anyone else having trouble? We're colo'ed at the NOTA in Miami and directly
> peer with them - even though our session hasn't gone down we still can't
> reach them.
>
> Ernesto M. Rubi
> Sr. Network Eng
that is so sad makes me very angry reading this.
-g
From: na...@wbsconnect.com [na...@wbsconnect.com]
Sent: Monday, August 31, 2009 5:35 PM
To: nanog@nanog.org
Subject: Beware: a very bad precedent set
http://finance.yahoo.com/news/Louis-Vuitton-Awa
I'd think SNMP will be what any product uses to query APC gear, even their own
suite uses SNMP to collect information and receive traps.
We use cacti to graph our loads on the APC power bars and UPS gear, gives you
everything you need on all phases/legs, was there something in particular you
w
Hello,
We received a /21 from ARIN a year or so ago which we have been using. At the
time I noticed Bell was advertising a longer CIDR which included ours. I
contacted Bell, they said it would be corrected, multiple times.
Who I might contact to have this resolved?
Thanks for your time,
I will likely never buy or recommend Foundry equipment again. In a previous
gig, a HPC enviorment, they caused us many problems, support was horrible,
and thier 10Gbit kit was the pits when it was first released (no idea how it is
now or what they offer, its been 5 years since. burnt onc
We use confidence inspiring names here for our devices, shakey, broken,
jitter, crusty
G
- Original Message -
From: Adcock, Matt [HISNA]
To: Ravi Pina ; Randy Bush
Cc: nanog@nanog.org
Sent: Mon Mar 15 09:10:40 2010
Subject: RE: Network Naming Conventions
I've used a Jimm
ours is a small network, so is ok to have fun. 8)
we do use CNAMES to provide useful information(and make managers happy).. and
name servers after the service the provide, eg ldap1.auth.mgt
here is an example:
gwhyn...@ops:~$ host rma.mgt
rma.mgt.oicr.on.ca is an alias for RiserRoom5a.hp821
Extreme 650, but not sure of the gre in hardware req. These are awesome
switches, bgp support, VSS like clustering, and many other nice features.
G
- Original Message -
From: Łukasz Bromirski [mailto:luk...@bromirski.net]
Sent: Sunday, February 20, 2011 10:04 AM
To: nanog@nanog.or
Sorry, its not operationally related but probably of interest to a few.
I cant' believe its been that long, time flys. RFC 114!
http://www.bit-tech.net/news/hardware/2011/04/15/ftp-is-40-years-old/
--
This message and any attachments may contain confidential and/or privileged
informati
On May 12, 2011, at 6:30 AM,
wrote:
> er…
> d I would appreciate it if they
> would at least notify me ahead of time if they want to futz around
> with prefixes that are not registered to them.
er…. isn't that exactly what they just did, notified you ahead of time? the
test starts on the
On May 12, 2011, at 12:38 PM, Stefan Bethke wrote:
> Am 12.05.2011 um 18:02 schrieb Greg Whynott:
>
>> helps to read before you jump!
>
> I think he might be referring to the fact that the prefix supposedly used to
> conduct the test is his, not Georgia Tech's.
>
83 matches
Mail list logo
