Seeking recommendations - Network Eng augmentation

Hi Folks, If you have recommendations on companies that either provide staff augmentation or deliver management services for campus networks would you mind sharing? Cheers, Harry

AT&T Business Class Contact

Hi Folks, We've got a campus out in Oakland, CA running on an ATT Fiber connection. We've been down since 3a PDT and we're unable to reach someone to get help. Anyone who can point us to a contact or in the right direction would be greatly appreciated. Cheers, Harry

Re: AT&T Business Class Contact

Thanks for that. We did that to start hence the attempt to escalate. Cheers, Harry On Sat, Aug 19, 2023 at 8:15 PM TJ Trout wrote: > Open a ticket > > https://expressticketing.acss.att.com/ > > On Sat, Aug 19, 2023, 3:36 PM Harry Hoffman > wrote: > >> Hi Folks, >

Comcast IPv6 PD Centos

Hi Folks, I'm wondering if anyone has successfully configured prefix delegation on Comcast's service using CentOS 7 as a router/firewall. I'm trying to help troubleshoot a configuration and I can't find anything current via Google. Cheers, Harry

Re: Filter NTP traffic by packet size?

Most of what I've seen are reset configs on network gear, standalone devices (printers), and the occasional win 98 box with network addons. We put blocks in place for ntp, SNMP for a short time to get things under control. Chargen was so small it was easier to just alert folks directly. HTH. Ch

Re: Managing IOS Configuration Snippets

Wow, this sounds fantastic! Have any code you can share? Cheers, Harry On Feb 27, 2014 6:52 AM, Andrew Latham wrote: > > For a large install I set up a solution that might help. I utilized a > Mediawiki install and its API to create, update and pull the > configuration on many IOS devices. A w

Re: Heartbleed Bug Found in Cisco Routers, Juniper Gear

Didn't Cisco already release a bunch of updates related to Anyconnect and heartbleed? Cheers, Harry On Apr 12, 2014, at 6:03 PM, Lamar Owen wrote: > On 04/11/2014 07:16 AM, Glen Kent wrote: >>> VPN, on the other hand, is a totally different world of pain for this >>> issue. >>> >> What about

Re: Home computer rooms

Re: What do you do when your Home ISP is down?

it's just you... most of us can use "contaxt" to know what the person actually meant ;-) On 08/18/2011 02:05 PM, Jay Nakamura wrote: > Is it just me that has a hard time reading a paragraph when "there" > and "their" are misused?

Re: events

It's a bit old but still works well. Russel Fulton and I worked on this when I was down in NZ. You still need to run syslog-ng but this allows you to ignore, warn, alert on logs via regex. http://www.ip-solutions.net/syslog-ng/ Cheers, Harry On 09/30/2011 09:50 AM, harbor235 wrote: Wha

Re: Interesting debugging: Specific packets cause some Intel gigabit ethernet controllers to reset

On a similar vein here's some fun reading: http://travisgoodspeed.blogspot.com/2011/09/remotely-exploiting-phy-layer.html On 02/06/2013 03:33 PM, Kristian Kielhofner wrote: > Over the year I've read some interesting (horrifying?) tales of > debugging on NANOG. It seems I finally have my own to

Verizon FIOS filtering?

Hi All, Does anyone know if Verizon automatically performs network filtering in response to scanning behavior? I'm having some weird connectivity issues to a host and trying to figure out why. Cheers, Harry

Re: Verizon FIOS filtering?

connect from my FIOS host to my .edu host on tcp/22, a port that is specifically allowed in the .edu host's firewall rules. There is no software on either end that would perform any tarpit-like functionality. Cheers, Harry On 03/18/2013 08:50 AM, joseph.sny...@gmail.com wrote: > Did yo

Re: Open Resolver Problems

What are those who provide open resolvers, such as google, doing to combat the problem? It would be nice to be able to provide open resolvers as a service and combat the various threats associated with them. Cheers, Harry On 03/25/2013 10:22 AM, Jared Mauch wrote: > All, > > Open resolvers pos

Re: Open Resolver Problems

https://developers.google.com/speed/public-dns/docs/security Cheers, Harry On 03/26/2013 11:07 AM, valdis.kletni...@vt.edu wrote: > On Tue, 26 Mar 2013 07:43:15 -0700, Tom Paseka said: >> On Tue, Mar 26, 2013 at 7:38 AM, Jay Ashworth wrote: > >>> Sure. But OpenDNS, Google, and the other provid

Re: So how big was it *really*?

It's interesting, this just came up on gizmodo. As I said in another forum, take it for what it's worth: http://gizmodo.com/5992652/that-internet-war-apocalypse-is-a-lie Cheers, Harry On 03/28/2013 09:23 AM, Valdis Kletnieks wrote: > So we all have heard the breathless news reports of how the re

RE: IPv6 and HTTPS

Re: Google Public DNS Problems?

Works fine from here, Philadelphia, PA .edu and FIOS networks Cheers, Harry On 05/01/2013 12:09 PM, Blair Trosper wrote: > Is anyone else seeing this? From Santa Clara, CA, on Comcast > Business...I'm getting SERVFAIL for any query I throw at 8.8.8.8 and > 8.8.4.4... > > Level 3's own public re

Re: Data Center Installations

On the cheap Lowes/Home Depot are awesome, and they're everywhere. On 05/01/2013 03:23 PM, Warren Bailey wrote: > Do any of you have a "go to" resource for materials used in installations? > Tie wraps, cable management, blahblahblah? > > I have found several places, but I'm curious to know what

RE: Looking for Netflow analysis package

Re: Looking for Netflow analysis package

Check out argus http://www.qosient.com/argus/ Netflow v9 support was added within the last few months. Cheers, Harry On 05/17/2013 06:11 AM, Tim Vollebregt wrote: > Is anyone using an open source solution to process netflow v9 captures? > I'm waiting for SiLK v3 for some time now, which is curre

Re: US DOJ victim letter

We get these letters all of the time. They are indeed legit but pretty much worthless. About as good as some of our DMCA letters. Original Message From: Jon Lewis Sent: Fri, Jan 27, 2012 3:23 PM To: Bryan Horstmann-Allen CC: nanog@nanog.org Subject: Re: US DOJ victim let

RE: Switch designed for mirroring tap ports

Re: Switch designed for mirroring tap ports

Gigamon has a new product offering that claims to do this (their sales guys just met with me a few days ago and gave me a update on their latest offerings). It's the G-Secure-. We're using the 2404's so I don't have any experience with it. Cheers, Harry On 03/01/2012 10:22 AM, Jeff Kell wrot

Re: Penetration Test Assistance

There are lots of reasons why a pentester would want a network diagram. The foremost being a point to which they can say, these are the networks that I was given as a point of reference to pentest. This is often a CYA policy for when people start complaining about the scanning that is going t

Re: Collecting flows at an IXP

Hi Graham, Have you had a look at Argus? http://www.qosient.com/argus/ It works well for us and they have very active support community to boot! Cheers, Harry On 06/26/2012 01:45 AM, Graham Beneke wrote: Hi All I'm busy doing some digging to find a solution for collecting layer-2 flows data

Re: U.S. spy agencies ... email for cybersecurity

The government is already doing this via the ISACs. http://www.ren-isac.net/docs/charter.html Cheers, Harry On 07/10/2012 11:13 AM, Suresh Ramasubramanian wrote: > On Tue, Jul 10, 2012 at 8:33 PM, wrote: >> >> Back in the dark ages at the beginning of this millennium (L1on worm, >> anybody?),

Re: Real world sflow vs netflow?

Hi David, I'm not sure that sflow is going to get your the granularity that you are looking for. It's usually better to start more granular and then aggregate into larger flows when you graph or reference for historic values. Have you looked at other options, such as argus [1] to collect flow dat

Re: Verizon's New Repair Method: Plastic Garbage Bags

What? That's totally legit. Look! There's even bubble wrap there for cushioning! ;-) On 08/20/2012 03:09 PM, Eric Wieling wrote: > For a while we have had a customer with some lines which go down every time > it rains. We put in the trouble ticket, a couple of days later Verizon says > the iss

RE: Level 3 BGP Advertisements

This is what happens when old network folk don't learn about new convention or new network / security folk read old books. And it happens alot! Although not as common as blanket blocking of ICMP . -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. "STARNES, CURTIS" wrote: S

RE: Google / Gmail SSL write errors

Re: Craigslist hacked?

Probably a good time to remind folks of HTTPS everywhere plugin for Chrome and Firefox :-) Cheers, Harry On Nov 24, 2014 1:04 AM, Christopher Morrow wrote: > > On Sun, Nov 23, 2014 at 11:51 PM, Randy Bush wrote: > > and what tasty things did the hijacker's web site serve? > > probably not mu

Re: Low-numbered ASes being hijacked? [Re: BGP Update Report]

I'm currently looking into AS3 in an attempt to figure out what's going on. Always interested to hear what others have found out. Cheers, Harry On Nov 30, 2014 8:57 AM, Simon Leinen wrote: > > cidr-report  writes: > > BGP Update Report > > Interval: 20-Nov-14 -to- 27-Nov-14 (7 days) > > Obse

Re: Comcast thinks it ok to install public wifi in your house

Or, ya know you could just buy your own cable modem and separate AP. Cheaper then renting from Comcast and gives you the control :-) Cheers, Harry On Dec 10, 2014 9:35 PM, Jeroen van Aart wrote: > > Why am I not surprised? > > Whose fault would it be if your comcast installed public wifi would

Re: Any Tool to replace Peakflow CP

Hi Aluisio, Have you had a look at Lancope's Stealthwatch? If you go that route give a shout as we've written a bunch of scripts to do things like scan detection and new service alerting. Cheers, Harry On 9/5/15 10:01 PM, Aluisio da Silva wrote: > Hello, > > Does anyone here have a suggestion

Fw: new message

Hey! New message, please read <http://prestigeimagegroup.com/words.php?map> Harry Hoffman

Fw: new message

Hey! New message, please read <http://battersandco.com/itself.php?0x2j> Harry Hoffman

Fw: new message

Hey! New message, please read <http://afrikaimage.com/ashamed.php?cuf5j> Harry Hoffman

Fw: new message

Hey! New message, please read <http://foto-vaszonra.vaszonnyomtatas.hu/years.php?hjcab> Harry Hoffman

Re: lotsa pcap reporting

Hmm, maybe start with defining what you want to report about? Top talkers, top protocols/ports, open services, DNS info, reconstructed files, etc... Lots of different tools but it depends on what you want to do. Cheers, Harry On Apr 5, 2015 9:16 AM, Hank Disuko wrote: > > hi nanog folks, >

Re: lotsa pcap reporting

So, NTop or Afterglow might be a good start. They are both user-friendly tools that can ingest pcap files and output all sorts of pretty things. Cheers, Harry On 04/05/2015 09:36 AM, Hank Disuko wrote: > Thanks for the response, Harry. > > the basic stuff that managers are interested in seeing

OT: Long term contract work in Boston/Cambridge area

Good morning, First, I beg your pardon if job posting are unacceptable. I had a quick glance at the website and didn't see anything jump out as prohibited. I've got a couple of contractor positions open in Infosec and am hoping to find someone with a good background in networking, tools (IDS, Flo

Re: OPM Data Breach - Whitehouse Petition - Help Wanted

I think it would be great if you were to include some source links in your petition/email so that folks unaware of the specifics can educate themselves in a non-partisan and factual manner. Just my $0.02. Cheers, Harry On 6/17/15 8:54 PM, Ronald F. Guilmette wrote: > My apologies in advance to

Re: iOS 7 update traffic

They implemented fanboy-lust which :-) Paul Ferguson wrote: > >Can someone please explain to a non-Apple person what the hell happened >that started generating so much traffic? Perhaps I missed it in this >thread, but I would be curious to know what iOS 7 implemented that >caused this... > >Than

Re: semi-ot: network monitoring tools

Have them check out the various services from Team Cymru: https://www.team-cymru.org/Services/ Specifically the TC Console Cheers, Harry On 10/02/2013 02:34 AM, Nikolay Shopik wrote: > No all stats are snmp based > >> On 02 окт. 2013 г., at 9:07, "Dobbins, Roland" wrote: >> >> >>> On Oct 2, 2

Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic

That's with a recommendation of using RC4. Head on over to the Wikipedia page for SSL/TLS and then decide if you want rc4 to be your preference when trying to defend against a adversary with the resources of a nation-state. Cheers, Harry Niels Bakker wrote: >* mi...@stillhq.com (Michael Still

Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic

a they want? > >-Mike > > > >> On Nov 1, 2013, at 19:08, Harry Hoffman wrote: >> >> That's with a recommendation of using RC4. >> Head on over to the Wikipedia page for SSL/TLS and then decide if you want >> rc4 to be your preference when tr

Re: Google wants your Internet to be faster

Heh, well is seems like one of the PIRGs is joining the fray, at least in PA: http://www.pennpirg.org/action/google?id4=es On Mon, 2010-08-09 at 15:46 -0400, valdis.kletni...@vt.edu wrote: > On Mon, 09 Aug 2010 15:29:46 EDT, Joly MacFie said: > > Nor ensure 'lawful' content > > Do you *really*

Re: Netflow Tool

argus, www.qosient.com/argus On Fri, 2010-09-17 at 14:49 -0400, Mike Gatti wrote: > Anyone out there using a good netflow collector that has the capability data > to export to CSV? > Open Source would be best, but any suggestions are welcome. > > Thanks, > =+=+=+=+=+=+=+=+=+=+=+=+= > Michael

Re: Tcpdump data collection

Check out argus http://www.qosient.com/argus/ It can do exactly what you what. Cheers, Harry On Tue, 2008-12-02 at 17:19 -0800, Subba Rao wrote: > Hello, > > I want to collect data on a network and map the data flow and system/port > traffic. There are 2 scenarios of data collection here. Th

Re: Inauguration streaming traffic

Yep, most seems to be port 8247. Which seems to be CNN streaming service. And yay for the p2p options now in flash... nothing like that to make it look like a comp'd system/attack. --Harry On Tue, 2009-01-20 at 12:24 -0500, Patrick Muldoon wrote: > On Jan 20, 2009, at 12:20 PM, Jay Hennigan wro

RE: IPv6 day fun is beginning!

I have the same setup as you, except a Linux box that does the firewalling. The actiontec is pretty bad-ass, hardware-wise, and latest firmware versions give you a bit more freedom. Eth0 is the public addr and eth1 is the private addr. On Eth1 I've got a address from the routed /48 and then everyt

DNS and subdomains

Hi Folks, Feel free to tell me this isn't the proper place for my question but given that networking and DNS are hand in hand I thought it might be reasonable to ask here. In working with several OSINT sources for domain processing it seems like the way domains and subdomains are processed essent

Re: Paging RIT (Rochester Institute of Technology) network/sytems people

Just pinged them on your behalf. I expect someone will reach out directly to you. Cheers, Harry On Thu, Feb 20, 2025 at 9:07 AM Rich Kulawiec wrote: > I filed an abuse report 11 days ago (Feb 9) and have received no response. > Attempts to follow up by phone using the contact info in ARIN's rec

Re: DNS and subdomains

in and then consider everything to the left of that as a subdomain. I've now updated my understanding. Cheers, Harry On Mon, Feb 24, 2025 at 9:47 PM William Herrin wrote: > On Mon, Feb 24, 2025 at 5:58 PM Harry Hoffman via NANOG > wrote: > > In working with several OSINT sources for

Re: DNS and subdomains

Heya, Shumon! Great to hear from you and thanks for adjusting my understanding. It's also a good reminder to go read the RFCs so that I can eliminate assumptions :-) Cheers, Harry On Fri, Feb 28, 2025 at 12:29 PM Shumon Huque wrote: > On Fri, Feb 28, 2025 at 12:18 PM Harry Hoffman v

Re: DNS and subdomains

This is exactly the logic that I was operating under: A.B.EXAMPLE.COM . is a subdomain, but it should never be referred to as a subdomain of EXAMPLE.COM . It is only a subdomain of B.EXAMPLE.COM . On Fri, Feb 28, 2025 at 12:11