Send NANOG mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
http://mailman.nanog.org/mailman/listinfo/nanog
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of NANOG digest..."
Today's Topics:
1. Re: NANOG NYC Event (Brant I. Stevens)
2. Re: NANOG NYC Event (J. Oquendo)
3. Re: NANOG NYC Event (John Levine)
4. Re: NANOG NYC Event (Fisher, Shawn)
5. Re: NANOG NYC Event (Henry Yen)
6. Comcast - Stuck route in Chicago directing MN traffic via
Denver (Eric Spaeth)
7. Emerg data recovery recommdnations? (david raistrick)
8. Re: IOS Rookit: the sky isn't falling (yet) (Christian)
----------------------------------------------------------------------
Message: 1
Date: Sun, 01 Jun 2008 11:39:43 -0400
From: "Brant I. Stevens" <[email protected]>
Subject: Re: NANOG NYC Event
To: John Levine <[email protected]>, <[email protected]>
Message-ID: <C4683AFF.14D1C1%[email protected]>
Content-Type: text/plain; charset="US-ASCII"
On 5/31/08 11:58 PM, "John Levine" <[email protected]> wrote:
In article <[email protected]>
you
write:
I second the motion to recognize Dinosaur BBQ. All those in favor?
Dinosaur is swell, but it's in Syracuse.
Perhaps you could pick one that's reachable by subway instead.
Dinosaur Barbecue
www.dinosaurbarbque.com
646 W 131st St
New York, NY 10027
It's in Harlem. BOOOOOOO!!!!!
------------------------------
Message: 2
Date: Sun, 1 Jun 2008 10:54:40 -0500
From: "J. Oquendo" <[email protected]>
Subject: Re: NANOG NYC Event
To: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
On Sun, 01 Jun 2008, Brant I. Stevens wrote:
It's in Harlem. BOOOOOOO!!!!!
So is Columbia University!
Harlem is in the process of going through a
renaissance and has been over the past 10 or
more so things have changed for the better.
Just avoid going there after certain hours ;)
As for the prior Brooklyn comment, Park Slope
also has some great eats but the area/scene
tends to be sort of artsy. If you want to spend
some time sightseeing Brooklyn, the Brooklyn
Public Library (main one) Grand Army Plaza is
near the Brooklyn Botanic Gardens. Don't forget
Coney Island which has also changed in the last
decade. Again, watch those hours, NY is a Jeckyll
and Hyde city. Nice sometimes, beautiful to visit
but can be insanely ugly.
The downtown Brooklyn area has some nice eats
but I've always preferred the city. In the area
of downtown Brooklyn, you'll typically find a
bunch of people in local government and lawyers
eating as the courts are downtown.
For those looking for sweets, don't forget the
ever famous (overhyped) Junior's Cheesecake.
If you've travelled to Coney Island then one
cannot forget Nathan's. There are some really
good pubs in the Red Hook section, but alas
again, going through certain neighborhoods is
not for everyone. You can jump on a Water Taxi
there for kicks though. Makes for nice pictures
at night.
Sightseeing: Jump on a boat at night (booze
cruise) $25.00
http://www.nywatertaxi.com/tours/happyhour/
Or just hop on an "On and Off" cruise:
http://www.nywatertaxi.com/hop/
$20.00
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA #579 (FW+VPN v4.1) SGFE #574 (FW+VPN v4.1)
CEH/CNDA, CHFI
"Experience hath shewn, that even under the best
forms (of government) those entrusted with power
have, in time, and by slow operations, perverted
it into tyranny." Thomas Jefferson
wget -qO - www.infiltrated.net/sig|perl
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB
------------------------------
Message: 3
Date: 1 Jun 2008 16:09:56 -0000
From: John Levine <[email protected]>
Subject: Re: NANOG NYC Event
To: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=iso-8859-1
Dinosaur is swell, but it's in Syracuse.
Perhaps you could pick one that's reachable by subway instead.
Oh, all right, as about 47 people have pointed out, they have a branch
on 131st St. The barbeque is not bad. I eat it at the NY State Fair
every year.
On the other hand, I would think that in NYC, home of the most
wonderful food on the continent,* you could do better than a branch of
a yuppie ex biker joint from Syracuse. How about RUB at 23rd and 7th?
Or Johnny Utah's at 51st and 5th? Or Oklahoma Smoke up at 145st St?
R's,
John
* - with the possible exception of Montreal, an argument that can only
be resolved by extensive research in both places
------------------------------
Message: 4
Date: Sun, 1 Jun 2008 12:57:31 -0400
From: "Fisher, Shawn" <[email protected]>
Subject: Re: NANOG NYC Event
To: <[email protected]>, <[email protected]>
Message-ID:
<[email protected]>
Content-Type: text/plain; charset="us-ascii"
(Drifting further off topic). Another suggestion to add is the DUMBO area
of brooklyn, down under mahattanville overpass, easy to reach from
manhattan, take a nice stroll across the brooklyn bridge and your there,
lots of cool restaurants. Another bit of history, walk to montague
street, yes the montague street mr dylan sings about in tangled up in
blue. (some controversy over this) best way to walk is on the promenade
along the east river, great views of manhattan. Enjoy
--------------------------
Sent using BlackBerry
-----Original Message-----
From: J. Oquendo
To: [email protected]
Sent: Sun Jun 01 11:54:40 2008
Subject: Re: NANOG NYC Event
On Sun, 01 Jun 2008, Brant I. Stevens wrote:
It's in Harlem. BOOOOOOO!!!!!
So is Columbia University!
Harlem is in the process of going through a
renaissance and has been over the past 10 or
more so things have changed for the better.
Just avoid going there after certain hours ;)
As for the prior Brooklyn comment, Park Slope
also has some great eats but the area/scene
tends to be sort of artsy. If you want to spend
some time sightseeing Brooklyn, the Brooklyn
Public Library (main one) Grand Army Plaza is
near the Brooklyn Botanic Gardens. Don't forget
Coney Island which has also changed in the last
decade. Again, watch those hours, NY is a Jeckyll
and Hyde city. Nice sometimes, beautiful to visit
but can be insanely ugly.
The downtown Brooklyn area has some nice eats
but I've always preferred the city. In the area
of downtown Brooklyn, you'll typically find a
bunch of people in local government and lawyers
eating as the courts are downtown.
For those looking for sweets, don't forget the
ever famous (overhyped) Junior's Cheesecake.
If you've travelled to Coney Island then one
cannot forget Nathan's. There are some really
good pubs in the Red Hook section, but alas
again, going through certain neighborhoods is
not for everyone. You can jump on a Water Taxi
there for kicks though. Makes for nice pictures
at night.
Sightseeing: Jump on a boat at night (booze
cruise) $25.00
http://www.nywatertaxi.com/tours/happyhour/
Or just hop on an "On and Off" cruise:
http://www.nywatertaxi.com/hop/
$20.00
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA #579 (FW+VPN v4.1) SGFE #574 (FW+VPN v4.1)
CEH/CNDA, CHFI
"Experience hath shewn, that even under the best
forms (of government) those entrusted with power
have, in time, and by slow operations, perverted
it into tyranny." Thomas Jefferson
wget -qO - www.infiltrated.net/sig|perl
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB
------------------------------
Message: 5
Date: Sun, 1 Jun 2008 17:27:10 -0400
From: Henry Yen <[email protected]>
Subject: Re: NANOG NYC Event
To: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
On Sun, Jun 01, 2008 at 10:54:40AM -0500, J. Oquendo wrote:
As for the prior Brooklyn comment, Park Slope
also has some great eats but the area/scene
tends to be sort of artsy.
The downtown Brooklyn area has some nice eats
but I've always preferred the city. In the area
of downtown Brooklyn, you'll typically find a
bunch of people in local government and lawyers
eating as the courts are downtown.
For those looking for sweets, don't forget the
ever famous (overhyped) Junior's Cheesecake.
Disclaimer: I've worked in the immediate area of this conference on
and off for over 30 years. (In fact, I'm staring longingly down at
the Marriott Hotel from the office window right now...)
First, you simply must take a walk across the Brooklyn Bridge to
Manhattan (and back). Exhilarating views, an unforgettable
experience, and you'd be participating in one of the more common
things that "all" NYC people do. Just walk out the "front" door of
the hotel and turn right. (Watch out for crazy bicyclists!)
Second, Junior's Cheesecake, overhyped as it is, is still arguably
among the best "domestic" cheesecakes, at least on the east coast.
You really ought to try it. But, don't stop there -- the
brisket/corned-beef/pastrami on twin rolls is highly recommended.
(My personal favorite is their down-home matzoh-ball soup.)
Third, the Brooklyn Heights area is admittedly "artsy", but there's
lots of interesting and tasty variety. I've had great food at
several Italian seafood-style places (although if that's your
preference, I'd encourage you to go to Vincent's in Little Italy
(lower Manhattan)).
Finally, I didn't see a destination that seems like it might be very
useful: Radio Shack (go out the "back" door of the hotel, turn right,
half a block to Willoughby, turn right, and it's right across the street
from the White Castle (which is its own "destination")).
P.S. If you're into bicycling, the Hudson River Park bikeway (runs about
10 miles along the western Manhattan shoreline) is a paved, fantasitc,
ride. I don't know if the bike rental season has started yet, though.
--
Henry Yen <[email protected]> Aegis Information Systems,
Inc.
Senior Systems Programmer Hicksville, New York
------------------------------
Message: 6
Date: Sun, 01 Jun 2008 23:57:06 -0500
From: Eric Spaeth <[email protected]>
Subject: Comcast - Stuck route in Chicago directing MN traffic via
Denver
To: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
For the last couple weeks there has been a route stuck in the Chicago
wan/core that is directing some Minnesota-bound traffic through Denver,
even though Chicago and the Roseville, MN aggregation remain up and
directly connected. This has the dual benefit of unnecessarily
increasing the load on Comcast's internal backbone as well as increasing
latency for Minnesota subscribers connecting to "east of the
Mississippi" destinations by ~20ms.
I'm hoping Comcast engineers read this list, or someone in the carrier
community can help poke one of their Comcast contacts to help get this
resolved.
Thanks in advance!
"Wedged" route - 76.113.128.0/17
Correct route - 69.180.128.0/18
Example trace from Chicago source to 76.113.128.0/17:
=========================================
traceroute to 76.113.128.1 (76.113.128.1), 30 hops max, 40 byte packets
1 69.65.40.62 (69.65.40.62) 0.542 ms 0.511 ms 0.508 ms
2 so2-0-0-0.er1.Chi1.Servernap.net (69.39.239.169) 1.632 ms 1.642
ms 2.121 ms
3 ge-6-20.car1.Chicago1.Level3.net (4.79.65.49) 1.605 ms 1.608 ms
1.619 ms
4 ae-2-54.edge1.Chicago2.Level3.net (4.68.101.115) 1.604 ms 1.602
ms 1.600 ms
5 COMCAST-IP.edge1.Chicago2.Level3.net (4.71.248.26) 2.735 ms 2.741
ms 2.739 ms
6 pos-0-8-0-0-cr01.denver.co.ibone.comcast.net (68.86.85.114) 27.284
ms 27.398 ms 27.387 ms
7 te-9-4-ar02.roseville.mn.minn.comcast.net (68.86.91.154) 44.177 ms * *
8 te-0-2-0-5-ar03.roseville.mn.minn.comcast.net (68.87.174.73) 28.352
ms 28.352 ms 28.349 ms
9 te-2-1-ur01.sims.mn.minn.comcast.net (68.87.174.74) 28.826 ms * *
10 te-8-3-ur02.sims.mn.minn.comcast.net (68.87.174.78) 28.959 ms * *
11 te-2-1-ur01.newport.mn.minn.comcast.net (68.87.174.82) 29.267 ms *
te-2-1-ur01.newport.mn.minn.comcast.net (68.87.174.82) 28.700 ms
12 c-76-113-128-1.hsd1.mn.comcast.net (76.113.128.1) 28.638 ms 28.673
ms 28.667 ms
=========================================
Example trace from Chicago source to working route 69.180.128.0/18
=========================================
traceroute to 69.180.130.1 (69.180.130.1), 30 hops max, 40 byte packets
1 69.65.40.62 (69.65.40.62) 0.482 ms 0.450 ms 0.446 ms
2 so2-0-0-0.er1.Chi1.Servernap.net (69.39.239.169) 1.595 ms 2.082
ms 2.082 ms
3 ge-6-20.car1.Chicago1.Level3.net (4.79.65.49) 1.568 ms 1.569 ms
1.579 ms
4 ae-2-52.edge1.Chicago2.Level3.net (4.68.101.51) 1.562 ms 1.563 ms
1.560 ms
5 COMCAST-IP.edge1.Chicago2.Level3.net (4.71.248.22) 2.708 ms 2.713
ms 2.711 ms
6 te-0-1-0-7-ar03.roseville.mn.minn.comcast.net (68.87.174.21) 13.144
ms 11.919 ms 11.877 ms
7 68.87.174.22 (68.87.174.22) 11.824 ms * *
8 te-8-3-ur02.brooklynpark.mn.minn.comcast.net (68.87.174.26) 12.333
ms * *
9 te-2-1-ur01.newhope.mn.minn.comcast.net (68.87.174.30) 12.012 ms * *
10 c-3-0-ubr02.newhope.mn.minn.comcast.net (69.180.130.1) 11.963 ms
12.018 ms 11.973 ms
=========================================
-Eric
------------------------------
Message: 7
Date: Mon, 2 Jun 2008 09:04:24 +0000 (UTC)
From: david raistrick <[email protected]>
Subject: Emerg data recovery recommdnations?
To: [email protected]
Message-ID: <[email protected]>
Content-Type: TEXT/PLAIN; format=flowed; charset=us-ascii
guys,
wrong place, I know, but network down is network down no matter which side
of the cable it falls on...
Can anyone give any solid recommendations for a data recovery service who
can fly to our site to extract data from a f'ed up RAID array?
It's an absolute emergency (for us, of course).
offlist please.
.d
---
david raistrick http://www.netmeister.org/news/learn2quote.html
[email protected] http://www.expita.com/nomime.html
------------------------------
Message: 8
Date: Mon, 2 Jun 2008 07:47:56 -0400
From: Christian <[email protected]>
Subject: Re: IOS Rookit: the sky isn't falling (yet)
To: "Fred Reimer" <[email protected]>
Cc: [email protected]
Message-ID:
<[email protected]>
Content-Type: text/plain; charset=ISO-8859-1
here's the slides if anyone hasn't seen
http://seclists.org/fulldisclosure/2008/May/att-0668/EuSecWest_presentation_ppt
On Thu, May 29, 2008 at 11:27 AM, Fred Reimer <[email protected]> wrote:
New keys, to be stored on the crypto chip, would presumably be delivered
in
a separately signed package using a master key that would not change
(embedded within the chip). Maybe Cisco even doesn't have this key, and
would need to send a revocation or new public key to be stored on the
chip
to the chip manufacturer, who would sign it with the master private key
and
which then could be delivered in a software update to the system. There
are
many possibilities, and no crypto scheme is foolproof. That much has
been
proven. But no, you would not make the on-chip EEPROM of the crypto chip
"flashable" in the normal meaning of the word. You would send the chip a
pointer to a buffer that contains a signed update key, and the chip
itself
would verify that signature and only then program the updated key(s).
My intention was not to turn nanog into a crypto forum. I'd be much more
interested in any unique methods that people use to harden their systems
that have not already been widely distributed through vendor or industry
best practices.
Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior Network Engineer
Coleman Technologies, Inc.
954-298-1697
> -----Original Message-----
> From: Jim Wise [mailto:[email protected]]
> Sent: Thursday, May 29, 2008 11:10 AM
> To: Fred Reimer
> Cc: Jared Mauch; [email protected]
> Subject: RE: IOS Rookit: the sky isn't falling (yet)
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thu, 29 May 2008, Fred Reimer wrote:
>
> >The code would presumably be run upon boot from a non-flashable
> source,
> >which would run the boot ROM code through a check on the crypto chip
> and
> >only execute it if it passed. You would not put the code that checks
> the
> >boot ROM on the boot ROM. The new crypto chip would presumably have
> the
> >initial boot code, which would only be designed to check the boot ROM
> >signature and nothing else so presumably would never need to be
> replaced and
> >hence would be designed to be non-flashable.
>
> Doesn't this just push the chicken-and-egg problem up the chain one
> step?
> The ROMMON would be flashable (among other reasons) because the key
> used to
> sign IOS releases should change over the years -- gaining length as
> cycles
> get cheaper, being replaced periodically to prevent use of the same key
> for
> too long, and perhaps being revoked if it should ever be compromised.
>
> If the ROMMON is itself to be verified by a prior, non-flashable ROM,
> then
> all the same arguments would call for making its key-list updatable --
> and
> given the time-in-service seen by many such devices, any weakness in
> that
> key list would be around for quite some time.
>
> - --
> Jim Wise
> [email protected]
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (NetBSD)
>
> iD8DBQFIPsdRq/KRbT0KwbwRAkcmAJ4xOBtANHOc+C/fzL+7PvgWnjp76ACfSGUw
> 43+1Pq3xWS4MagWzdetZ0ws=
> =62gJ
> -----END PGP SIGNATURE-----
------------------------------
_______________________________________________
NANOG mailing list
[email protected]
http://mailman.nanog.org/mailman/listinfo/nanog
End of NANOG Digest, Vol 5, Issue 2
***********************************