#cisco
13 November 2007
Total 10 pages. You are browsing page 1/10.
First :: Prev :: [1] [2] [3] [4] [5] [...] :: Next :: Last
--- Log opened Tue Nov 13 15:02:37 2007
--- Log closed Tue Nov 13 15:02:49 2007
--- Log opened Tue Nov 13 15:14:52 2007
15:29 <****> IPv4Freely: are you there
15:29 <****> baby
15:29 <****> :p
15:31 <****> tab
15:31 <****> yo
15:33 <****> is there some trickery by which someone can make a packet look like its coming from 192.168.1.2 but its really not?
15:33 <****> you mean spoof?
15:33 <****> sure
15:33 <****> yeah, but they won't be able to get the response, unless they can posion your arp cache.
15:34 <****> so end to end all the way through the Internet
15:34 <****> a packet will pass spoofed as 192.168.1.2
15:34 <****> yea
15:35 <****> unless it's filtered somewhere
15:35 <****> curses
15:35 <****> alot of people filter source address of rfc1918 or IPs other than what should be there
15:35 * dogwater hates uses ACLs on his GSRs
15:35 <****> yeah... bogon list
15:36 <****> as well as filtering their address space as src address from outside interfaces
15:36 <****> is there anyway to find the real src address?
15:37 <****> if you own the routes and log packet headers on them all, sure.
15:37 <****> net neutrality be damned sir
15:38 <****> or if you work for the NSA.
15:38 <****> according to the populat conspiracy theory
15:38 <****> lol
15:38 <****> damnit i dont want to upgrade my routers just so i can apply acls
15:39 <****> you can't apply ACLs?
15:39 <****> Oh I "can"
15:39 <****> lets just say
15:39 <****> hmm
15:39 <****> anyone here have a Aironet 1220
15:39 <****> ?
15:40 <****> i'd rather not at this time
15:40 <****> im about to goto a Cisco session on the 1250 series AP
15:40 <****> just use uRPF loose
15:40 <****> no but I've got a 1232AG, and have used 1230's in the past
15:40 <****> was playing with 1300's earlier
15:41 <****> Unter_ wouldnt that have the unintended consequence of killing any traffic from ISPs with asym routing?
15:41 <****> no
15:42 <****> uRPF just drops traffic without a valid match in the routing table
15:42 <****> eg, prevents spoofed stuff
15:42 <****> I was under the impression that it verifies the return path, which means that if the return path is different than the path it came in on than it drops it
15:42 <****> ie. reverse path...
15:43 <****> which is why it messes with asym traffic
15:43 <****> but its been years since i've read anything about it
15:46 <****> hmm hmm, i suppose really the best solution would be to just work with the ole upstreams
15:47 <****> we're trying to hold off going to engine 4 cards for a little while
15:56 <****> *yawn*
15:59 <****> dogwater: there are two versions of uRPF
15:59 <****> loose and strict
15:59 <****> loose simply verifies that the source address has a valid IP route entry in the FIB
15:59 <****> strict verifies that the packet is arriving on the same interface that the IP route entry is destined for
15:59 <****> (eg, forcing symm routing)
15:59 <****> well
15:59 <****> doesn't really force, just drops
15:59 <****> kinda like a sledgehammer :)
16:05 <****> hi
16:06 <****> anybody knows what kind of ram is supported by the 3825 router?
16:06 <****> they do
16:06 <****> datasheet says ddr ecc
16:06 <****> but i don't know if that is only 333mhz or 400mhz works as well
16:07 <****> Unter_: was loose released later or were they both released at the same time as i dont remember it originally
16:09 <****> gag i need better gsrs
16:15 <****> hey guys, random question. Have any of you set up IPv6 on your ASAs?
16:19 <****> hello, im unable to connect to irc directly, we have a cisco router that connects us to the internet, when i look at the running config, i see nothing talking about 6667 or anything related to IRC as far as i know! is there a way to see where im being blocked to the IRC ?
16:19 <****> i know this is probably not a cisco related question, but i mean since its a cisco router is the last thing i can test from
16:20 <****> is there an acl?
16:20 <****> uwetemp: Cisco access lists have an implicit deny at the end of them
16:20 <****> there are acls , but non for 6667
16:20 <****> unless port 6667, or the ip, or the traffic is permitted in some way, it will be blocked
16:20 <****> uwetemp: do your ACLs ahave a permit at the end of them?
16:21 <****> you may have an acl rule permitting http, https, etc. Add 6667 to that
16:21 <****> uwetemp: ?
16:21 <****> it has a permit any to any
16:22 <****> then you should be having no problem
16:22 <****> paste your ACL to www.internetworkpro.org/pastebin please
16:29 <****> http://pastebin.com/d2f3c3359
16:29 <****> this is general idea
16:30 <****> and nothing strange removed
16:31 <****> gotta say this is hard to read
16:31 <****> any one of the acls could be the culprit.
16:32 <****> OUCH
16:32 <****> fucking oracle
16:32 <****> fucking larry ellison
16:32 <****> just lost a bunch of money
16:32 <****> there are few ip specific denies
16:32 <****> im gonna go take a shit on their convention
16:32 <****> the rest is open
16:33 <****> oh, thankfully it's bounced back though
16:33 <****> theacolyte: ok. why?
16:34 <****> not all the way though
16:34 <****> don't talk unkindly about ellison, he'll take you out on his yacht and you'll never be heard from again.
16:34 <****> he's a prick
16:34 <****> i've seen him talk before
16:34 <****> Oracle VM, unveiled Monday at the Oracle OpenWorld convention in San Francisco, enables virtualization on Oracle and non-Oracle software applications and on the Linux and Windows operating systems. It also operates on industry-standard x86- and x86-64-based servers. Oracle claims it offers virtualization at a cost that's lower than competitors' prices.
16:34 <****> isnt there something like traceroute but port specific ?? :)
16:35 <****> I'm 1 block away from OpenWorld heh
16:35 <****> I'm gonna go complain
Total 10 pages. You are browsing page 1/10.
First :: Prev :: [1] [2] [3] [4] [5] [...] :: Next :: Last