I am out of the office until 12.08.2008.
Vielen Dank für Ihre Nachricht. Zur Zeit bin ich abwesend und habe nur
limitierten E-Mail Zugang. Ihre Nachricht werde ich so bald wie möglich
beantworten. Für dringende Angelegenheiten kontaktieren Sie bitte Markus
Bommeli unter E-Mail: markus.bommeli(a)belsoft.ch oder per Telefon +41 (0)44
388 13 31.
Thank you for your E-mail. I have only limited E-mail access, and I will
respond to your message as soon as possible. For urgent matters please
contact Markus Bommeli at the office. E-mail: markus.bommeli(a)belsoft.ch or
phone +41 (0)44 388 13 31.
Freundliche Grüsse / Kind regards,
Note: This is an automated response to your message swinog Digest, Vol 42,
Issue 15 sent on 31.07.2008 12:00:03.
This is the only notification you will receive while this person is away.
Belsoft AG | IT Solutions
Russenweg 26 | 8008 Zuerich | Switzerland
Phone: +41 44 3881331 | Fax +41 44 3811611
info(a)belsoft.ch | http://www.belsoft.ch
This e-mail has been scanned for viruses and content.
If you encounter any problems mailto:email@example.com
I'm preparing my routers for IPv6. Along with v6 support comes the
requirement to secure router management / services for v6.
Currently I've inbound access-lists on all inbound interfaces blocking
management traffic (ssh, telnet, ftp, http, etc.) and things like SIP,
etc. to all router v4 addresses.
You can imagine that this a lot of maintenance work. So my idea was to
use the new management-plane (control-plane) protection in IOS 12.4 T.
Is there anyone using this already in ISP networks? What are the experience?
You can define a loopback interface as management-interface and
propagate the loopback addresses with IGP inside the management network.
After that, all other interfaces are no longer accepting management
traffic to the control-plane, right? Setting an inbound access-list on
the loopback interface to filter management traffic may be a good idea,
Is there any impact to BGP sessions? I sill need access-lists dropping
BGP traffic to my router addresses and explicit allowing my bgp peers,
Any suggestions / ideas welcome. Thanks and best regards
well... new beer event, new location.
please register asap ,-)
the facts for the next event:
Date: 4th of August 2008
Time: starting around 18.30 o'clock
Location: @ the "Juan Costa" beside HuerlimannPlatz / Google
www.juancosta.ch -> HuerlimannPlatz
Registration deadline: 02.08.2008 18:00:00
Please register here: http://swinog.mrmouse.ch/ since we have to make
reservations, i need to know who's coming and who not. If you cannot
attend and you're registered please inform me asap. if you cannot find
us: call me on my mobile: +41 79 277 92 35.
I've noticed that quite a few Firewalls don't support VPN to a DNS name as peer, so you'll have to enter the remote IP , and better having a fixed IP on the remote site :)
Does anyone know whether it's possible to enter a dyndns record as remote side on a Juniper Firewall?
The 2008 Infrastructure Security Survey is up and available for
input. You can register to complete the survey at this URL:
I've added many questions this time from past participants
of the survey, this should be evidenced throughout. Thanks
to all those that reviewed and provided questions explicitly
for this edition. The survey response window will be ~2
We hope to make the results available by the end of September
at the latest. Also, please recall that NO personally (or
organizationally) identifiable information will be shared in any
The 2007 edition of the survey is available here:
Or on the Arbor web site (reg required):
Thanks in advance for your participation!
I will be out of the office starting 18.07.2008 and will not return until
I will reply to your message when I return.
If you need immediate assistance please email Abdel Houdaf -
Now that the office firewall is running fine (uptime: 34 days, not a
single problem since last month, cf. the "VDSL/Zyxel P2802 HWL not
"strong" enough for a small company LAN?" thread), I'm now back,
looking for a new kind of firewall :)
For a specific project with it's own rack @datacenter, I would need a
device to "protect" about 10 web-servers:
- deny everything, and then
- allow web traffic (80/443) from everywhere -> servers
- allow administrative (sftp/ssh) traffic from specific IP's
- ability to detect http-based "attacks/ddos" (like bad configured
spidering) : if there are too many http requests from specific hosts
-> throttle/deny access for some time. I guess it's something which
should be implemented on application level, but who knows... ?
- bandwidth: average: 5Mbit/s, peaks: 10-15Mbit/s
- stable, reasonable price... (max 1-3kChf?)
Under digitec.ch ( http://www.digitec.ch/ProdukteAuswahl2.aspx?knr=490 )
as a start there are 9 "Rackmount" FW's. But most of them are
VPN-oriented, with IpSec-Tunnels, SSL-Tunnels, etc: mostly stuff which
is expensive and that I really don't need.
Is there anything you can recommend in this case? It if was only me,
I would take something there:
and start with that. But the customer would also like to see some "non
open-source"-based solutions... :>
this might be a naive question but still needs a good answer ;-)
Are there ethernet switches else as cisco that can provide
netflow traffic informations? Or do they use snmp for the same