Read http://www.forgotten-ny.com/ before setting any agendas and if you have some time to spare, there is some awesome history to find. I lived there for nearly 20 years and it's endless the amazing things you can find just a short distance from anywhere. One of my stops is *always* the Dakotah and Strawbberry Fields followed by a walk through Central Park. Up on the Northwest side is the lake/castle that's a must see too. Right at 72nd and Columbus (close to the Dakotah) is the greatest pizzeria in NY. C. Genrich ----- Original Message ----- From: <nanog-request@nanog.org> To: <nanog@nanog.org> Sent: Monday, June 02, 2008 7:00 AM Subject: NANOG Digest, Vol 5, Issue 2
Send NANOG mailing list submissions to nanog@nanog.org
To subscribe or unsubscribe via the World Wide Web, visit http://mailman.nanog.org/mailman/listinfo/nanog or, via email, send a message with subject or body 'help' to nanog-request@nanog.org
You can reach the person managing the list at nanog-owner@nanog.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of NANOG digest..."
Today's Topics:
1. Re: NANOG NYC Event (Brant I. Stevens) 2. Re: NANOG NYC Event (J. Oquendo) 3. Re: NANOG NYC Event (John Levine) 4. Re: NANOG NYC Event (Fisher, Shawn) 5. Re: NANOG NYC Event (Henry Yen) 6. Comcast - Stuck route in Chicago directing MN traffic via Denver (Eric Spaeth) 7. Emerg data recovery recommdnations? (david raistrick) 8. Re: IOS Rookit: the sky isn't falling (yet) (Christian)
----------------------------------------------------------------------
Message: 1 Date: Sun, 01 Jun 2008 11:39:43 -0400 From: "Brant I. Stevens" <branto@branto.com> Subject: Re: NANOG NYC Event To: John Levine <johnl@iecc.com>, <nanog@nanog.org> Message-ID: <C4683AFF.14D1C1%branto@branto.com> Content-Type: text/plain; charset="US-ASCII"
On 5/31/08 11:58 PM, "John Levine" <johnl@iecc.com> wrote:
In article <43661d390805312028u130046ddlc804e4615c83ba62@mail.gmail.com> you write:
I second the motion to recognize Dinosaur BBQ. All those in favor?
Dinosaur is swell, but it's in Syracuse.
Perhaps you could pick one that's reachable by subway instead.
Dinosaur Barbecue www.dinosaurbarbque.com
646 W 131st St New York, NY 10027
It's in Harlem. BOOOOOOO!!!!!
------------------------------
Message: 2 Date: Sun, 1 Jun 2008 10:54:40 -0500 From: "J. Oquendo" <sil@infiltrated.net> Subject: Re: NANOG NYC Event To: nanog@nanog.org Message-ID: <20080601155440.GA47184@infiltrated.net> Content-Type: text/plain; charset=us-ascii
On Sun, 01 Jun 2008, Brant I. Stevens wrote:
It's in Harlem. BOOOOOOO!!!!!
So is Columbia University!
Harlem is in the process of going through a renaissance and has been over the past 10 or more so things have changed for the better. Just avoid going there after certain hours ;)
As for the prior Brooklyn comment, Park Slope also has some great eats but the area/scene tends to be sort of artsy. If you want to spend some time sightseeing Brooklyn, the Brooklyn Public Library (main one) Grand Army Plaza is near the Brooklyn Botanic Gardens. Don't forget Coney Island which has also changed in the last decade. Again, watch those hours, NY is a Jeckyll and Hyde city. Nice sometimes, beautiful to visit but can be insanely ugly.
The downtown Brooklyn area has some nice eats but I've always preferred the city. In the area of downtown Brooklyn, you'll typically find a bunch of people in local government and lawyers eating as the courts are downtown.
For those looking for sweets, don't forget the ever famous (overhyped) Junior's Cheesecake. If you've travelled to Coney Island then one cannot forget Nathan's. There are some really good pubs in the Red Hook section, but alas again, going through certain neighborhoods is not for everyone. You can jump on a Water Taxi there for kicks though. Makes for nice pictures at night.
Sightseeing: Jump on a boat at night (booze cruise) $25.00 http://www.nywatertaxi.com/tours/happyhour/
Or just hop on an "On and Off" cruise: http://www.nywatertaxi.com/hop/
$20.00
-- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA #579 (FW+VPN v4.1) SGFE #574 (FW+VPN v4.1) CEH/CNDA, CHFI
"Experience hath shewn, that even under the best forms (of government) those entrusted with power have, in time, and by slow operations, perverted it into tyranny." Thomas Jefferson
wget -qO - www.infiltrated.net/sig|perl
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB
------------------------------
Message: 3 Date: 1 Jun 2008 16:09:56 -0000 From: John Levine <johnl@iecc.com> Subject: Re: NANOG NYC Event To: nanog@nanog.org Message-ID: <20080601160956.22514.qmail@simone.iecc.com> Content-Type: text/plain; charset=iso-8859-1
Dinosaur is swell, but it's in Syracuse.
Perhaps you could pick one that's reachable by subway instead.
Oh, all right, as about 47 people have pointed out, they have a branch on 131st St. The barbeque is not bad. I eat it at the NY State Fair every year.
On the other hand, I would think that in NYC, home of the most wonderful food on the continent,* you could do better than a branch of a yuppie ex biker joint from Syracuse. How about RUB at 23rd and 7th? Or Johnny Utah's at 51st and 5th? Or Oklahoma Smoke up at 145st St?
R's, John
* - with the possible exception of Montreal, an argument that can only be resolved by extensive research in both places
------------------------------
Message: 4 Date: Sun, 1 Jun 2008 12:57:31 -0400 From: "Fisher, Shawn" <SFisher@Bresnan.com> Subject: Re: NANOG NYC Event To: <sil@infiltrated.net>, <nanog@nanog.org> Message-ID: <21352038E7719F43A6D65B2D90B5256CCBFA34@fossil.bresnan.com> Content-Type: text/plain; charset="us-ascii"
(Drifting further off topic). Another suggestion to add is the DUMBO area of brooklyn, down under mahattanville overpass, easy to reach from manhattan, take a nice stroll across the brooklyn bridge and your there, lots of cool restaurants. Another bit of history, walk to montague street, yes the montague street mr dylan sings about in tangled up in blue. (some controversy over this) best way to walk is on the promenade along the east river, great views of manhattan. Enjoy -------------------------- Sent using BlackBerry
-----Original Message----- From: J. Oquendo To: nanog@nanog.org Sent: Sun Jun 01 11:54:40 2008 Subject: Re: NANOG NYC Event
On Sun, 01 Jun 2008, Brant I. Stevens wrote:
It's in Harlem. BOOOOOOO!!!!!
So is Columbia University!
Harlem is in the process of going through a renaissance and has been over the past 10 or more so things have changed for the better. Just avoid going there after certain hours ;)
As for the prior Brooklyn comment, Park Slope also has some great eats but the area/scene tends to be sort of artsy. If you want to spend some time sightseeing Brooklyn, the Brooklyn Public Library (main one) Grand Army Plaza is near the Brooklyn Botanic Gardens. Don't forget Coney Island which has also changed in the last decade. Again, watch those hours, NY is a Jeckyll and Hyde city. Nice sometimes, beautiful to visit but can be insanely ugly.
The downtown Brooklyn area has some nice eats but I've always preferred the city. In the area of downtown Brooklyn, you'll typically find a bunch of people in local government and lawyers eating as the courts are downtown.
For those looking for sweets, don't forget the ever famous (overhyped) Junior's Cheesecake. If you've travelled to Coney Island then one cannot forget Nathan's. There are some really good pubs in the Red Hook section, but alas again, going through certain neighborhoods is not for everyone. You can jump on a Water Taxi there for kicks though. Makes for nice pictures at night.
Sightseeing: Jump on a boat at night (booze cruise) $25.00 http://www.nywatertaxi.com/tours/happyhour/
Or just hop on an "On and Off" cruise: http://www.nywatertaxi.com/hop/
$20.00
-- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA #579 (FW+VPN v4.1) SGFE #574 (FW+VPN v4.1) CEH/CNDA, CHFI
"Experience hath shewn, that even under the best forms (of government) those entrusted with power have, in time, and by slow operations, perverted it into tyranny." Thomas Jefferson
wget -qO - www.infiltrated.net/sig|perl
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB
------------------------------
Message: 5 Date: Sun, 1 Jun 2008 17:27:10 -0400 From: Henry Yen <henry@AegisInfoSys.com> Subject: Re: NANOG NYC Event To: nanog@nanog.org Message-ID: <20080601172710.R2829@AegisInfoSys.com> Content-Type: text/plain; charset=us-ascii
On Sun, Jun 01, 2008 at 10:54:40AM -0500, J. Oquendo wrote:
As for the prior Brooklyn comment, Park Slope also has some great eats but the area/scene tends to be sort of artsy.
The downtown Brooklyn area has some nice eats but I've always preferred the city. In the area of downtown Brooklyn, you'll typically find a bunch of people in local government and lawyers eating as the courts are downtown.
For those looking for sweets, don't forget the ever famous (overhyped) Junior's Cheesecake.
Disclaimer: I've worked in the immediate area of this conference on and off for over 30 years. (In fact, I'm staring longingly down at the Marriott Hotel from the office window right now...)
First, you simply must take a walk across the Brooklyn Bridge to Manhattan (and back). Exhilarating views, an unforgettable experience, and you'd be participating in one of the more common things that "all" NYC people do. Just walk out the "front" door of the hotel and turn right. (Watch out for crazy bicyclists!)
Second, Junior's Cheesecake, overhyped as it is, is still arguably among the best "domestic" cheesecakes, at least on the east coast. You really ought to try it. But, don't stop there -- the brisket/corned-beef/pastrami on twin rolls is highly recommended. (My personal favorite is their down-home matzoh-ball soup.)
Third, the Brooklyn Heights area is admittedly "artsy", but there's lots of interesting and tasty variety. I've had great food at several Italian seafood-style places (although if that's your preference, I'd encourage you to go to Vincent's in Little Italy (lower Manhattan)).
Finally, I didn't see a destination that seems like it might be very useful: Radio Shack (go out the "back" door of the hotel, turn right, half a block to Willoughby, turn right, and it's right across the street from the White Castle (which is its own "destination")).
P.S. If you're into bicycling, the Hudson River Park bikeway (runs about 10 miles along the western Manhattan shoreline) is a paved, fantasitc, ride. I don't know if the bike rental season has started yet, though.
-- Henry Yen <henry@AegisInfoSys.com> Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
------------------------------
Message: 6 Date: Sun, 01 Jun 2008 23:57:06 -0500 From: Eric Spaeth <eric@spaethco.com> Subject: Comcast - Stuck route in Chicago directing MN traffic via Denver To: nanog@merit.edu Message-ID: <48437DA2.9060100@spaethco.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
For the last couple weeks there has been a route stuck in the Chicago wan/core that is directing some Minnesota-bound traffic through Denver, even though Chicago and the Roseville, MN aggregation remain up and directly connected. This has the dual benefit of unnecessarily increasing the load on Comcast's internal backbone as well as increasing latency for Minnesota subscribers connecting to "east of the Mississippi" destinations by ~20ms.
I'm hoping Comcast engineers read this list, or someone in the carrier community can help poke one of their Comcast contacts to help get this resolved.
Thanks in advance!
"Wedged" route - 76.113.128.0/17 Correct route - 69.180.128.0/18
Example trace from Chicago source to 76.113.128.0/17: ========================================= traceroute to 76.113.128.1 (76.113.128.1), 30 hops max, 40 byte packets 1 69.65.40.62 (69.65.40.62) 0.542 ms 0.511 ms 0.508 ms 2 so2-0-0-0.er1.Chi1.Servernap.net (69.39.239.169) 1.632 ms 1.642 ms 2.121 ms 3 ge-6-20.car1.Chicago1.Level3.net (4.79.65.49) 1.605 ms 1.608 ms 1.619 ms 4 ae-2-54.edge1.Chicago2.Level3.net (4.68.101.115) 1.604 ms 1.602 ms 1.600 ms 5 COMCAST-IP.edge1.Chicago2.Level3.net (4.71.248.26) 2.735 ms 2.741 ms 2.739 ms 6 pos-0-8-0-0-cr01.denver.co.ibone.comcast.net (68.86.85.114) 27.284 ms 27.398 ms 27.387 ms 7 te-9-4-ar02.roseville.mn.minn.comcast.net (68.86.91.154) 44.177 ms * * 8 te-0-2-0-5-ar03.roseville.mn.minn.comcast.net (68.87.174.73) 28.352 ms 28.352 ms 28.349 ms 9 te-2-1-ur01.sims.mn.minn.comcast.net (68.87.174.74) 28.826 ms * * 10 te-8-3-ur02.sims.mn.minn.comcast.net (68.87.174.78) 28.959 ms * * 11 te-2-1-ur01.newport.mn.minn.comcast.net (68.87.174.82) 29.267 ms * te-2-1-ur01.newport.mn.minn.comcast.net (68.87.174.82) 28.700 ms 12 c-76-113-128-1.hsd1.mn.comcast.net (76.113.128.1) 28.638 ms 28.673 ms 28.667 ms =========================================
Example trace from Chicago source to working route 69.180.128.0/18 ========================================= traceroute to 69.180.130.1 (69.180.130.1), 30 hops max, 40 byte packets 1 69.65.40.62 (69.65.40.62) 0.482 ms 0.450 ms 0.446 ms 2 so2-0-0-0.er1.Chi1.Servernap.net (69.39.239.169) 1.595 ms 2.082 ms 2.082 ms 3 ge-6-20.car1.Chicago1.Level3.net (4.79.65.49) 1.568 ms 1.569 ms 1.579 ms 4 ae-2-52.edge1.Chicago2.Level3.net (4.68.101.51) 1.562 ms 1.563 ms 1.560 ms 5 COMCAST-IP.edge1.Chicago2.Level3.net (4.71.248.22) 2.708 ms 2.713 ms 2.711 ms 6 te-0-1-0-7-ar03.roseville.mn.minn.comcast.net (68.87.174.21) 13.144 ms 11.919 ms 11.877 ms 7 68.87.174.22 (68.87.174.22) 11.824 ms * * 8 te-8-3-ur02.brooklynpark.mn.minn.comcast.net (68.87.174.26) 12.333 ms * * 9 te-2-1-ur01.newhope.mn.minn.comcast.net (68.87.174.30) 12.012 ms * * 10 c-3-0-ubr02.newhope.mn.minn.comcast.net (69.180.130.1) 11.963 ms 12.018 ms 11.973 ms =========================================
-Eric
------------------------------
Message: 7 Date: Mon, 2 Jun 2008 09:04:24 +0000 (UTC) From: david raistrick <drais@icantclick.org> Subject: Emerg data recovery recommdnations? To: nanog@nanog.org Message-ID: <alpine.BSF.0.999.0806020902510.16617@murf.icantclick.org> Content-Type: TEXT/PLAIN; format=flowed; charset=us-ascii
guys,
wrong place, I know, but network down is network down no matter which side of the cable it falls on...
Can anyone give any solid recommendations for a data recovery service who can fly to our site to extract data from a f'ed up RAID array?
It's an absolute emergency (for us, of course).
offlist please.
.d
--- david raistrick http://www.netmeister.org/news/learn2quote.html drais@icantclick.org http://www.expita.com/nomime.html
------------------------------
Message: 8 Date: Mon, 2 Jun 2008 07:47:56 -0400 From: Christian <christian@visr.org> Subject: Re: IOS Rookit: the sky isn't falling (yet) To: "Fred Reimer" <freimer@ctiusa.com> Cc: nanog@nanog.org Message-ID: <9b62cf2f0806020447r10fc3ed0i6be793d6db694fb@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1
here's the slides if anyone hasn't seen
http://seclists.org/fulldisclosure/2008/May/att-0668/EuSecWest_presentation_...
On Thu, May 29, 2008 at 11:27 AM, Fred Reimer <freimer@ctiusa.com> wrote:
New keys, to be stored on the crypto chip, would presumably be delivered in a separately signed package using a master key that would not change (embedded within the chip). Maybe Cisco even doesn't have this key, and would need to send a revocation or new public key to be stored on the chip to the chip manufacturer, who would sign it with the master private key and which then could be delivered in a software update to the system. There are many possibilities, and no crypto scheme is foolproof. That much has been proven. But no, you would not make the on-chip EEPROM of the crypto chip "flashable" in the normal meaning of the word. You would send the chip a pointer to a buffer that contains a signed update key, and the chip itself would verify that signature and only then program the updated key(s).
My intention was not to turn nanog into a crypto forum. I'd be much more interested in any unique methods that people use to harden their systems that have not already been widely distributed through vendor or industry best practices.
Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS Senior Network Engineer Coleman Technologies, Inc. 954-298-1697
-----Original Message----- From: Jim Wise [mailto:jwise@draga.com] Sent: Thursday, May 29, 2008 11:10 AM To: Fred Reimer Cc: Jared Mauch; nanog@nanog.org Subject: RE: IOS Rookit: the sky isn't falling (yet)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 29 May 2008, Fred Reimer wrote:
The code would presumably be run upon boot from a non-flashable source, which would run the boot ROM code through a check on the crypto chip and only execute it if it passed. You would not put the code that checks the boot ROM on the boot ROM. The new crypto chip would presumably have the initial boot code, which would only be designed to check the boot ROM signature and nothing else so presumably would never need to be replaced and hence would be designed to be non-flashable.
Doesn't this just push the chicken-and-egg problem up the chain one step? The ROMMON would be flashable (among other reasons) because the key used to sign IOS releases should change over the years -- gaining length as cycles get cheaper, being replaced periodically to prevent use of the same key for too long, and perhaps being revoked if it should ever be compromised.
If the ROMMON is itself to be verified by a prior, non-flashable ROM, then all the same arguments would call for making its key-list updatable -- and given the time-in-service seen by many such devices, any weakness in that key list would be around for quite some time.
- -- Jim Wise jwise@draga.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (NetBSD)
iD8DBQFIPsdRq/KRbT0KwbwRAkcmAJ4xOBtANHOc+C/fzL+7PvgWnjp76ACfSGUw 43+1Pq3xWS4MagWzdetZ0ws= =62gJ -----END PGP SIGNATURE-----
------------------------------
_______________________________________________ NANOG mailing list NANOG@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog
End of NANOG Digest, Vol 5, Issue 2 ***********************************