• 802.3af is the POE specification.
• FAST is Flexible Advanced Stacking Technology
• DVMRP is Distance Vector Multicast Routing Protocol
• Deep Packet Filtering – Match any field in the first 80 bytes.
• CANA is Custom Auto-Negotiation Advertisements
• MPLS is Multi-Protocol Layer Switching
• PIM is Protocol Independent Multicast
• IGMP is Internet Group Management Protocol
• IDS is Intrusion Detection System
• IPS is Intrusion Prevention System

• Stackable vs Modular ERS
  • Small – 1-1500 users
  • Medium 500-3000 users
  • Large 2000+ users

I can see other uses for one of the discontinued applications (pcapdiff) in doing packet capture comparisons between two end points (to check packet captures for differences, specifically dropped or spoofed packets).

ping www.google.com -n 1 -f -l 1500

If the response includes

Packet needs to be fragmented but DF set

then lower the -l value by 10 and re-test.  Once you get a reply from your target address, increment the -l value by 1 until you cannot increment -l without receiving the above framentation message as a ping result.

This is your maximum MTU

Since DNS cache poisoning attacks are far beyond my normal realm of responsibility, it’s hard for me to really talk about the topic.  I did make a post about it on my work blog a few days ago, but only because Microsoft released a patch for Windows DNS servers [MS08-037] and Nortel commented on it’s applicability to Nortel servers in a bulletin.

However, when you digg your news, you find all sorts of interesting things.  One thing I found last night was a link to a website talking about the DNS vulnerability found by Dan Kaminsky.  The main reason that I make this post now is because Dan did something really useful.  he made a little web tool and posted it on his blog which tests to see if your DNS server is vulnerable to the flaw he discovered.

The picture above came from the results of the website where I first found out about this tool.  My results are as follows:

(I included a bit more text above the Check My DNS button than the other poster did.)

If you want to know how secure your ISP’s DNS server is, go to Dan Kaminsky’s website (click the image at the top of the post) and try out his DNS Checker yourself.  If your ISP hasn’t patched yet (and some 40% or more DNS servers haven’t been according to one statistic I read) then the next time you visit your credit card company, or online bank statement, you just might be giving away your username/password to identity thieves.

Of course, if we were all using Perfect Paper Passwords with all of our online banking websites, such a vulnerability wouldn’t be a big issue.  You might type in 1-2 password combinations from your PPP crib sheet before realizing that something was amiss, but even so, the thieves wouldn’t have anywhere near enough information (or enough of your PPP password sheet) to hack your online identity.

Step 1: Connect to 5520 via Telnet
Result: Prompted to press Control-Y to enter Nortel Menu

Step 2: Press “M” for SNMP Configuration submenu
Result: Presented with SNMP Configuration submenu

Step 3: Press the “down arrow” twice to reach Trap #1 IP Address
Result: Trap #1 IP Address field is highlighted

Step 4: Type 10.101.1.31 and press enter
Result: Trap #1 IP Address field is configured with 10.101.1.31

Step 5: Press the “down arrow” once to reach the Trap #1 Community String
Result: Trap #1 Community String is highlighted
NOTE: string is displayed as all astrisks for security reasons

Step 6: Type the community string (e.g., “public”) for the trap receiver and press enter
Result: Trap #1 Community String is configured
NOTE: string is displayed as all astrisks for security reasons

Step 7: Press Control-C to return to the Main Menu
Result: Presented with Main Menu

Step 8: Press “L” for Logout
Result: Disconnected from the 5520

NOTE: Changes to 5520 are saved as soon as they are made.

[link] Nortel ERS 8600 beats Cisco 4500 showing between 75%-301% higher fowarding rate and 12% greater power efficiency.  Nortel has been working heavily on becoming a “Green IT” manufacturer.

[link] 2008 Test Summary: Nortel Performance, Resiliency and TCO Comparison to Cisco/HP ProCurve Across Network Classes

[link] Nortel’s “Green IT” beats Cisco (summary notes: Cisco has a higher up-front investment and double the recurring power cost of a comparable Nortel data switch)

[link] 2006 Advertising insert for the Tolly Group showing various winners.  3 of the 5 products listed are Nortel products.

Thanks to Digg for finding this.

I’ve read some of Bruce’s work from time to time for over 8 years and have always been impressed with his work in cryptography and security.  The interesting points in this article include things like

“Not that we really have any idea how to mess with Storm. Storm has been around for almost a year, and the antivirus companies are pretty much powerless to do anything about it.“  – Bruce Schneier [Wikipedia Bio / Bruce's Website]

And a link from the post to the author of an analysis of Storm’s (the name of the Worm) potential, leads us to:

“It is worth mentioning that multiple DDoS attacks have occurred in the December and January timeframe, targeted at anti-spam sites and anti-rootkit software developers. An attack was even launched against the personal website of the author of this analysis, in retaliation for research into botnet-controlled pump-and-dump stock spam. These attacks have been determined to be from no fewer than three independent and unrelated botnets. We see now the spam war is escalating to new levels. It could be that the spammers have been emboldened by the successful attack on BlueFrog last year, which shut down a service that was affecting the spammers’ ability to conduct their “business.” With no repercussions from that attack, or even older attacks which shut down certain DNS blocklists, it seems that more spammers are willing and able to attack anyone who threatens their profit potential.”  – Joe Stewart

I’ve always thought that the design of a worm or virus that does damage is self defeating, as Bruce points out:

“Old style worms — Sasser, Slammer, Nimda — were written by hackers looking for fame. They spread as quickly as possible (Slammer infected 75,000 computers in 10 minutes) and garnered a lot of notice in the process. The onslaught made it easier for security experts to detect the attack, but required a quick response by antivirus companies, sysadmins and users hoping to contain it. Think of this type of worm as an infectious disease that shows immediate symptoms.

Worms like Storm are written by hackers looking for profit, and they’re different. These worms spread more subtly, without making noise. Symptoms don’t appear immediately, and an infected computer can sit dormant for a long time. If it were a disease, it would be more like syphilis, whose symptoms may be mild or disappear altogether, but which will eventually come back years later and eat your brain.” – Bruce Schneier

Talk like this always wants me to go in to the cryptography and security industry.  A challege like this (to thwart the constant evolution of destructive or disruptive software) would be exciting.  Perhaps if my career moves more towards networking it would be possible to pursue this at some future point in my life, but to do so now would be such a huge change in direction for my career track that I would be entry level at best.