Slashdot Mirror

2004 Cisco backdoor
2006 Cisco backdoor

Can one linux box become a high performance router plus (summary of just new security features released this quarter, never mind all the functionality released the past 3 years)-

Stateful FW Failover
Zone-based Policy Configuration
Cisco Unified Firewall MIB
SSL VPN, including support for Cisco Secure Desktop
(Zone-based Policy Configuration means that administrators will be able to group physical and virtual interfaces into security zones to allow for simplified configuration of firewall rules. Firewall policies can then be applied to a zone rather than an interface. This will also simplify the process of adding or deleting interfaces on a router).

This is just a list of the NEW features released THIS QUARTER:

http://www.cisco.com/univercd/cc/td/doc/product/so ftware/ios124/124newft/124t/124t6/index.htm

* ACL Manageability
* ADSL HWICs
Introduces 2-port ADSL HWIC Hardware.
* ANI Suppression During L2TP Setup
* Certificate - Complete Chain Validation
* Cisco IOS Firewall MIB
* Cisco IOS IPv6 Configuration Library
* Cisco Modem Relay
* Cisco Text Relay for Baudot Text Phones
* Control Plane Logging
* DHCP Option 82 per Interface Support
* DHCP Relay Accounting
* Dynamic Frequency Selection and IEEE 802.11h Transmit Power Control
* Easy VPN Server
* Fax Relay Support for SG3 Fax Machines at G3 Speeds
* FHRP - HSRP Multiple Group Optimization
* Flexible Packet Matching XML Configuration
* In-Service Updates to Gatekeeper Zone Prefix Configuration
* Interface Input Queue Unwedging
* IOS Firewall Stateful Failover
* IP SLAs ICMP Jitter Operation
* IP SLAs--LSP Health Monitor
* IP SLAs RTP-Based VoIP Operation
* Management Plane Protection
* MGCP NAS Package LAPB-TA
* MPLS Embedded Management--LSP Ping for LDP
* MSCHAP Version 2
* NAT ARP Ping
* NAT SCCP Fragmentation Support
* Network Admission Control: Agentless Host Support
* New Voice and Telephony Features in Cisco IOS Releases 12.4T
* OCSP - Server Certification from Alternate Hierarchy
* OER Voice Traffic Optimization
* OSPF Enhanced Traffic Statistics for OSPFv2 and OSPFv3
* OSPF RFC 3623 Graceful Restart Helper Mode
* OSPF: SNMP ifIndex Value for Interface ID in OSPFv2 and OSPFv3 Data Fields
* Packet Mode Services on D Channel
* RIPv2 Monitoring with SNMP Using the RFC 1724 MIB Extensions
* RSVP Agent
* RSVP Application ID Support
* SCCP PLAR with DTMF Ou

Apparently UNC has been requiring students to have laptops for years now. http://chronicle.com/free/v48/i04/04a03101.htm http://newsroom.cisco.com/dlls/fspnisapi5a77.html

I am neither a MSFT nor GOOG fanboy but I would hesitate to judge their efforts too quickly. Indeed while there may be self-serving goals of these corporations the very fact that google.org's page and operations have been relatively muted since GOOG's IPO is testament to the fact that it has not been in the headlines.
The Gates foundation has given a significant amount of money to The Global Fund, for instance, and while their stance on prevention and/or treatment of HIV/AIDS is the grand scheme of this may not be always mainstream, they have quantifiably done more than many governments. The hiring of Brilliant hopefully means that there will be another voice for poverty alleviation, and maybe introduce a new paradigm in the workings of foundations and international development.
I would think that the work of Cisco in the Networking Academy Program, to name another corporate initiatives seem more suspect if you ask me.

They're stopping one American business from pumping money into an evil regime, while giving everyone else a more or less free pass. Where's the protests calling for people to stop supporting Cisco, whose involvement in the continuation of the great firewall of china goes back as far as at least 1998? Oh... there aren't any? The worst they're getting is occasional frowny faces on the Students for a Free Tibet blog? Hmm.

It's kind of just dumb. Google is basically being made into the collective conscience of America. We're expecting them to reject complicity in the Chinese regime, so that the rest of us don't have to. Except in doing this we're targeting one of the few companies who's actually potentially capable of making a positive effect in China if they do business there. The chinese-language Google page hosted outside China is still full and uncut; the Google inside china tells you when pages are censored and may be able to do more than that with time.

If these people get their way and Google pulls out of China, do you know what will happen? MSN Search will just step in and happily become the dominant and official search engine there. You'll have gained nothing, except now the western partner in censoring search within china will be someone who does it cheerfully and enthusiastically, instead of one who at least understands the gravity and inherent ethical problems of what they're doing.

USB 2.0 Spec download

Read 7.2 of usb_20.pdf
Devices default to low-power and as such can only pull one "unit load" (100mA.) If a device is configured to be High-power, it can draw five "unit loads" (500mA.) This is at 5V, so it will supply about 2.5W to a device (if you are lucky.)

IEEE 802.3af (better known as Power over Ethernet) would be a much better solution for the applications you mentioned (routers and hubs,) as well as others including IP phones, IP security cameras, and RFID tag readers. It provides power at 48V and around 15W. More info can be found here.

Euhm KISS ? http://www.kiss-technology.com/

http://newsroom.cisco.com/dlls/2005/corp_072205.ht ml

The list above thoroughly distorts the "benefits" of IPv6 - this list has become a troll which shows up during every debate. I challenge the author or anyone else to actually show how to configure all of those things.

For information about how broken routing is, take a look at NANOG - enterprises can no longer multihome.

For information about how broken autoconfiguration is, take a look at Running IPv6 by Iljitsch van Beijnum.

For information about how broken IPv6 is with regard to speed of routing and transmission, look at cisco - most IPv6 is software-forwarded, as opposed to hardware forwarded.

The other items in the list are things which IPv4 does AT LEAST as well as v6 (yeah, try getting AES-256 to work with IPv6 on an existing VAM2, without using IPv4 anywhere, and then talk to me about IPSec-v6...)

There are good and bad things about the protocol, but it's NOT the greatest thing since sliced bread, and that list is a heap of garbage.

-David

Their enemies are clear: anyone else, and especially cable companies, dark fiber owners, and anyone that thinks twice about FTTH-- if it's not theirs.

Hehehe, I have 20Mbps fiber which I am sure SBC and Comcast are not too happy about, but they can kiss my big black ass! As hard as it might be, we can only wish more small companies such as Surewest will be able to steal away customers from the behemoths.

A couple of Thermotron http://www.thermotron.com/ ovens,
some Omega controls http://www.omega.com/
all hooked up by their industry standard ethernet interface http://www.cisco.com/univercd/cc/td/doc/cisintwk/i to_doc/ethernet.htm
to a PC http://www2.sjsu.edu/faculty/watkins/pc.htm
and you have the same thing for less money.

Tell NASA to shoot for the moon NOT the moonpie!

The real question is who is selling China the infrastructure equipment to make all of the filtering they do possible. Now that is some company that is making a killing. They have got to be spending literally 100's of millions of dollars, perhaps billions, to do what they do. It's no wonder the US govt. wants to talk to Cisco. They will need one of their undocumented backdoors so they can go in and spy on the Chinese.

Look it's their country, right. If they were so worked up about it over there, why don't they do something about it. A billion people can't be wrong can they. And if a billion people want freedom why don't they have it already. You can't tell me that if they really wanted to be a democracy or whatever they couldn't make it happen.

So in the end, Google is doing what most of us Americans do, look the other way, buy our cheap ass Chinese made plastic shit and poor quality Wal-Mart goods and go home to our cable TV or MMORPG and forget about what's really going on out there. It's just what the corporations want you to do - go to work everyday, spend your money on crap you really don't need, never have enough so you have to borrow more because you have to have the latest stuff and in the end that's what we call freedom. Yeah right.

It has a very low false positive rate, and can be configured to prompt the user for each behavior, if that's desired. Most of the behaviors it stops are never benign, anyway. Keyloggers, mailing to every address in the address book, buffer overflows, self-modifying code, etc. Read more about it at http://www.cisco.com/en/US/products/sw/secursw/ps5 057/

It is my humble belief that the patent (5,425,085) dispute will not hold it's own in court. As noted above, the only 'winners' are the lawyers in their quest to sap productivity and line their own pockets.

The '085 patent attempts to teach about routing phone calls via a computer database and hardware. It was filed March of 1994, the standards for Least Cost IP routing where established well before that, example OSPF (Open Shortest Path First).

OSPF was derived from several research efforts, including Bolt, Beranek, and Newman's (BBN's) SPF algorithm developed in 1978 for the ARPANET (a landmark packet-switching network developed in the early 1970s by BBN), Dr. Radia Perlman's research on fault-tolerant broadcasting of routing information (1988), BBN's work on area routing (1986), and an early version of OSI's Intermediate System-to-Intermediate System (IS-IS) routing protocol.*

It will be quite fascinating to read the documents and observe how the idiots in the general media butcher the points the patent holders and the supposed wrong do-ers (google in this case) make.

It should also be noted that cell phone carious would also be implicated in this for they preform 'least cost routing' with in their networks (and as a defense Google might consider this). One could further argue that because the concept, questionable in its obviousness outside an in line hardware prefixer to operate over POTS lines, worked in routing POTS calls back in the early nineties does not mean it holds water in new medium. A medium which the patent neither foresees or claims hence does not teach in any respect.

Lastly the way the patent reads it sounds very similar and obvious to anyone skilled in the art. My example would be that of a PBX. e.g. Office A is connected through a switch and can contact Office B's extension without having to traverse the phone companies lines do do so. I believe that some high-end PBX's back in the eighties had the ability to 'filter' calls based on the number dialed hence some routing functionality.

* http://www.cisco.com/univercd/cc/td/doc/cisintwk/i to_doc/ospf.htm

The wattage specification has to do with the current that is going IN to the PSU.

So, that's 1000 watts @ 110 -120 V = 8.3 Amps, meaning you can have two on one 20 Amp circuit.

The Cisco PSU only gives the full 4200 Watts when fed by two 220 volt circuits. That's 4200 w @ 440 Volts = 9.54 Amps

Check the specs. Do the math. W=VA (A bastardization of Ohm's law, I'm told.)

Even that doesn't help as many P2P programs use port 80. If they don't already, they'll likely start embedding HTML tags in their protocol to avoid detection.

Cisco has a nice IOS feature called NBAR (Network-Based Application Recognition): http://www.cisco.com/univercd/cc/td/doc/product/so ftware/ios122/122newft/122t/122t8/dtnbarad.htm

It's a L7 filter you can use to identify P2P traffic from all popular applications, then apply rate-limiting rules to throttle or eliminate it. Works great, although you need a router with some horsepower if you're pushing a decent-size load through.

6000W power supply (requires two inputs to get peak output) for Cisco 6500-series switch: http://www.cisco.com/en/US/products/hw/switches/ps 708/products_data_sheet0900aecd801c5c84.html

Gotta love all of the power required for hundreds of VoIP phones and other PoE devices :)

Is there absolutely only one entry point into the network? Or do you have local LAN users, plus remote dialup users, plus maybe a remote building or two, plus an internet gateway?

Draw a network diagram, including all possible entry points. Now, where is that single firewall going to sit, to cover all of them?

Personally, I'd go with a mixed router and hardware firewall configuration, probably with some IDS capability, but "small" doesn't tell me much of anything. So in lieu of something that doesn't fit, I'm going to say, if you do go with software instead, you really need coverage on every entry point you can afford to cover. You also should be running host intrusion detection on the most important database and command servers, if at all possible.

Oh, and don't forget, you need to have a written security policy before doing a lot of configuration, to keep things consistent and to save yourself a lot of grief. It also helps when you have to figure out if someone is getting through, and how.

Tell you what, go poke around on Cisco's website for their SAFE blueprint, and you can start with this. You can learn the basic conceptual stuff for free, and then implement scalable design choices using their stuff or someone else's.

How do the ISP's block or attenuate traffic speeds for certain services?
with devices like this: http://www.cisco.com/en/US/products/ps6151/index.h tml

"The Cisco System is self-defending" made me burst out laughing. I almost expected them to look straight at the camera and give an 800 number after that. I do wonder if Halliburton is sponsoring all the torture scenes, there seems to be rather too many of those than necessary.

I didn't mind Cisco's ads on last season's 24. I would rather see the characters using real products like Cisco's IP Phones than some propmaster's incorrect vision of what an IP phone should look like. Ford also sponsors the show and they drive big Ford trucks. Toyota sponsored the DVD preview of Season 5 and you see Jack driving a Toyota. Last season on Smallville, Clark used the red Old Spice deodorant - it was in his locker and on the big banner over the football field.

Product placement is only bad when it's inappropriate and doesn't flow with the show. I sure wouldn't want to see Jack Bauer and Chloe O'Brien discussing Kotex Tampons or Vagisil cream as he's about to waste some terrorists. Or President Palmer plugging Uncle Ben's rice at a press conference. But if they are looking for a USB flash card containing Top Secret information, I don't mind them mentioning SanDisk.

http://www.cisco.com/now/24/indexIPcommunications. html Sorry about the quicktime... Click away...

"The technology has become mature and we will use Cisco's network admin control."

Unless Cisco is doing something we don't know about, Wifi security is nothing to rely on.

I've looked up Cisco's Network Admission Control framework, and it reminds me of the TCG's Trusted Network Connect specification.

The cool thing about these phones is each phone gets its own real phone number as well as internal extension. We are located in California and when we have trade shows in Florida we take one of these phones and plug it into any ethernet jack. The phone auto-configures itself and you get the same phone number and extension and you can call other people in the office on speaker as if you were in the next cubicle. Pretty rad. Hope this helps.

- Cisco buys SA (Scientific Atlanta)
- Cisco recently bought danish company Kiss Technology - now part of the linksys division (Some of you might remember them as the first company coming out with a Mpeg4/Divx set top DVD player)
(http://newsroom.cisco.com/dlls/2005/corp_072205.h tml)
- Kiss has a long standing relationship with chip maker Sigma Designs, Inc.
(http://www.google.com/search?q=Kiss+Sigma+Designs )
- Sigma and Microsoft are working together to enable Windows Media CE product, including Kiss products
(http://www.microsoft.com/presspass/press/2004/nov 04/11-30sigmadesignspr.mspx)
- Sigma is working with Microsoft on their MSTV IPTV platform.
(http://www.microsoft.com/presspass/press/2005/sep 05/09-08SigmaIBCPR.mspx)
- SBC plans to release IPTV service using the MSTV platform.
(http://www.microsoft.com/tv/content/PressReleases /SBC04_IPTV.mspx)
SBC will use Motorola and SA set top boxes for this (service.http://www.sbc.com/gen/press-room?pid=480 0&cdvn=news&newsarticleid=21772)

Obviously Cisco wants to be a player in the IPTV space.

This article is interresting also, cisco was not named, so they must have realized that their were getting out of the loop. Not anymore with the SA acquisition: http://www.forbes.com/facesinthenews/2005/09/09/tv -broadcasting-microsoft-cx_dl_0909autofacescan06.h tml?partner=yahootix

Hi, there's a video (from Cisco):
http://newsroom.cisco.com/Newsroom/flash/evp/?vidi d=955B868E49E525C3AD0F877DF4845507&topic=Customers &subtopic=ALL

oops, in my haste i pasted the wrong link. Here's the REAL link to Cisco's video: http://newsroom.cisco.com/Newsroom/flash/evp/?vidi d=955B868E49E525C3AD0F877DF4845507

I recently downloaded and gave a try to Auditor, which comes bundled with a list of exploits for nearly all recent software flaws (not just Cisco) and for which there is a public advisory and exploit code available. Scary, but necessary. In the wrong hands though, this can be turned into a powerful DOS software collection.

From the Cisco security advisory:

Summary

Multiple Cisco products contain vulnerabilities in the processing of IPSec IKE (Internet Key Exchange) messages. These vulnerabilities were identified by the University of Oulu Secure Programming Group (OUSPG) "PROTOS" Test Suite for IPSec and can be repeatedly exploited to produce a denial of service.

Cisco has made free software available to address this vulnerability for affected customers. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. (emphasis mine)

Then later in the same document, there's a whole section about Obtaining Fixed Software including a subsection for Customers without Service Contracts (emphasis mine) which I assume is your case.

Yes, but in order for all that to happen, they pretty much have to already know something about the darknet or a member of it, or figure out how to differentiate "darknet traffic" from normal network traffic.

You know we know how to pickout this sort of draffic already, in an entirely automated fashion, right? ;-)

If a darknet wants to hide itself further, they can use can use software that will encrypt data, talk on standard ports, even utilize stenography. Then it's going to be nearly impossible to spot darknet traffic without some sort of detailed and expensive analysis.

As I've already mentioned, it's really not all that difficult. All you have to do is have the system note the source and destination and the type of traffic - what port(s) it's on and what type of data is actually being transmitted (and in the case of encrypted data what sort of traffic does it appear to be - e.g. VoIP, HTTPS, etc.). The existance of tools like netflow are what help make this straightforward.

The reason it's fundamentally easy to spot is there is a limit to amount of traffic in, and the length of, any legitimate VoIP/HTTPS/SSH/etc. session (not least to a single destination - especially when it's destined for somewhere that is labelled as being a DSL, cable user or college dorm netblock).

If the data is there, it's always going to be mineable, and there are actually quite a few tools (both hardware and software) designed specifically to help you get at it, primarily to aid network engineering and to allow for Usage Based Billing. Stopping users trying to get away with hogging all the bandwith by stuffing networks full of P2P junk traffic is a big driver for UBB.

Though personally I don't think there is any real hope for UBB, the technology involved is useful for doing for traffic engineering, because once you have the data required for it you can start to identify and manage traffic much more effectively, and ensure that excessively high volume users get special treatment and that the system automatically limits any negative impact they would otherwise have on other users who have to contend with them.

Lucent / Livingston PortMaster, Cisco 5200, 5300, 3600 and a T1 line or an E1 line, dependig on country. These days you can do it on a 260 as well.

Essentially, one of the sides of the connection had to be digital, if you ran two analogue signals (Two modems) back to back, you got 36K, but they found out if that one of the sides of the connection was digital, and was essentially guaranteed to be error free, they could push the speed at which that side transmitted. Hence what the other side recieved at. Whether you actually got 56K was also extremely dependent on the quality of your line. I remember being about 200m away from the exchange on the copper run (I worked at an ISP, so we had a line run for testing) and still only getting 52K.

We used to tell customers it was just the theoretical maximum as nobody in the country at the time had a chance in hell of getting those speeds.

Lucent / Livingston PortMaster, Cisco 5200, 5300, 3600 and a T1 line or an E1 line, dependig on country. These days you can do it on a 260 as well.

Essentially, one of the sides of the connection had to be digital, if you ran two analogue signals (Two modems) back to back, you got 36K, but they found out if that one of the sides of the connection was digital, and was essentially guaranteed to be error free, they could push the speed at which that side transmitted. Hence what the other side recieved at. Whether you actually got 56K was also extremely dependent on the quality of your line. I remember being about 200m away from the exchange on the copper run (I worked at an ISP, so we had a line run for testing) and still only getting 52K.

We used to tell customers it was just the theoretical maximum as nobody in the country at the time had a chance in hell of getting those speeds.

Lucent / Livingston PortMaster, Cisco 5200, 5300, 3600 and a T1 line or an E1 line, dependig on country. These days you can do it on a 260 as well.

Essentially, one of the sides of the connection had to be digital, if you ran two analogue signals (Two modems) back to back, you got 36K, but they found out if that one of the sides of the connection was digital, and was essentially guaranteed to be error free, they could push the speed at which that side transmitted. Hence what the other side recieved at. Whether you actually got 56K was also extremely dependent on the quality of your line. I remember being about 200m away from the exchange on the copper run (I worked at an ISP, so we had a line run for testing) and still only getting 52K.

We used to tell customers it was just the theoretical maximum as nobody in the country at the time had a chance in hell of getting those speeds.

Lucent / Livingston PortMaster, Cisco 5200, 5300, 3600 and a T1 line or an E1 line, dependig on country. These days you can do it on a 260 as well.

Essentially, one of the sides of the connection had to be digital, if you ran two analogue signals (Two modems) back to back, you got 36K, but they found out if that one of the sides of the connection was digital, and was essentially guaranteed to be error free, they could push the speed at which that side transmitted. Hence what the other side recieved at. Whether you actually got 56K was also extremely dependent on the quality of your line. I remember being about 200m away from the exchange on the copper run (I worked at an ISP, so we had a line run for testing) and still only getting 52K.

We used to tell customers it was just the theoretical maximum as nobody in the country at the time had a chance in hell of getting those speeds.

Yes, in the long run it is really worth it to build fiber infrastructure. Companies like Surewest are investing for the future, and will play a big role in competing with the telcos and cable companies. I am lucky enough to live in an area where Surewest offers service, and they have 10Mbps and 20Mbps bi-directional packages available. I know it is nothing compared to the service you can get in other countries, but to have that big of a pipe to the Internet in Northern California is damned good. Surewest equipment is full 100Mbps, and can scale to 1Gbps without much upgrading (relatively).

Yes they do! See http://www.cisco.com/univercd/cc/td/doc/product/so ftware/ios123/123cgcr/ipv6_c/sa_tunv6.htm#wp102717 3

IPv6 came around in IOS about version 12.2

What you are talking about is the Cisco Wireless Location Appliance This is a newly acquired product by Cisco (they purchased Aireospace). Out of the box it does not do everything offered by the MIT solution, but it does have an open API. Not saying what MIT is doing is not cool, just saying this sort of thing is not completely original.

It looks like this patch adds countermeasures to the original patch for this problem back in July? Here was the initial patch for this problem.

An Exchange-killer.

Have you tried Open Exchange? Not that exchange is appropraite to a discussion on the Desktop market.


A definitely legal method of playing encrypted DVDs.

Try xine! (btw Xine is an awesome app!)


For 3rd-party companies (Intuit, Adobe, Autodesk, etc etc ad nauseum) to release either Linux or Wine-friendly versions of their apps.

If you can't find an alternative application in Linux you could always run Windows through VMWare - you can also disable network support for the VM so that you always have a nice clean copy of Windows instead of one riddled with ad/spyware! Further you'd be surprised how fast this can be, I run an AMD 1600+ with 1GB and Windows runs very fast in VMWare.


For companies like Cisco to make it easy to run the VPN Client.

Cisco VPN client for Linux!


A perfect VT220 emulator. There are many in the Windows world.

xterm & gnome-terminal can be used to emulate VT220, for the latter it's as simple as adding a line to your xresources file.


Better wireless support, both thru more drivers from "industry", and better "management" front-ends.

I think you'll find that Wireless support in terms of drivers is just as good in Linux as it is in Windows - just install ndiswrapper and use the windows drivers!


Better looking fonts. Sure, fonts are 100x better looking than they were in 1999, but they are still better looking in Windows.

If font's are so important to you, why not just use the Windows true type fonts in linux??


In my opinion the reason people don't migrate to Linux is because they either think it'll be too hard to use or, like the parent poster, they believe that Linux won't be able to do what Windows can - and don't bother to do any research as to whether they're correct or not.

Haydn.

Carrier-level equipment is already capable of handling these speeds.

Kailash Nadh writes to tell us ABC News is reporting that IBM is teaming up with several other companies to form a group called Aperi. This group will attempt to "push the open source idea deeper into computing" and "free up the bottlenecks that can occur when a business has bought tape and disk storage systems from a variety of vendors." The partnership is to include companies like Cisco, Sun, Fujitsu, and several others.

I was going to mod you up but you didn't provide any examples.

Let me try again:

Your dying bird analogy is OK, because that's pretty much how it acts. But they say a router is "flapping" because its routing tables are flailing about aimlessly like maps to the Superdome.

So, it describes what's actually happening, not how it compares to something your cat's trying to eat.

I'm sure you know this, but for the rest: "flapping" is the common term for when a router's routing tables rapidly cycle between two invalid states. The dead bird analogy is pretty descriptive, but the term "flapping" has technical and not allegorical origins.

I wonder how this will work for non-Windows machines trying to gain access?

Somebody mentioned the Cisco Clean Access Agent in a previous post, googling around a bit shows that only Windows is supported for the AV/Patch scan, and this is easily bypassed by changing the User-Agent on the HTTP login page. Details here

Cisco's canned response is to use Nessus to determine the real OS, or write your own plugin. Although windows boxen are probably the most common, and the biggest threat, non-Windows products need some sort of working by-pass that doesn't involve simply spoofing the UA.

Reply to clueless slashdotter:

NAC Phase 1 was deployed using EAPoUDP (EAP over UDP). It used routers to quarantine devices. It is a layer 3 solution. Other devices could still infect layer 2 connected devices.

NAC Phase 2 (just announced) is deployed using EAPo802.1x (EAP over 802.1x). It uses switches to quarantine devices. It is a layer 2 solution. Thus an infected device cannot infect other layer 2 devices.

http://www.acuitive.com/musings/hmv7-12.htm

http://newsroom.cisco.com/dlls/2005/prod_101805.ht ml

Cisco's Internetworking Technology Handbook is a bit dated but a great base resource downloadable in pdf.

Pair the above with IBM's TCP/IP Tutorial and Technical Overview, and round things off by downloading Bable: A Glossary of Computer Oriented Abbreviations and Acronyms since you'll be in acrynom hell.

Probably few /.ers need the above but they've given me a good overview and reference.

For What it's Worth :)

hmm, thanks, i'd not thought of that. HP do some nice sounding ADSL2 modules for their routers and have equal features _save WLAN_ plus you get GbE ports, but they're not in the same price class, by a long way

so i did my research, and if you read the product spec at http://cisco.com/en/US/products/hw/routers/ps380/p roducts_data_sheet0900aecd8028a976.html

you find:

  876: ADSL over ISDN (ADSL2/ADSL2+ hardware ready)

  877: ADSL over analog telephone lines (ADSL2/ADSL2+ hardware ready)

which may mean all or nothing, as these won't be standard WICs, but this does somewhat contradict your first thought, and I'd say this is one very featured router for small office / home lan use. Moreover they actually got around to supplying (some kind of) GUI setup with these . . .

thinking of geting one, not pumping the product.

Try a Cisco 87x router. These are sold in the UK, are fully IPv6, provide 4 10/100 ports in case your switch is v4 only, offer WLAN 802.11b/g option (does this carry v6? i dunno) and have lots of other nice features as well. Haven't had time to check compatability. Expensive - ish, see : http://www.broadbandbuyer.co.uk/Shop/ShopDetail.as p?ProductID=2277&CategoryID=325&ShopGroupID=78 (the top model in the series) but available now.

Data sheet : http://cisco.com/en/US/products/hw/routers/ps380/p roducts_data_sheet0900aecd8028a976.html

  IPv6 addressing architecture

  IPv6 name resolution

  IPv6 statistics

  IPv6 translation-transport packets between IPv6-only and IPv4-only endpoints

  ICMPv6

  IPv6 DHCP

Until the ISP backhaul is routing IPv6 it's still not native all the way, so A&A or whoever your ISP is doesn't. Ask for a allocation and tunnel to the 6bone. Until not so long ago NTT UK offered ranges and free peering, and there were other free v6 peering intiatives. coupl'a years since i cared much about this so forgive me if anything changed (save the ready availability of IPv6 capable routers). Hopefully POPs with lots of LLU will be the first to go native in the UK, so we can have v6 and >=8Mbps to cope with all that traffic from my fridge, cooker, clock, toilet, kitchen drawer, hallway light . . .

What percentage of products from Linksys, a division of Cisco, ship with IPv6 support?

I called them and asked--Linksys stated that none of their current products support IPv6, but if it ever becomes popular then an update will be provided at no additional cost to the customer.

So, as a follow on question, I brought up that the same claim of an update at "no additional cost to the customer" was stated a year ago when I bought the WET54G v1.1 which provides no WPA support ("but will be supplied via a free update later.") Tech support now states that WPA is only supported with v2.0 hardware and the firmware for v2.0 hardware can not be used on v1.1 hardware. The recommendation is to continue using WEP or purchase v2.0 hardware at the full purchase price.

When asked if IPv6 will truely be a "no additional cost update" or actually be a re-purchase like going from WET54G v1.1 hardware to WET54G v2.0 hardware just to get WPA support, Linksys could not provide an answer.

Cisco backing IPv6 is just like Cisco backing TCP Explicit Congestion Notification (ECN) while at the same time they are blocking use of ECN.

If Cisco is going to talk the talk... it would be nice if they got their company/divisions in line to actually walk the walk. Then again, it seems like one thing you can count on with John Chambers running a company is alot of hot air being produced. If only hot air could be used as an update to support WPA or IPv6.

Well.. it's nice to know that MSFT has decided to implement what Cisco has been delivering for years... http://www.cisco.com/en/US/netsol/ns340/ns394/ns15 8/ns88/networking_solutions_package.html

I wish MSFT would just realize they are an OS/application company and not a networking company....