Slashdot Mirror

Have you ever even *looked* at Cisco PIX firewall rules or ACLs on a Cisco router? They don't use iptables, pf, or ipfilter.

Some links as examples (took <1 minute on Google):

ACLs - http://www.pasadena.net/cisco/secure.html

PIX command reference - http://www.cisco.com/univercd/cc/td/doc/product/ia abu/pix/pix_sw/v_63/cmdref/index.htm

Okay, since there seem to be folks that are actually taking this guy seriously, I guess I really have to debunk him point by point:

1. Cisco routers suck at IPv6.

One word: IOS 12.3.
Also, in 12.3T series, you get functionalities like stateful firewalls for IPv6. Check out Cisco's IPv6 status here.

2. There are too many addresses.

640 kB should be enough for everybody.

And yeah, I know Bill Gates never said that.

IPv6 addresses are too large. The problem with a 64-bit network prefix is that routing tables become massive.

This has been addressed. Summary routes are there. The IPv6 addressing structure is quite hierarchical, so even that /64 prefix that the end-user sees is quite nicely broken down into categories.

4. The IPv6 header is too large

Minimum MTU for IPv6 is 1280 bytes, not 576. Also, IPv6 header structure is extendable, ie the last field in IPv6 header is a pointer to an optional field. This optional field can in addition to it's own information refer to even more fields, in daisy-chain fashion. There is much bloat in IPv4 headers and lots of bit-alignment problems when building hardware to forward IPv4. IPv6 addresses these details by daisy-chaining optional headers and keeping the stationary fields simple.

I must agree here. Working for a large company, 10,000+ users that have a 45 Meg Internet connection I have seen first hand even the most powerful Linux solution can not handle the load and log files that are needed. We ended up pulling out a cluster of 2 linux boxes load balancing NAT connections and replacing them with the PIX 535 firewalls. This was without this solution handling any of the VPN requirements. VPN is a whole other ball game. Cisco is in this business, and the stuff is priced reasonable enough.

there's nothing inherently wrong with using proprietary communication protocols, especially when they're being used by a for-profit company.

That's where you're most completely wrong. Using a proprietary protocol is absolutely inherently bad. Especially if you're not in big business, but the millitary. I don't have time/space here to fully explain (but the links give clues), and others have written volumes.

practical reasons to not use this software do include the presence of DRM

Neither X_Bones nor Saeed al-Sahaf has given any explanation as to why DRM is impractical. In another thread it was pointed out that Saeed al-Sahaf's reaction to DRM was hardly more than an ingrained revulsion to a hated acroynym. (He immediately Godwinned)

I can think of one reason why DRM might be a negative (beyond the fact that it implies a proprietary protocol), and that is that it probably won't completely work. Users expecting protections that aren't really there may put themselves at risk. But maybe you can give some better reasons.

lot of money for something you yourself said could be done in an hour

In case you didn't pick up on this, Groove is bloatware, and only 15% of its features are needed by a normal user.

Here, I'll write one line that encompasses 60% of the features an average user needs from Groove.
25 6 * * * user rsync -e ssh user@ourproj.dyndns.org:/home/gruv/data ~user/gruv/data;chmod -R -w ~user/gruv

The other 40% functionality can be accomplished by 20-40 more lines. But of course then one more challenge is faced: convincing the network admin to allow ssh traffic. If he's smart this is already done, but if he's stupid it's impossible. So then one must turn to one of the many how-tos explaining how to pierce overly-restrictive firewalls. (It's quite funny that the main reason people are installing Groove is that it subverts their firewalls)

(even though the necessary tools are freely available on that platform, and better yet aren't tied to it)

First, I think I'd need an actual Microsoft Windows, which is non-free (and in fact 299 dollars). The .Net 7.x compiler system is also rather pricey, but I could squeak by with gcc prehaps.

But then for every other user, the necessary additional tools are sshd, crond, and python. I could convince an average Windows user to install maybe one of those, but not all of them.

However the Cisco 7920 phone current only supports Cisco's proprietary SCCP (aka "skinny"), which means you have to have a CallManager or router/h.323 gateway running CallManager Express to use the phone. There aren't currently plans to make a SIP image for the 7920 (whereas the desk phone 7940/7960 can be loaded with either SCCP or SIP image loads).

On the plus side, the Cisco 7920 supports Cisco's proprietary LEAP so that the phone is re-keying WEP as often as you set it (9.1 minutes is enough time to get enough WEP keys at the smallest packet size transmitting at 1000 pps). Of course, again this means you need a Cisco Aironet AP and Cisco ACS server to support LEAP.

But then none of the traditional wireless phones are encrypted to my knowledge...

For those worried about WEP issues, see Cisco's Cisco Wireless LAN Security Bulletin.

Cisco 7900 Series IP Phones Nifty indeed...

Hi there! What planet are you from?

Cisco has had wi-fi VoIP phones for a year. A friend uses them at work at they are rather nifty. I think there might be some handover issues since mobile IP isn't really fit for fight yet.

Here's the product page.

If you google for wi-fi phone you'll find there are some others as well, but coming from the PDA end of the spectrum.

Plus Nokia's latest phone/pda has wi-fi as well, but I don't think you they are available in stores yet.

With the fall-off in TV ratings, it seems that ads will soon be creeping into computer games. This will include product placements in traditional games and free games that market products. I notice that EA already has a director of advertising sales.

With no "fast forward" in games, players will have little choice but to be exposed to these product placements (other than avoiding/abandoning the game). I wonder if game makers will offer dual-versions of games -- an ad-free version for $99 and an add-supported version for $29? Given people's tendency to by the cheaper option, wonder which version will have the highest sales?

Wow... this is just fascinating reading... bored teenagers run amok and DoS'ing severs so they can take over IRC channels. *YAWN* Shame on the ISP's for allowing this to happen in the first place. Shame on CISCO for not having their "Self-Defending Networks" Flash marketing campaign done sooner so the whole Internet would be safe for Democracy (and safe to purchase CISCO client licenses).

If the script kiddies just had a list of IP addresses for offshore outsourcers, they might be able to use DoS attacks to permanently disrupt communication between the US & India and possibly save their future IT jobs. However, I can see how chasing the lone teenage girl on IRC would take priority. Get a life!

Cisco ATA 186 lists for $170, but check the street for a better deal.

just ask cisco what SIP is.

because with cable technology, upstream is f'in *rare* and expensive.
Be a *real* geek, and discover how things work. For example, go take a look at this.
Notice it has 2 downstreams, and 8 upstreams.
Each DS is around 35M (average, depends on frequencies, modulation, and so on.).
Each US is around 1.5M (average, depends on frequencies, modulation, and so on.).
check out the price of those cards. Your cable provider would need 1 of those for each 8 morons who uncapped their upstream (you can't use more than one US channel with one cable modem).
They simply can't afford this, for the price you pay, and hope to make a buck.
Oh, and for uncappers everywhere.... On DOCSIS, you may uncap your cablemodem, you may disguise it cleverly, but it *still* shows on the routers.
I should know...I work at a cable network operator and i'm currently working on the automatic and periodic check *on ther routers* of the negociated DS/US by each CPE with the CMTSs, wrt to subscribed down/upstream plans.
Some people are in for a major spanking, and the end of their service.

"Future of Phones. An in-depth overview of IP Telephony and WiFi phones, and how this technology will revolutionize the office and our lives."

http://computer.howstuffworks.com/cable-modem.htm/ printable. Tons is defined by the cable company. Kludges are built into the DOCSIS standard. Rate limiting is no longer only handled at the cable modem itself.

If your cable modem experiences slowdowns at peak hours, blame the company, not the product.

ISPs are not common carriers.

The legal responsibility which an ISP assumes for carrying traffic is still very much a grey area, at least in the US.

I'd recomend getting a Cisco CCIE (cisco certified internetwork expert) certification if you have any interest in networking. It'll take a few years, but you'll be made for life career wise if you pull it off.

What has been described here sounds very similar to the SSG-SESM solution from Cisco Systems. This has been around for a very long time. I have been part of a project to implement an SSG solution for traffic accounting on a University network. We capture and redirect clients that have not logged in to a login page and once they have been authenticated, their browser continues to the originally requested location.

In other projects this has been implemented as short DHCP leases and a bogus DNS that returns the same address for any hostname asked for. See NetReg2 for more details.

I agree with you that the only certifications worth pursuing are security related. In this day and age of the Internet and e-commerce people with knowledge of security are one of the few few I.T. fields in high demand. The Cisco CCIE and CCSP are good places to start but nothing beats real world, hands on, experience. If you pursue certs like those try to follow them up with hands on experience. Use your free time (your unemployed so that's not a problem) to do volunteer or low wage work for local charities and non profit orginazations. Not only are you helping a good cause but your also building up real world knowledge of the topic. For a recruiter or a clueless HR manager, that often goes a long way.

I agree with you that the only certifications worth pursuing are security related. In this day and age of the Internet and e-commerce people with knowledge of security are one of the few few I.T. fields in high demand. The Cisco CCIE and CCSP are good places to start but nothing beats real world, hands on, experience. If you pursue certs like those try to follow them up with hands on experience. Use your free time (your unemployed so that's not a problem) to do volunteer or low wage work for local charities and non profit orginazations. Not only are you helping a good cause but your also building up real world knowledge of the topic. For a recruiter or a clueless HR manager, that often goes a long way.

Or you can go for this Cisco 802.11 IP phone. Probably a bit cheaper than PDAs (I'm guessing, I didn't compare prices) and is sure to work a lot better.

Cisco sells wireless VoIP handsets.

...popup ads [...] seems penny-wise and pound-foolish, sacrificing long-term customer satisfaction [...] for a potential short-term boost in sales

Some pop businesses will buy a big load of product and act as "resellers". Once the product sold out, all the customers (pop viewers with spyware installed) saw the popup 100 times, any potential buyers where found. They start over with another product.

I know the spyware from Total Velocity does this (and a lot more).
The actual creator/distributor is "Santa Monica Networks" (smni.com).

They start by analyzing the most popular searches and web sites for the last few weeks or months, from the data accumulated through the spyware.

Then they find a related product, and make a "test run" of very few popups (~1000), not enough to create a wave of complaint. If sales are good they buy a big quantity for a good price. (Good is a 2% click on pops and 2% sale on clicks for clients recently searching or surfing for a similar product).

The Spyware, an autonomous EXE, opens a seperate IE process, so no embeded add-on pop-up blocker works!

Here is part of the term of use(from Kephyr spyware library) site:
"By using the Software, you may be exposed to contaminated files, computer viruses, eavesdropping, harassment, electronic trespassing, hacking and other harmful acts or consequences that might lead to unauthorized invasion of privacy, loss of data and other damages."

To add insult to injury, most of the soft. dev. done offshore in Estonia (www.smn.ee) and Lithuania (www.smn.lt), are involved (?) in several "network" and "network security" groups and consulting partnership (like at CISCO).

If you need to research them for your MBA or something, the business is:

Santa Monica Network Inc (SMNI.COM)
227 Broadway st. S.304
Santa Monica 90401

Lead Engineer:
Alex Karelin (original creator of the spyware)
alex@smni.com

In a free market, this would never happen, because people are willing to pay a little extra for a non-crippled computer.

unfortunately they have taken a page from Microsoft's playbook - they are pulling an "embrace and extend" manuver.

The new Trusted computers can do anything and everything current computers can do - that is the "embrace". They can run all regular software and they can use all regular files. There is absolutely no reason NOT to get the new machines. The new Trust chip is like a pair of speakers. There is absolutely no reason NOT to buy a computer that comes with built-in speakers - you can just pretend the speakers aren't there.

The "extend" part is that regular computers (soon to be reffered to as "old" and "obsolete") cannot run any of the new Trusted software and they cannot use any of the new Trusted software and they won't work when you start comming accross more and more Trusted websites.

The "new enhanced Trusted" computers will work with everything - all old software, all old files, all old websites. The "old obsolete insecure" computers will start giving you more and more error messages. When you try to install a program or surf to a website you will get messages saying you need to "upgrade" and that the problem is your computer.

After a few yours you may even be denied internet access if you don't have a Trusted machine. None of this will be by law - ISP's will simply start installing Cisco's Network Admission Control routers "to fight viruses and worms". If you don't have a Trusted Machine then the router cannot verify that you are running approved anti-virus software and an approved firewall and it will simply refuse you a connection untill you "fix" your machine.

Don't underestimate the threat. They have a very plausible plan to get these machines out there and they are advertising them as a GoodThing, like Cisco's supposedly "anti-virus routers" which actually don't touch viruses. The only way to stop Trusted Computing is if there is a massive public backlash. Thus far the public doesn't know squat about Trusted Computing, and the mainstream press is (maybe) just beginning to notice.

-

All Cisco products that run Cisco IOS software and support H.323 packet processing are affected

• Cisco CallManager has nothing to do with Microsoft Exchange, directly
• It has recently been stated by Cisco to their PArtners that CallManager 5.0 will be offered on a Linux-based "appliance" (this is quite a ways off, as CCM 4.0 will not be out of controlled release until the start of 2HCY2004)
• Rumour has it that CallManager/Windows will eventually disappear in favor of a Linux-based "appliance"
• CallManager relies on two other pieces: an LDAP server (CCM ships with DC-Directory from Data Connection and MS SQL 2000. Obviously, there are numerous Linux-based options for each (DC claims to have a Linux port of DC-Directory, and there are numerous database options for Linux) but at this time I am unsure which direction they are heading on this
• When you reference MS Exchange, you are thinking of the Unified Messaging & Voicemail product Cisco Unity, which has traditionally used MS Exchange as it's message store for voice messages
• There was no management decision to drive this product towards MS Exchange; it was developed by Active Voice from the ground up to be a Unified Messaging platform, and they chose the most popular platform to integrate with
• Cisco now offers a Cisco Unity for Lotus Domino which I have two customers running. Unity has to have heavy knowledge of it's Partner Message Store so it's not trivial to add support for new backends. I've heard they are planning a Linux-based appliance for this as well, but don't know one way or the other.
• Cisco IPCC Express product has already been ported to Linux, as Cisco Unity Express actually is not Unity at all, but a very customized IPCC Express script running on an embedded Linux platform (no, it is NOT IOS; you're thinking of CallManager Express, formerly known at ITS, which I have referenced on Slashdot previously
• This leaves us with a few other products in the AVVID portfolio still on Windows. Coming to mind is Cisco Emergency Responder, Cisco Personal Assistant, IPCC Enterprise, and Cisco Conference Connection (OEM'd; and Cisco just bought a company which offers a similar product with 20x the features) /UL
  
  So, yes, Cisco is very married to Windows right now. However, this is actively changing. And additionally, there was no Cisco conspiracy to develop these products for Windows: CallManager (which came from Selsius) was already running on Windows NT 4.0, and Unity (which as I said came from

• Cisco CallManager has nothing to do with Microsoft Exchange, directly
• It has recently been stated by Cisco to their PArtners that CallManager 5.0 will be offered on a Linux-based "appliance" (this is quite a ways off, as CCM 4.0 will not be out of controlled release until the start of 2HCY2004)
• Rumour has it that CallManager/Windows will eventually disappear in favor of a Linux-based "appliance"
• CallManager relies on two other pieces: an LDAP server (CCM ships with DC-Directory from Data Connection and MS SQL 2000. Obviously, there are numerous Linux-based options for each (DC claims to have a Linux port of DC-Directory, and there are numerous database options for Linux) but at this time I am unsure which direction they are heading on this
• When you reference MS Exchange, you are thinking of the Unified Messaging & Voicemail product Cisco Unity, which has traditionally used MS Exchange as it's message store for voice messages
• There was no management decision to drive this product towards MS Exchange; it was developed by Active Voice from the ground up to be a Unified Messaging platform, and they chose the most popular platform to integrate with
• Cisco now offers a Cisco Unity for Lotus Domino which I have two customers running. Unity has to have heavy knowledge of it's Partner Message Store so it's not trivial to add support for new backends. I've heard they are planning a Linux-based appliance for this as well, but don't know one way or the other.
• Cisco IPCC Express product has already been ported to Linux, as Cisco Unity Express actually is not Unity at all, but a very customized IPCC Express script running on an embedded Linux platform (no, it is NOT IOS; you're thinking of CallManager Express, formerly known at ITS, which I have referenced on Slashdot previously
• This leaves us with a few other products in the AVVID portfolio still on Windows. Coming to mind is Cisco Emergency Responder, Cisco Personal Assistant, IPCC Enterprise, and Cisco Conference Connection (OEM'd; and Cisco just bought a company which offers a similar product with 20x the features) /UL
  
  So, yes, Cisco is very married to Windows right now. However, this is actively changing. And additionally, there was no Cisco conspiracy to develop these products for Windows: CallManager (which came from Selsius) was already running on Windows NT 4.0, and Unity (which as I said came from

• Cisco CallManager has nothing to do with Microsoft Exchange, directly
• It has recently been stated by Cisco to their PArtners that CallManager 5.0 will be offered on a Linux-based "appliance" (this is quite a ways off, as CCM 4.0 will not be out of controlled release until the start of 2HCY2004)
• Rumour has it that CallManager/Windows will eventually disappear in favor of a Linux-based "appliance"
• CallManager relies on two other pieces: an LDAP server (CCM ships with DC-Directory from Data Connection and MS SQL 2000. Obviously, there are numerous Linux-based options for each (DC claims to have a Linux port of DC-Directory, and there are numerous database options for Linux) but at this time I am unsure which direction they are heading on this
• When you reference MS Exchange, you are thinking of the Unified Messaging & Voicemail product Cisco Unity, which has traditionally used MS Exchange as it's message store for voice messages
• There was no management decision to drive this product towards MS Exchange; it was developed by Active Voice from the ground up to be a Unified Messaging platform, and they chose the most popular platform to integrate with
• Cisco now offers a Cisco Unity for Lotus Domino which I have two customers running. Unity has to have heavy knowledge of it's Partner Message Store so it's not trivial to add support for new backends. I've heard they are planning a Linux-based appliance for this as well, but don't know one way or the other.
• Cisco IPCC Express product has already been ported to Linux, as Cisco Unity Express actually is not Unity at all, but a very customized IPCC Express script running on an embedded Linux platform (no, it is NOT IOS; you're thinking of CallManager Express, formerly known at ITS, which I have referenced on Slashdot previously
• This leaves us with a few other products in the AVVID portfolio still on Windows. Coming to mind is Cisco Emergency Responder, Cisco Personal Assistant, IPCC Enterprise, and Cisco Conference Connection (OEM'd; and Cisco just bought a company which offers a similar product with 20x the features) /UL
  
  So, yes, Cisco is very married to Windows right now. However, this is actively changing. And additionally, there was no Cisco conspiracy to develop these products for Windows: CallManager (which came from Selsius) was already running on Windows NT 4.0, and Unity (which as I said came from

• Cisco CallManager has nothing to do with Microsoft Exchange, directly
• It has recently been stated by Cisco to their PArtners that CallManager 5.0 will be offered on a Linux-based "appliance" (this is quite a ways off, as CCM 4.0 will not be out of controlled release until the start of 2HCY2004)
• Rumour has it that CallManager/Windows will eventually disappear in favor of a Linux-based "appliance"
• CallManager relies on two other pieces: an LDAP server (CCM ships with DC-Directory from Data Connection and MS SQL 2000. Obviously, there are numerous Linux-based options for each (DC claims to have a Linux port of DC-Directory, and there are numerous database options for Linux) but at this time I am unsure which direction they are heading on this
• When you reference MS Exchange, you are thinking of the Unified Messaging & Voicemail product Cisco Unity, which has traditionally used MS Exchange as it's message store for voice messages
• There was no management decision to drive this product towards MS Exchange; it was developed by Active Voice from the ground up to be a Unified Messaging platform, and they chose the most popular platform to integrate with
• Cisco now offers a Cisco Unity for Lotus Domino which I have two customers running. Unity has to have heavy knowledge of it's Partner Message Store so it's not trivial to add support for new backends. I've heard they are planning a Linux-based appliance for this as well, but don't know one way or the other.
• Cisco IPCC Express product has already been ported to Linux, as Cisco Unity Express actually is not Unity at all, but a very customized IPCC Express script running on an embedded Linux platform (no, it is NOT IOS; you're thinking of CallManager Express, formerly known at ITS, which I have referenced on Slashdot previously
• This leaves us with a few other products in the AVVID portfolio still on Windows. Coming to mind is Cisco Emergency Responder, Cisco Personal Assistant, IPCC Enterprise, and Cisco Conference Connection (OEM'd; and Cisco just bought a company which offers a similar product with 20x the features) /UL
  
  So, yes, Cisco is very married to Windows right now. However, this is actively changing. And additionally, there was no Cisco conspiracy to develop these products for Windows: CallManager (which came from Selsius) was already running on Windows NT 4.0, and Unity (which as I said came from

• Cisco CallManager has nothing to do with Microsoft Exchange, directly
• It has recently been stated by Cisco to their PArtners that CallManager 5.0 will be offered on a Linux-based "appliance" (this is quite a ways off, as CCM 4.0 will not be out of controlled release until the start of 2HCY2004)
• Rumour has it that CallManager/Windows will eventually disappear in favor of a Linux-based "appliance"
• CallManager relies on two other pieces: an LDAP server (CCM ships with DC-Directory from Data Connection and MS SQL 2000. Obviously, there are numerous Linux-based options for each (DC claims to have a Linux port of DC-Directory, and there are numerous database options for Linux) but at this time I am unsure which direction they are heading on this
• When you reference MS Exchange, you are thinking of the Unified Messaging & Voicemail product Cisco Unity, which has traditionally used MS Exchange as it's message store for voice messages
• There was no management decision to drive this product towards MS Exchange; it was developed by Active Voice from the ground up to be a Unified Messaging platform, and they chose the most popular platform to integrate with
• Cisco now offers a Cisco Unity for Lotus Domino which I have two customers running. Unity has to have heavy knowledge of it's Partner Message Store so it's not trivial to add support for new backends. I've heard they are planning a Linux-based appliance for this as well, but don't know one way or the other.
• Cisco IPCC Express product has already been ported to Linux, as Cisco Unity Express actually is not Unity at all, but a very customized IPCC Express script running on an embedded Linux platform (no, it is NOT IOS; you're thinking of CallManager Express, formerly known at ITS, which I have referenced on Slashdot previously
• This leaves us with a few other products in the AVVID portfolio still on Windows. Coming to mind is Cisco Emergency Responder, Cisco Personal Assistant, IPCC Enterprise, and Cisco Conference Connection (OEM'd; and Cisco just bought a company which offers a similar product with 20x the features) /UL
  
  So, yes, Cisco is very married to Windows right now. However, this is actively changing. And additionally, there was no Cisco conspiracy to develop these products for Windows: CallManager (which came from Selsius) was already running on Windows NT 4.0, and Unity (which as I said came from

• Cisco CallManager has nothing to do with Microsoft Exchange, directly
• It has recently been stated by Cisco to their PArtners that CallManager 5.0 will be offered on a Linux-based "appliance" (this is quite a ways off, as CCM 4.0 will not be out of controlled release until the start of 2HCY2004)
• Rumour has it that CallManager/Windows will eventually disappear in favor of a Linux-based "appliance"
• CallManager relies on two other pieces: an LDAP server (CCM ships with DC-Directory from Data Connection and MS SQL 2000. Obviously, there are numerous Linux-based options for each (DC claims to have a Linux port of DC-Directory, and there are numerous database options for Linux) but at this time I am unsure which direction they are heading on this
• When you reference MS Exchange, you are thinking of the Unified Messaging & Voicemail product Cisco Unity, which has traditionally used MS Exchange as it's message store for voice messages
• There was no management decision to drive this product towards MS Exchange; it was developed by Active Voice from the ground up to be a Unified Messaging platform, and they chose the most popular platform to integrate with
• Cisco now offers a Cisco Unity for Lotus Domino which I have two customers running. Unity has to have heavy knowledge of it's Partner Message Store so it's not trivial to add support for new backends. I've heard they are planning a Linux-based appliance for this as well, but don't know one way or the other.
• Cisco IPCC Express product has already been ported to Linux, as Cisco Unity Express actually is not Unity at all, but a very customized IPCC Express script running on an embedded Linux platform (no, it is NOT IOS; you're thinking of CallManager Express, formerly known at ITS, which I have referenced on Slashdot previously
• This leaves us with a few other products in the AVVID portfolio still on Windows. Coming to mind is Cisco Emergency Responder, Cisco Personal Assistant, IPCC Enterprise, and Cisco Conference Connection (OEM'd; and Cisco just bought a company which offers a similar product with 20x the features) /UL
  
  So, yes, Cisco is very married to Windows right now. However, this is actively changing. And additionally, there was no Cisco conspiracy to develop these products for Windows: CallManager (which came from Selsius) was already running on Windows NT 4.0, and Unity (which as I said came from

• Cisco CallManager has nothing to do with Microsoft Exchange, directly
• It has recently been stated by Cisco to their PArtners that CallManager 5.0 will be offered on a Linux-based "appliance" (this is quite a ways off, as CCM 4.0 will not be out of controlled release until the start of 2HCY2004)
• Rumour has it that CallManager/Windows will eventually disappear in favor of a Linux-based "appliance"
• CallManager relies on two other pieces: an LDAP server (CCM ships with DC-Directory from Data Connection and MS SQL 2000. Obviously, there are numerous Linux-based options for each (DC claims to have a Linux port of DC-Directory, and there are numerous database options for Linux) but at this time I am unsure which direction they are heading on this
• When you reference MS Exchange, you are thinking of the Unified Messaging & Voicemail product Cisco Unity, which has traditionally used MS Exchange as it's message store for voice messages
• There was no management decision to drive this product towards MS Exchange; it was developed by Active Voice from the ground up to be a Unified Messaging platform, and they chose the most popular platform to integrate with
• Cisco now offers a Cisco Unity for Lotus Domino which I have two customers running. Unity has to have heavy knowledge of it's Partner Message Store so it's not trivial to add support for new backends. I've heard they are planning a Linux-based appliance for this as well, but don't know one way or the other.
• Cisco IPCC Express product has already been ported to Linux, as Cisco Unity Express actually is not Unity at all, but a very customized IPCC Express script running on an embedded Linux platform (no, it is NOT IOS; you're thinking of CallManager Express, formerly known at ITS, which I have referenced on Slashdot previously
• This leaves us with a few other products in the AVVID portfolio still on Windows. Coming to mind is Cisco Emergency Responder, Cisco Personal Assistant, IPCC Enterprise, and Cisco Conference Connection (OEM'd; and Cisco just bought a company which offers a similar product with 20x the features) /UL
  
  So, yes, Cisco is very married to Windows right now. However, this is actively changing. And additionally, there was no Cisco conspiracy to develop these products for Windows: CallManager (which came from Selsius) was already running on Windows NT 4.0, and Unity (which as I said came from

• Cisco CallManager has nothing to do with Microsoft Exchange, directly
• It has recently been stated by Cisco to their PArtners that CallManager 5.0 will be offered on a Linux-based "appliance" (this is quite a ways off, as CCM 4.0 will not be out of controlled release until the start of 2HCY2004)
• Rumour has it that CallManager/Windows will eventually disappear in favor of a Linux-based "appliance"
• CallManager relies on two other pieces: an LDAP server (CCM ships with DC-Directory from Data Connection and MS SQL 2000. Obviously, there are numerous Linux-based options for each (DC claims to have a Linux port of DC-Directory, and there are numerous database options for Linux) but at this time I am unsure which direction they are heading on this
• When you reference MS Exchange, you are thinking of the Unified Messaging & Voicemail product Cisco Unity, which has traditionally used MS Exchange as it's message store for voice messages
• There was no management decision to drive this product towards MS Exchange; it was developed by Active Voice from the ground up to be a Unified Messaging platform, and they chose the most popular platform to integrate with
• Cisco now offers a Cisco Unity for Lotus Domino which I have two customers running. Unity has to have heavy knowledge of it's Partner Message Store so it's not trivial to add support for new backends. I've heard they are planning a Linux-based appliance for this as well, but don't know one way or the other.
• Cisco IPCC Express product has already been ported to Linux, as Cisco Unity Express actually is not Unity at all, but a very customized IPCC Express script running on an embedded Linux platform (no, it is NOT IOS; you're thinking of CallManager Express, formerly known at ITS, which I have referenced on Slashdot previously
• This leaves us with a few other products in the AVVID portfolio still on Windows. Coming to mind is Cisco Emergency Responder, Cisco Personal Assistant, IPCC Enterprise, and Cisco Conference Connection (OEM'd; and Cisco just bought a company which offers a similar product with 20x the features) /UL
  
  So, yes, Cisco is very married to Windows right now. However, this is actively changing. And additionally, there was no Cisco conspiracy to develop these products for Windows: CallManager (which came from Selsius) was already running on Windows NT 4.0, and Unity (which as I said came from

I don't think that this is going to be as large of a problem as Cisco's earlier issues. Although a worm could target home users running IP telephony applications on their PC's, this vulnerability is non-replicating and the potential for abuse is rather limited.

Basically, there are two major Cisco product lines that are affected by this bug. The first is Cisco's VoIP infrastructure products: the Cisco CallManager server, Conferencing Server, Softswitch and IOS-based routers running H.323 services, among others. Except where the public has access to VoIP services over the Internet, these servers and routers are located on the inside of a firewall. In a best-practices network design, all access to these servers and routers is either via the internal LAN or through a secure VPN connection over the Internet (or any other public network, for that matter). I would find it very unusual to have these services available publicly. If I left a Cisco router with POTS access and an easily guessable dial peer on an Internet-accessible LAN, the potential for toll fraud would be enormous (free calls, lots 'o free calls).

The second group of products that are vulnerable are Cisco routers performing NAT and firewall services. Cisco's Content Based Access-Control (CBAC) -- a "dynamic firewall" technology -- is also vulnerable to the H.323 DoS attacks in the same manner as the Microsoft IAS server. Once again, unless H.323 ports are open to unrestricted access from the Internet, routers are not vulnerable from random outside attacks. Traffic that originated from behind the firewall would be able to disrupt services, however it's much easier to apply an access list to track and block the offending traffic than it is to prevent an external DoS attack.

What's my point? I don't see a widespread attack being able to disable servers and routers on a large scale. Unless attacks are originated from inside a corporate firewall, the potential for disrupted services are minimal. I'm sure that large VoIP service providers are scrambling to patch and secure whatever systems possible - however, they are much better equipped to handle this issue than a Mom and Pop business who happens to have a CallManager server (at least we hope).

For people who are running these products, I'm recommending a thorough review of external firewall policies to make sure that there aren't any exposed H.323 ports. I'm also recommending an upgrade when it's feasible, but IMHO, there aren't many situations that would require burning the midnight oil to install patches.

Just my $.02.

I don't think that this is going to be as large of a problem as Cisco's earlier issues. Although a worm could target home users running IP telephony applications on their PC's, this vulnerability is non-replicating and the potential for abuse is rather limited.

Basically, there are two major Cisco product lines that are affected by this bug. The first is Cisco's VoIP infrastructure products: the Cisco CallManager server, Conferencing Server, Softswitch and IOS-based routers running H.323 services, among others. Except where the public has access to VoIP services over the Internet, these servers and routers are located on the inside of a firewall. In a best-practices network design, all access to these servers and routers is either via the internal LAN or through a secure VPN connection over the Internet (or any other public network, for that matter). I would find it very unusual to have these services available publicly. If I left a Cisco router with POTS access and an easily guessable dial peer on an Internet-accessible LAN, the potential for toll fraud would be enormous (free calls, lots 'o free calls).

The second group of products that are vulnerable are Cisco routers performing NAT and firewall services. Cisco's Content Based Access-Control (CBAC) -- a "dynamic firewall" technology -- is also vulnerable to the H.323 DoS attacks in the same manner as the Microsoft IAS server. Once again, unless H.323 ports are open to unrestricted access from the Internet, routers are not vulnerable from random outside attacks. Traffic that originated from behind the firewall would be able to disrupt services, however it's much easier to apply an access list to track and block the offending traffic than it is to prevent an external DoS attack.

What's my point? I don't see a widespread attack being able to disable servers and routers on a large scale. Unless attacks are originated from inside a corporate firewall, the potential for disrupted services are minimal. I'm sure that large VoIP service providers are scrambling to patch and secure whatever systems possible - however, they are much better equipped to handle this issue than a Mom and Pop business who happens to have a CallManager server (at least we hope).

For people who are running these products, I'm recommending a thorough review of external firewall policies to make sure that there aren't any exposed H.323 ports. I'm also recommending an upgrade when it's feasible, but IMHO, there aren't many situations that would require burning the midnight oil to install patches.

Just my $.02.

Also, the Linux based SIP softswitch Vovida received significant dev time and resources from Cisco. They even had a contest for the ATA appliances to write the coolest Linux based voice applications. Cisco also has their own commercialized version of the Vovida softswitch, and a bulletproof carrier class SIP server that is meant to run in central offices or large enterprises. It supports Linux and Solaris.

Also, the Linux based SIP softswitch Vovida received significant dev time and resources from Cisco. They even had a contest for the ATA appliances to write the coolest Linux based voice applications. Cisco also has their own commercialized version of the Vovida softswitch, and a bulletproof carrier class SIP server that is meant to run in central offices or large enterprises. It supports Linux and Solaris.

Actually all of the effected Cisco products are in fact services that run on Windows.

Uh, sorry, but the ATA 18x series equipment are hardware boxes that are in no way Windows Services.

Vonage uses the ATA 186 for their service, although it's not vulnerable as in Vonages case it's SIP.

More here

But then again it's more fun to blame MS isn't it ;-)

• Q. Is IPv6 supported on the Cisco 7600 Series?
• 
  
  A. The Cisco 7600 Series will support hardware-accelerated IPv6 in calendar year 2003 with the introduction of the next-generation forwarding engine for the Cisco 7600 Series.

• Q. Is IPv6 supported on the Cisco 7600 Series?
• 
  
  A. The Cisco 7600 Series will support hardware-accelerated IPv6 in calendar year 2003 with the introduction of the next-generation forwarding engine for the Cisco 7600 Series.

That's absolutly not true. IPv6 info @ Cisco. I quote: "In May 2003, the availability of Cisco IOS 12.3 Mainline that integrates the IPv6 feature set from 12.2(15)T enables production deployment for all Cisco based networks." Obviously routers have it. Linux has it as well, so its certainly not a MS only thing.

The problem with IPv6 isn't software or hardware -- it's politics and money. Theres no benefit to service providers to update their IPv4 setup to do IPv6 because they'd have to find some way to still talk to the "normal" IPv4 internet (because, really, who wants to get on an ISP that isn't on the internet?). Additionally, many many ISP's charge a premium on extra IP addresses. What makes you think that they want to ditch that income so you and I can each address our refrigerator from the supermarket to see how much milk is left?

Cisco aren't

Juniper aren't either

Neither of them are because either

• They can't build it, as the cell per second processing load is too high for current technology
• They can't afford to build it, as the customer won't pay, as it will be too expensive, caused by the cost of coming up with a solution to the first point.

They don't even go to OC48c or 2.5 Gigabits speeds with ATM.

ATM is being phased out of carrier backbones because it is overly complicated, and therefore overly expensive for what carriers need. Packet Over Sonet/SDH (POS) or Ethernet is taking over.

Just because a technology is being used doesn't make it successful, in particular when compared to its original design goals. It may only mean that there was not alternative at the time. As soon as something cheaper, yet as or more effective comes along (eg POS, 10Gbps Ethernet), the less effective technology will be replaced and / or avoided.

• IP Blue has a product called VT-GO
  
• Cisco Systems has a product called Softphone. The new version, coming soon, will be named IP Communicator.
  

• IP Blue has a product called VT-GO
  
• Cisco Systems has a product called Softphone. The new version, coming soon, will be named IP Communicator.
  

Two and a half years ago I played with the Cisco version of this product. Just as previous comment spoke about, this is not news, it offers nothing special. In fact, theCisco SoftPhone is not only a standalone IP phone, but it can also be used to control the 7960, 7940 or 7910. Although that was marginally useful, the java app (I can't remember the product name) that let our receptionists use their computers to monitors lines and transfer calls was really cool. Just open up your browser, login and then enter the extension of your phone. Bang instant operator. Once they got into it (3-4 days) they were handling twice the load they were before...it rocked. Softphone was more of a novelty than anything else though. People seem to like the idea, but either a real IP phone (even a barebones one like the 7910) or even the Cisco ATA 186 analog to ip phone adapter is was more useful than a softphone for most people. And if you want to be untethered, check out the Symbol NetVision phone. (Note, it came out two years ago!)

This is all old news. And by the way, no I don't work for cisco, nor do I work at a company that uses IP telephony now.

Two and a half years ago I played with the Cisco version of this product. Just as previous comment spoke about, this is not news, it offers nothing special. In fact, theCisco SoftPhone is not only a standalone IP phone, but it can also be used to control the 7960, 7940 or 7910. Although that was marginally useful, the java app (I can't remember the product name) that let our receptionists use their computers to monitors lines and transfer calls was really cool. Just open up your browser, login and then enter the extension of your phone. Bang instant operator. Once they got into it (3-4 days) they were handling twice the load they were before...it rocked. Softphone was more of a novelty than anything else though. People seem to like the idea, but either a real IP phone (even a barebones one like the 7910) or even the Cisco ATA 186 analog to ip phone adapter is was more useful than a softphone for most people. And if you want to be untethered, check out the Symbol NetVision phone. (Note, it came out two years ago!)

This is all old news. And by the way, no I don't work for cisco, nor do I work at a company that uses IP telephony now.

Two and a half years ago I played with the Cisco version of this product. Just as previous comment spoke about, this is not news, it offers nothing special. In fact, theCisco SoftPhone is not only a standalone IP phone, but it can also be used to control the 7960, 7940 or 7910. Although that was marginally useful, the java app (I can't remember the product name) that let our receptionists use their computers to monitors lines and transfer calls was really cool. Just open up your browser, login and then enter the extension of your phone. Bang instant operator. Once they got into it (3-4 days) they were handling twice the load they were before...it rocked. Softphone was more of a novelty than anything else though. People seem to like the idea, but either a real IP phone (even a barebones one like the 7910) or even the Cisco ATA 186 analog to ip phone adapter is was more useful than a softphone for most people. And if you want to be untethered, check out the Symbol NetVision phone. (Note, it came out two years ago!)

This is all old news. And by the way, no I don't work for cisco, nor do I work at a company that uses IP telephony now.

Two and a half years ago I played with the Cisco version of this product. Just as previous comment spoke about, this is not news, it offers nothing special. In fact, theCisco SoftPhone is not only a standalone IP phone, but it can also be used to control the 7960, 7940 or 7910. Although that was marginally useful, the java app (I can't remember the product name) that let our receptionists use their computers to monitors lines and transfer calls was really cool. Just open up your browser, login and then enter the extension of your phone. Bang instant operator. Once they got into it (3-4 days) they were handling twice the load they were before...it rocked. Softphone was more of a novelty than anything else though. People seem to like the idea, but either a real IP phone (even a barebones one like the 7910) or even the Cisco ATA 186 analog to ip phone adapter is was more useful than a softphone for most people. And if you want to be untethered, check out the Symbol NetVision phone. (Note, it came out two years ago!)

This is all old news. And by the way, no I don't work for cisco, nor do I work at a company that uses IP telephony now.

If I read this right its jut for the softphone not for the sevice that will make it work on top of that. If all you want is the soft phone, there are plenty of freeware ones available with the same featues. I've used X-Lite in the past and found it to not suck.

As one might expect, the press release is a bunch of marketing crap, utterly lacking in tech specs. Still, it leaves me wondering how this software will compare to Cisco's Windows-based Softphone. At my company, we tried it out on our laptops, while also using their hardware 7960G. The hardware phone was consistently superior, as the SoftPhone took huge resources to run (you could barely run other apps with it up and dialing). I still use the hardware phone from home today, in conjunction with a company-managed IP telephony gateway, calling folks over a VPN as well as calling others nationwide. Call quality is pretty solid, although only after a lot of mystery codec installation by our IT admin. I also use Vonage at home, and it's clearly better than both Cisco solutions (although it also uses a Cisco ATA 186 analog-to-VoIP adapter).