Slashdot Mirror

I think it's utopic to think one can fix so many's ISPs problems. It's like closing open relays, even with big real-time blocking lists, a lot still slip thru.
A good paper explaining MTU/MSS is on Cisco. If your ISP can't just 'adjust-mss' on his router, either he will fragment a lot and drop the DF (don't fragment) packets, or you will have to use Dr TCP to fix the MTU on your side.

Anyone know where I can get some 802.11 cordless phones? The only ones I can find are made by Symbol, but I know there has to be more out there.

In addition to Symbol (as you mentioned), Spectralink makes 802.11b wireless IP phones as well.

Cisco's 7920 Wireless IP phone will be coming out end of 1QCY2003, but out of the gate will only be supported in a Cisco CallManager environment. The Product Manager did a presentation a few weeks back here in STL, and the plans they have for the product are pretty neat (again, assuming you are in a CCM environment).

I plan on using them with Asterisk [asteriskpbx.com] and my 802.11 access point.

I'm using Asterisk at home as my IVR & Voicemail System, with Cisco's IOS Telephony Services (ITS) handling the actual call switching. ITS can scale up to 48 phones depending on the Cisco router platform you have. I'd actually prefer to us Cisco's Unity product as my IVR & Voicemail--but frankly, I'm too cheap to introduce that at home. Asterisk is, as you know, zero cost.

I like zero cost.

Anyone know where I can get some 802.11 cordless phones? The only ones I can find are made by Symbol, but I know there has to be more out there.

In addition to Symbol (as you mentioned), Spectralink makes 802.11b wireless IP phones as well.

Cisco's 7920 Wireless IP phone will be coming out end of 1QCY2003, but out of the gate will only be supported in a Cisco CallManager environment. The Product Manager did a presentation a few weeks back here in STL, and the plans they have for the product are pretty neat (again, assuming you are in a CCM environment).

I plan on using them with Asterisk [asteriskpbx.com] and my 802.11 access point.

I'm using Asterisk at home as my IVR & Voicemail System, with Cisco's IOS Telephony Services (ITS) handling the actual call switching. ITS can scale up to 48 phones depending on the Cisco router platform you have. I'd actually prefer to us Cisco's Unity product as my IVR & Voicemail--but frankly, I'm too cheap to introduce that at home. Asterisk is, as you know, zero cost.

I like zero cost.

Anyone know where I can get some 802.11 cordless phones? The only ones I can find are made by Symbol, but I know there has to be more out there.

In addition to Symbol (as you mentioned), Spectralink makes 802.11b wireless IP phones as well.

Cisco's 7920 Wireless IP phone will be coming out end of 1QCY2003, but out of the gate will only be supported in a Cisco CallManager environment. The Product Manager did a presentation a few weeks back here in STL, and the plans they have for the product are pretty neat (again, assuming you are in a CCM environment).

I plan on using them with Asterisk [asteriskpbx.com] and my 802.11 access point.

I'm using Asterisk at home as my IVR & Voicemail System, with Cisco's IOS Telephony Services (ITS) handling the actual call switching. ITS can scale up to 48 phones depending on the Cisco router platform you have. I'd actually prefer to us Cisco's Unity product as my IVR & Voicemail--but frankly, I'm too cheap to introduce that at home. Asterisk is, as you know, zero cost.

I like zero cost.

Cisco IP Phones are designed to enhance productivity and address the
specific needs of the variety of users in your organization. The Cisco IP
Phones 7960G and 7940G feature a large, pixel-based LCD display and can support
additional information services including Extensible Markup Language (XML)
capabilities. XML-based services can be customized to provide users with
access to a diverse array of information such as stock quotes, employee extension
numbers, or any Web-based content. The possibilities are endless

Last time I checked, XML was everywhere which means you could build a
phone system to suit your needs

Rumor has it that Cisco is planning to port it's AVVID (Architecture for Voice Video and Integrated Data) IP telephony server to Linux in the near future. Hopefuly that is still the case, The management front end used to run on Apache on NT 4.0. Since it's evolution into 2000 server with CM 3.0 release it moved to IIS (with all the risks and problems that come with it, I might add.) All you out there should bug your Cisco reps about a Linux port and creat the demand. FYI, Cisco's SIP Proxy does run on RedHat Linux 7.0 or later or Solaris and is very nice, I have used it and am happy with it, but as we all know SIP lacks features right now (Like VM.)

Cisco LEAP Protocol

Possibly?

>CAT5 and snip the write cables

you mean clip the #1 and #2 wires at the computer end ?

I'll have to try that

Data Sheet and CD docs

Data Sheet and CD docs

If you can mount antennas behind the walls, inside the buildings, and pointing to each other, you might be able to try a 24dBi directional antenna with 1 Watt amplifiers. You can find these antennas, cables, and the adaptors to connect to Cisco or Orinoco equipment. I wouldn't use the Apple Airport or Linksys consumer grade wireless equipment... I'd try to stick with the enterprise "survive anything" grade equipment such as Cisco's Aironet 350 bridges or Orinoco's ROR-1000s.

You can see what we're doing at the University of Connecticut where we're using a combination of Cisco Aironet 350 bridges and Hyperlink Antennas and amps to connect a Research Vessel steaming around Long Island Sound. We recently went out with the American School for the Deaf.

If you have some dry pairs (unused pairs of telephone wire going from one building to the next) you could also try PairGain equipment. We use those as well at UConn... they are point to point DSL modems... last I heard, they can push 5Mbs.

If you have any questions about the wireless stuff, you can e-mail me. Good luck!

If you can mount antennas behind the walls, inside the buildings, and pointing to each other, you might be able to try a 24dBi directional antenna with 1 Watt amplifiers. You can find these antennas, cables, and the adaptors to connect to Cisco or Orinoco equipment. I wouldn't use the Apple Airport or Linksys consumer grade wireless equipment... I'd try to stick with the enterprise "survive anything" grade equipment such as Cisco's Aironet 350 bridges or Orinoco's ROR-1000s.

You can see what we're doing at the University of Connecticut where we're using a combination of Cisco Aironet 350 bridges and Hyperlink Antennas and amps to connect a Research Vessel steaming around Long Island Sound. We recently went out with the American School for the Deaf.

If you have some dry pairs (unused pairs of telephone wire going from one building to the next) you could also try PairGain equipment. We use those as well at UConn... they are point to point DSL modems... last I heard, they can push 5Mbs.

If you have any questions about the wireless stuff, you can e-mail me. Good luck!

I already own a $400 POS desk phone called by the name of iPhone. It has a 640x480 monochrome touch screen. It was bundled with a bigplanet multi-level marketing scheme my parents bought into a few years ago. I doubt Apple would want to be associated with such a butt-ugly piece of hardware.

They'd have to come up with a better name if they released a phone of any kind.

For example, Sun and Cisco sponsor academia. As long as they don't buy the government and judges, it's OK (they don't, don't they?)

I find that about 2/3 of the students elect to purchase the book even though it has nothing more than the online material - indeed - the graphics aren't even animated (although there is a CD with simulators and movies).

As one student told me - the book seldom has a glare problem, never flickers, and you can read it in the bath.

It is good to have the material on-line - but there is still a place for "ink-on-pulped-wood" as a transport media. Just because you can do it solely on-line doesn't mean that you should

Just curious, does, for example, passing a
CISCO security specialist certification
make you "security professional" ?

They should have picked another name. XNS will always mean to me Xerox Network Systems.

They follow the IEEE 802.3ae spec.

http://www.cisco.com/warp/public/cc/pd/ifaa/6500gg ml/prodlit/10c65_ds.htm

"There is no limitation in the number of modules supported per chassis, resulting in up to 12 ports of 10 Gigabit Ethernet in a 13-slot chassis."

Oh, you mean like this:
Cisco 12000 10Gb line card
or like this:
Catalyst 6500 10Gb line card

Cisco did announce these a while ago.

Oh, you mean like this:
Cisco 12000 10Gb line card
or like this:
Catalyst 6500 10Gb line card

Cisco did announce these a while ago.

Obviously, you are unaware (as was I) of the recall field notice for all Cisco 7401ASR's with a model number less that '-10'. They screwed up the L3 cache logic which causes memory corruption (and thus random reboots and even complete hardware lockups.) So much for QA and customer support -- we wen't notified of the notice for over three months.

Oh, and I've seen an ethernet module in a cat5000 suddenly start turning every packet into a broadcast packet. Oh, that was a day in hell.

But, on the whole, the hardware is impressive and stable. The software provided is a very different story.

[See Also: http://www.cisco.com/warp/customer/770/fn18164.sht ml (CCO required)]

And for the record, I would definitely attend a Slashdot convention. It would be very convenient if it was held in Michigan, as my company's plane flies there twice per week. But even if it wasn't, I'd make an effort to attend. I'd likely pay for it out of my own pocket, so I completely agree with scotpurl's suggestions regarding reasonably priced hotels, staging the convention in a city that is a major airline hub, etc...

There is an IETF standard called mobile IP which has been capable of doing this for years. I have used it to roam from Fixed Etherenet to 802.11 to cellular with out losing any of my sessions. The are many implimentations available. Dynamincs is is an open source solution. Cisco has a complete line of solutions. As well as a number of other vendors. So why would you want a proprietary solution like the one from greenpacket.

No. Airport is a brand name, just like ZoomAir, WaveLan, AirConnect, or AiroNet. Does that make it clear?

Or are you still confused about the whole Kleenex/Tissue problem?

What you propose has been available on Cisco routers for about 2 years. It's called TCP Intercept:

"When used in intercept mode (the default setting) it checks for incoming TCP connection requests and will proxy-answer on behalf of the destination server to ensure that the request is valid before then connecting to the server. Once TCP Intercept has established a genuine connection with the client and the server, it then merges these two connections into a single source-destination session. It offers a zero window to the client to prevent it from sending data until the server sends a window offer back. In the case of bogus requests, its use of aggressive time-outs on half-open connections and support of threshold levels for both the number of outstanding and incoming rate of TCP connection requests, protect servers while still allowing valid requests through."

There's several ways to go about this.

1. Buy CheckPoint FireWall-1 in addition to your access points. There are SOHO versions of FW1 on dedicated hardware (e.g. Nokia IP71) that retail for less than $1000 and can accomodate up to 50 users. Use its Session Authentication agent to arbitrate access to anything other than DHCP and don't bother with enabling WEP. Unfortunately, the agent seems to be only available for Windows 9X/ME/NT/2K/XP.
2. Buy Cisco access points and Cisco ACS software and enable LEAP. While non-standard, you are probably forcing them to buy a wireless card anyway, and Cisco's client devices aren't all that expensive. The Aironet device is supported in Windows and Windows CE, Linux, and MacOS 9.x and 10.x. My employer uses LEAP and it works great.
3. Hack your own. Set up Linux and Squid and Apache and transparent forwarding to redirect unauthenticated web traffic to a HTTPS login form. Have the form automatically add the necessary firewall rules to allow them out, and have a cron job remove them after a delay. Upside: A five banana problem once you've mirrored enough of CPAN to write the Perl scripts. Downside: Easily spoofed/hacked with a copy of AirSnort, Kismet, and Ettercap.

Anyway, I'm rambling now, so hopefully this helps and makes sense. If you have questions, post 'em here.

There's several ways to go about this.

1. Buy CheckPoint FireWall-1 in addition to your access points. There are SOHO versions of FW1 on dedicated hardware (e.g. Nokia IP71) that retail for less than $1000 and can accomodate up to 50 users. Use its Session Authentication agent to arbitrate access to anything other than DHCP and don't bother with enabling WEP. Unfortunately, the agent seems to be only available for Windows 9X/ME/NT/2K/XP.
2. Buy Cisco access points and Cisco ACS software and enable LEAP. While non-standard, you are probably forcing them to buy a wireless card anyway, and Cisco's client devices aren't all that expensive. The Aironet device is supported in Windows and Windows CE, Linux, and MacOS 9.x and 10.x. My employer uses LEAP and it works great.
3. Hack your own. Set up Linux and Squid and Apache and transparent forwarding to redirect unauthenticated web traffic to a HTTPS login form. Have the form automatically add the necessary firewall rules to allow them out, and have a cron job remove them after a delay. Upside: A five banana problem once you've mirrored enough of CPAN to write the Perl scripts. Downside: Easily spoofed/hacked with a copy of AirSnort, Kismet, and Ettercap.

Anyway, I'm rambling now, so hopefully this helps and makes sense. If you have questions, post 'em here.

There's several ways to go about this.

1. Buy CheckPoint FireWall-1 in addition to your access points. There are SOHO versions of FW1 on dedicated hardware (e.g. Nokia IP71) that retail for less than $1000 and can accomodate up to 50 users. Use its Session Authentication agent to arbitrate access to anything other than DHCP and don't bother with enabling WEP. Unfortunately, the agent seems to be only available for Windows 9X/ME/NT/2K/XP.
2. Buy Cisco access points and Cisco ACS software and enable LEAP. While non-standard, you are probably forcing them to buy a wireless card anyway, and Cisco's client devices aren't all that expensive. The Aironet device is supported in Windows and Windows CE, Linux, and MacOS 9.x and 10.x. My employer uses LEAP and it works great.
3. Hack your own. Set up Linux and Squid and Apache and transparent forwarding to redirect unauthenticated web traffic to a HTTPS login form. Have the form automatically add the necessary firewall rules to allow them out, and have a cron job remove them after a delay. Upside: A five banana problem once you've mirrored enough of CPAN to write the Perl scripts. Downside: Easily spoofed/hacked with a copy of AirSnort, Kismet, and Ettercap.

Anyway, I'm rambling now, so hopefully this helps and makes sense. If you have questions, post 'em here.

There's several ways to go about this.

1. Buy CheckPoint FireWall-1 in addition to your access points. There are SOHO versions of FW1 on dedicated hardware (e.g. Nokia IP71) that retail for less than $1000 and can accomodate up to 50 users. Use its Session Authentication agent to arbitrate access to anything other than DHCP and don't bother with enabling WEP. Unfortunately, the agent seems to be only available for Windows 9X/ME/NT/2K/XP.
2. Buy Cisco access points and Cisco ACS software and enable LEAP. While non-standard, you are probably forcing them to buy a wireless card anyway, and Cisco's client devices aren't all that expensive. The Aironet device is supported in Windows and Windows CE, Linux, and MacOS 9.x and 10.x. My employer uses LEAP and it works great.
3. Hack your own. Set up Linux and Squid and Apache and transparent forwarding to redirect unauthenticated web traffic to a HTTPS login form. Have the form automatically add the necessary firewall rules to allow them out, and have a cron job remove them after a delay. Upside: A five banana problem once you've mirrored enough of CPAN to write the Perl scripts. Downside: Easily spoofed/hacked with a copy of AirSnort, Kismet, and Ettercap.

Anyway, I'm rambling now, so hopefully this helps and makes sense. If you have questions, post 'em here.

There's several ways to go about this.

1. Buy CheckPoint FireWall-1 in addition to your access points. There are SOHO versions of FW1 on dedicated hardware (e.g. Nokia IP71) that retail for less than $1000 and can accomodate up to 50 users. Use its Session Authentication agent to arbitrate access to anything other than DHCP and don't bother with enabling WEP. Unfortunately, the agent seems to be only available for Windows 9X/ME/NT/2K/XP.
2. Buy Cisco access points and Cisco ACS software and enable LEAP. While non-standard, you are probably forcing them to buy a wireless card anyway, and Cisco's client devices aren't all that expensive. The Aironet device is supported in Windows and Windows CE, Linux, and MacOS 9.x and 10.x. My employer uses LEAP and it works great.
3. Hack your own. Set up Linux and Squid and Apache and transparent forwarding to redirect unauthenticated web traffic to a HTTPS login form. Have the form automatically add the necessary firewall rules to allow them out, and have a cron job remove them after a delay. Upside: A five banana problem once you've mirrored enough of CPAN to write the Perl scripts. Downside: Easily spoofed/hacked with a copy of AirSnort, Kismet, and Ettercap.

Anyway, I'm rambling now, so hopefully this helps and makes sense. If you have questions, post 'em here.

Still under 4000 CCIE's worldwide.

Only 2 places in North America to take it, RTP in N. Carolina, and I believe in San Jose.

I appreciate your respect for the program, but:

As of the Worldwide CCIE Presence:
Total of Worldwide CCIEs: 7598*
As of April 30, 2002

As for North American sites, you're right. Cisco is closing the Halifax, NS, Canada Lab

Still under 4000 CCIE's worldwide.

Only 2 places in North America to take it, RTP in N. Carolina, and I believe in San Jose.

I appreciate your respect for the program, but:

As of the Worldwide CCIE Presence:
Total of Worldwide CCIEs: 7598*
As of April 30, 2002

As for North American sites, you're right. Cisco is closing the Halifax, NS, Canada Lab

Now that Turkey's internet restrictions are official, might I suggest that they contact Cisco to firewall off their entire nation in order to further guarantee the prohibition of free expression. Maybe something like China's firewall.

While they're at it, maybe they should contact Yahoo to help monitor every discussion group in Turkey so those not thinking (expressing) happy thoughts can be re-educated.


-Turkey

There are technical documents here from Cisco. That doesn't make them easy to read, but it should be at least correct. Happy reading!

why the heck can't they also scan for other violations/problems like code red?

They can, and I do. Here you go:

Cisco Code Red Blocking

Ok after sniffing around IRC (including the said hackers channel) and various boards this secret "underground" program the securityfocus guy quotes doesn't exist , its vapourware.

what does exist is a kludge of tftp servers,query utils and glorified DOCSIS editors that with 20minutes and a *lot* of messing about you can change your config settings and then only until the ISP check your modem (automated) via SNMP , deny this and your cut off, accept it and it will detect your hacked config and cut you off...permanently
so you are screwed either way.

not to mention that most of the cable modem companies are using MD5 hashes to validate the config files integrity (MIC (Message Integrity Check)), other than a severe hardware hack your not going to crack much with this verification.

i came accross tco-iso's website quite a while ago and after a few visits over the months it seemed to of ground to a halt when they realised that MD5 was involved, they even mentioned the possibility of brute forcing the hash which raised a smile from a few of us.

They point to their IRC channel for files but the *only* files that exist are just mirrors of the files their site links to, no "onestep" or 30mb files and certainly nothing special in the files (other than someone knows how to use a hexeditor on PD software)

some people dont understand how uncapping really works but i think speedguide's article seems to sum it up nicely.

my university just installed wireless access points in all the libraries and checking out laptops with 802.11b cards in them, specifically, Cisco Aironet 350 cards. these cards have a small antenna that protrudes about 2cm from the slot. and cisco just released drivers for OS 9.X and OS X.

works great with my TiBook!

The service is cheap and easy enough for Grandma to use. Or you might could buy the MTA directly (Cisco ATA-186) and start hacking.

I dont mind spending a few dollars more to support a company/product that supports my choice to use linux. It was well worth the extra $ to plug it in, run the install, and connect to the network at my college in under 5 minutes.

DWDM would allow a single ring to cram anywhere from 32 x to 256 x the OC-192 capacity, on a single fibre (and on expensive equipment, that goes without saying :)

All major telcos/routers companies have nice DWDM offerings already today, and much more in their labs. Links: Nortel, Lucent, Cisco ...

Uh, of course, I blinked and missed that residential VoiP is already here. Yeee ha!

The TWIF-IP adaptor bundled with this service supports two analog 'phones. Whee. Now picture one that'll talk to any DSL or cable uplink, has a 10/100 switched hub supporting 8 IP devices ('phones, PC's, NAS) with a DHCP server built in, that supports 6 analog devices ('phone, fax, trunks), any number of PC screenphones, that has a fully featured call control that provides any service you could imagine (and quite a few that you've never dreamed of), stores 10Gb of voicemail, and supports full RAS services (i.e. you can dial in to your home, then hop out from there, like a mini-ISP), all with a multi-lingual web based front end that you can access locally or remotely over IP or diallup. You want one? You know you do. ;-) You can't get one yet at retail, but give us another 18 months for the telco's to saturate their SME's with these, and you might see a version hitting retail.

Just because the US and FCC recognises it doesn't mean the world does

These de facto standards are always present in fast-moving technology areas. To be honest I'm not sure whether I should've hammered on this fact. What really does get up my pants is when these big corporations do it - like Cisco with HSRP (Hot Standby Routing Protocol). The IETF was like wtf? They didn't even give the IETF the right darn name. I just had a time-delayed need to get payback on FUD corporate-imposed standards forced on us by large corporations, but UWB is the little guy at the moment. Doh!

Per packet is too irrational. What price per packet will you set? Even one cent per packet is too much. Flat rate like AoL is the way to go

The internet isn't an electric company, nor a water company. The resources they're offering isn't as hard to produce and renew like those utilities. A better analogy is the cable company where access is a flat rate, but more can be bought for a price

Either they meter it or they fully itemise it,
"$500 for new Cisco Catalyst 6500, split between 300 downstream users one of which is you (because 10 of you are using bearshare excessively) => give us a cheque for 2 dollars, plus 3 new T1's to the backbone $1500 each per month split between 1000 users one of which is you => your monthly subscription will increase by $1.50. If you don't pay we'll take you to court" how long do you think it'll be before you're suing your neighbours? (then theoretically electric companies should charge for installing extra transformers - people of California you are requested and required to pay $1.8billion for a new power line for the grid between Utah and California plus $0.2billion for 300kV step-up and step-down transformer array. This is because Utah has 5GW excess generating capacity. Your share of the payment = $500.
Itemised: 20 million people in California, $2billion cost => $2billion/20million = $500 per citizen. Please pay by Direct Debit or Credit card, thank you) hmmmm could this be a step towards Open Source Corporations?

In Cisco's document:

http://www.cisco.com/univercd/cc/td/doc/product/ vo ice/ata/ata186/ata186ug/186ugch3.htm

Unplugging the device while the function button is flashing could permanantly damage the device

If the device is configured to find a DHCP server when there isn't one, the function putton will blink forever

I can see my mom with an endlessly blinking IP phone guarding it with a bat in case any tries to unplug it...

I hope that switch isn't exposed to any malicious networks. That IOS version is vulnerable to the recent SNMP exploit and I don't think Cisco has a fix scheduled for it.

Derek

• $30 for the first phone line
• $40 for the additional lines ($20 each)
• $60 for premium cable

  Total: $130

My ISP charges $1200/month for 7.1-Mbit (down) & 768-Kbit (up), unmetered transfer DSL. Those speeds are only offered to 'business' class service, and thus include the right to run servers & host a couple domains. What it doesn't include is what our local ILEC (Verizon) will charge you for the circuit. Still, we can probably not consider that, as the cable company owns the 'circuit' anyway. Quite an eye-opening bandwidth bill.

Take a look at the Cisco uBR 925. It includes two RJ-11 POTS ports. Okay, so it's not three but I don't have teenagers. This device is capable of 10 Mbit/sec (limited because they installed 10-base instead of 100-base). Why aren't more of them installed? Why aren't we getting phone service over cable?

(I'm not going to address pay-TV service, since you're already plugging this thing into it!)

...

Ya got me. I'd say it's because the cable companies are in bed with the phone companies, and they both are milking things for all their worth. Just because something is available, possible, (both physically and financially!), and desirable doesn't mean it's going to happen.

Heck, look what happened to the XFL -- and they had Jesse "The Mind" Ventura!

But I'm cynical. I've pointed that out before. And it probably clouds my judgement.

This is a tangent, but is it really that difficult to guarantee a certain minimum throughput? E.g. when the neighborhood's segment is fully loaded, throttle traffic to & from the IPs or MACs that are using the most bandwidth. You could guarantee (total_capacity / houses_in_neighborhood) bits per second, anyhow. Gimme a Linux box and a two weeks and I'll whip up a prototype[1]. We'll be rich.

Give me a Cisco router and we'll be rich a lot sooner.

One simple and well-known algorithm to implement this solution is a token-bucket. (More information from Cisco's web site) The basic idea is that you have a bucket that collects token at some rate. This rate corresponds to the peak rate of transfer. The bucket also has a maximum capacity which corresponds to the size of the 'burst' you'll allow. When a packet arrives and the bucket is non-empty, the packet is forwarded and one token is removed from the bucket. When the bucket is empty the packet is queued or dropped.

Going back to the above example, consider a token-bucket where tokens arrive at 56kb/second, and the bucket can hold (60*60*512) kbits of tokens. This bucket would allow full peak allows full use for a hour or two, at which time the bucket would be close to empty and packets could only be sent the sustained rate.

This kind of setup would not effect most users at all, but would limit the worst offenders to 1/10th or 1/100th the bandwith usage.

Can you point me to a link? According to this, the VPN 5001 can be swapped for a 3030. The itemized list of clients on the 3000 series page doesn't include Mac.