Slashdot Mirror

I find it humorous that you assume people still work a world where you can operate when disconnected from the Internet. Even if everything's hosted locally you can't use the web or send e-mail. So yeah, you just go home for the day, I don't care if your servers are down the hall or the other side of the country.

But the obvious answer is redundancy with physical diversity, of course -- regardless of where your IT infrastructure is hosted.

What the hell is a 'trust system' anyway? Is that part of the Border Gateway Protocol?

Maybe someone needs to take a closer look at this 'trust system.'

This is a classic example of the guy who doesn't know wtf he's talking about being the only one asking the questions that actually need to be asked.

It remains unclear whether the redirection was intentional, the report says, but it demonstrates that it is possible for malicious actors to seize control of the Internet and redirect traffic.
On April 8, according to Web security specialists, a small Chinese Internet service provider published a set of instructions under the Border Gateway Protocol, that directed Web traffic from about 37,000 networks to route itself via computer servers in China.
The list was republished by China Telecom and briefly propagated itself across the global Web, which works on a trust system, with each server updating its routing instructions based on data provided by others in the network.

What the hell is a 'trust system' anyway? Is that part of the Border Gateway Protocol?
Maybe someone needs to take a closer look at this 'trust system.'

Wireless service especially for the police?

Already been done.

Anyone got links to confirm / disprove this theory?

Short version: Cox was just wrong. Cisco wasn't shipping big IPv6 routers in 2004 (although they were shipping other IPv6 hardware and software), but it wasn't because of patents. It was because there was no demand from the telecommunications companies, who knew they had several years before IPv4 ran out. Furthermore, Cisco's current largest routers (the carrier grade CRS series) support IPv6 (example), yet 20 years from the publication of the main IPv6 RFC is December 2018. So Cox's theory is plainly invalidated.

Long version: The closest anything has come to a patent scare is Microsoft's 6,101,499 patent, but "After extensive review by our technical experts, Microsoft does not believe that the 499 patent includes any claims which cover RFC 2462 or RFC 2464 [i.e., IPv6]." (source). So Microsoft, about as big a software player as there is, went out of its way to clear a patent that a third party (PUBPAT) had identified as potentially related to IPv6.

Furthermore, Apple, Google, Microsoft, Sun/Oracle, and VMware all ship IPv6-compatible software. Lots of home routers, including Apple's, also support it. Cisco has supported it in IOS since 2001. IBM has supported it in z/OS since 2002.

Since major companies have been shipping hardware and software that implements IPv6 for years with nary a peep from anybody, laches becomes a serious issue for any potential plaintiff. Of course, all of these large companies have legal departments that have analyzed IPv6 for patent issues, as have groups like PUBPAT. It seems unlikely that they would all miss a problematic patent of any significance.

No, the hold up seems to be entirely on the infrastructural side, which is much more a problem of cost than capability. The routers and switches that make up the Internet infrastructure are extremely expensive (tens of thousands to millions). Here's one example. ISPs and long-haul fiber operators aren't going to spend untold millions of dollars on upgrading their equipment and training their staff while the old stuff still works fine and they're still making money off of it.

It's happening on the backend, and it's god damn huge. It's just hidden behind IPTV "cable boxes". If you're watching television on Comcast's cable plant, you're using multicast.

IP Multicast in Cable Networks

http://www.cisco.com/en/US/technologies/tk648/tk828/technologies_case_study0900aecd802e2ce2.html

They sell a product called Cisco NAC, formerly known as "Clean Access," which requires a host to prove it has Antivirus installed and running and the latest patches. If it doesn't, it is only allowed on to a remediation network to get up to date.

Starting from home.cisco.com, I went to the Linksys support page, searched for ipv6, and got three mundane hits.

Support is minimal, but there is something as indicated here:

http://homecommunity.cisco.com/t5/Cable-and-DSL/IPv6-mentioned-in-AG310-release-notes-but-can-t-find-it/m-p/258373?comm_cc=HSus&comm_lang=en#M7927

Re: IPv6 mentioned in AG310 release notes, but can't find it?

05-07-2009 11:03 PM

I found the setting in the end. It wasn't on the security tab at all, it was on the setup tab under basic setup.

If anyone else is interested in getting 6to4 going on their router, this is what you do:

1. Go to Setup -> Basic Setup
2. Scroll down to IPv6 tunnel, near the bottom just before the time/NTP stuff
3. Set Tunnel Mode to "to relay server"
4. Into Remote/Server address, type 192.88.99.1 (for the local anycast 6to4 gateway, if you have a specific one you want to use, enter that instead)
5. Tick "enable now"
6. Save and wait for the modem to reboot

After rebooting, the modem assigned me an IPv6 address. For some reason I can't ping or traceroute IPv6 hosts, but I can access them in my browser (eg. ipv6.google.com).

It's interesting there is no *direct* IPv6 support, but you can run IPv6 on the internal network and the router will tunnel it for you.

Cisco had the trademark on 'iPhone' long before the fruit(cake) phone launched, later the 2 companies came up with an agreement.

As a recap, Cisco owned (and continues to own) the iPhone mark.

What's funny is that both the Cisco and Apple iPhones, are, of course, phones. Back then, Apple (and fanbois) argued that since the Apple iPhone was a completely different kind of phone (cell vs. cordless), there'll be no consumer confusion at all. And any attempt to stop Apple is just pure corporate greed trying to prevent benevolent Apple from distributing unicorns and rainbows through the land.

Now, however, expect fanboys to argue that a portable audio player and a theater projector are in the same category.

Cisco Systems owned the iPhone trademark. Apple bought it from them after Cisco sued them. http://blogs.cisco.com/news/comments/update_on_ciscos_iphone_trademark/

And that's relevant how?

Cisco Systems owned the iPhone trademark. Apple bought it from them after Cisco sued them.
http://blogs.cisco.com/news/comments/update_on_ciscos_iphone_trademark/

Depending on your situation, some of the 802.11g phones are pretty good and avoid all the hassle of carrier restrictions. They work at work and at home, where else do you ever go? My campus is working with the city right now to roll out WAPs on telephone poles in the vicinity, extending our wifi fabric out into the nearby streets. With WiMax coming out, this is looking like a practical alternative to cell providers in the near future.

Examples: Cisco WIP310, Linksys by Cisco WIP330, D-Link DPH-541, Alfa Color wireless VoIP (Sorry for the Amazon links, couldn't find some manufacturer pages quickly)

Sure, in a round-about way, by using Cisco NAC you isolate them until you can trust them. Trust is gained by vetting the host OS has antivirus that is up to date and OS updates plus proper authentication. While the host isn't trusted, it is put on a remediation VLAN where it can download OS updates and antivirus updates.

Anyone else around here wondering why Cisco is not suing the shit out of Apple for using the name IOS? I'd expect that.

No. No-one else around here is wondering.

Yes, because Microsoft is the only company in the history of the world to craft a product after someone else created the market for it.

At least with their Cius tablet.

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml

Mod this informative! If a company like Cisco has a known trademark and Apple can just march in and use the same name for a similar product, then what is the bloody point in all this? To protect the rich, but screw over the less rich?

It get's worse... If you read this article from Cisco, it says Apple even approached Cisco to try to license the trademark "iPhone", but couldn't reach an agreement, and came out with their phone and named it "iPhone" anyways.

Isn't that willful infringement?

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps10587/ps10591/ps10621/qa_c67_561940.html

Parent is referring to items:

Note: AppleTalk Phase I and II, and Service Selection Gateway (SSG) feature are not supported in Release 15M&T. Refer to the following bulletins for more information:
AppleTalk Support Discontinuation: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps5460/product_bulletin_c25-520459.html
SSG Support Discontinuation: http://www.cisco.com/en/US/prod/collateral/routers/ps341/end_of_life_notice_c51-501483.html

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps10587/ps10591/ps10621/qa_c67_561940.html

Parent is referring to items:

Note: AppleTalk Phase I and II, and Service Selection Gateway (SSG) feature are not supported in Release 15M&T. Refer to the following bulletins for more information:
AppleTalk Support Discontinuation: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps5460/product_bulletin_c25-520459.html
SSG Support Discontinuation: http://www.cisco.com/en/US/prod/collateral/routers/ps341/end_of_life_notice_c51-501483.html

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps10587/ps10591/ps10621/qa_c67_561940.html

Parent is referring to items:

Note: AppleTalk Phase I and II, and Service Selection Gateway (SSG) feature are not supported in Release 15M&T. Refer to the following bulletins for more information:
AppleTalk Support Discontinuation: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps5460/product_bulletin_c25-520459.html
SSG Support Discontinuation: http://www.cisco.com/en/US/prod/collateral/routers/ps341/end_of_life_notice_c51-501483.html

Why? Apple got permission from Cisco to use the name.

I won't burn too much more time trying to assert how many Cisco engineers I've talked to; I'll stick to the technical stuff.

"Sure, they can run a routing process, but they don't route. They only have an IP address for management" is simply incorrect:
http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swiprout.html

Do I need to paste command outputs from the Distro switches in my building which are routing between 96 different VLAN interfaces, all with IP addresses on them? Your statements are accurate for 2924/3548 generation switches, but modern "layer 3 switches" are actually layer 3 switches, capable of routing packets across network boundaries.

If you're referring to the fact that the EARL ASICs on the 6500 supervisors are separate from the MSFC which runs the routing protocols, then that's correct but specific to that platform (and 7600's, which are almost the same hardware). However that's still the routing protocol, not the routing. The PFC lives on the supervisor and contains the Layer 3 forwarding information, thus "routing" those packets (L3 switching really, but you don't seem to believe in L3 switching).

Classic "mls" is also much in the minority, as nearly all of Cisco's "multilayer switching" is done by CEF these days, not requiring a punt to the MSFC or "router" even for the first packet of a flow.

> If in your view the iPhone was not innovative, how would you classify the Droid X and HTC EVO, et al?

Yeah but this article is not just saying that Apple is innovative. It also claims that IBM, Oracle, HP, Microsoft, and Cisco are shitbox companies that do nothing but eat sushi all day and wipe their asses with shares of stock.

The flaw in this article is that "innovation" = "consumer handheld devices" and there is no other type of innovation possible. Microsoft X-Box Live? Sorry, not handheld. IBM DB2 and Oracle databases? Sorry, not consumer-oriented.

Cisco 7000 series network switch (image)? But does it have multitouch?

Basically, if your company has a market cap of $200 billion and you embed accelerometers in electronic devices, then this guy says you're a "startup" who "innovates." If you do anything else that people find useful, then forget it, you can go fuck yourself.

After the usual confusion it was finally determined that one of the ISP's staff had "noticed a cable not quite seated" while working on the data center floor. He had apparently followed a "standard procedure" to remove and clean the cable before plugging it back in. It was a fiber cable and he managed to plug it back in wrong (transposed connectors on a fiber cable). Not only was the notion of cleaning the cable end bizarre -- what, wipe it on his t-shirt? -- and never fully explained, but there was no followup check to find out what that cable was for and whether it still worked. It didn't, for nearly a week.

Actually there's nothing odd about cleaning a fiber connection at all and it is a very exacting process (see link below). Apparently exacting in this case just didn't include re-inserting the ends in the right holes.

Inspection and Cleaning Procedures for Fiber-Optic Connections
http://www.cisco.com/en/US/tech/tk482/tk876/technologies_white_paper09186a0080254eba.shtml

Not only was the notion of cleaning the cable end bizarre -- what, wipe it on his t-shirt? -- and never fully explained,

There are in fact, standard procedures for cleaning fibre optic cable.

Ok, first of all, how are you going to talk about 'startups' doing all the 'innovation' then go on and on about Apple, a company that's been around since 1977? Oh, wait, I forgot. Everything before OS X 10.0 was just a dark phantasmal nightmare of beige plastic and doesn't count.

Second of all, the likes of Apple don't create core routers capable of moving 322 terabits per second. They're also not creating electronic chess grand masters, are they? Nope. But at least they're shiny!

Disclaimer, I'm writing this on a MacBook Pro that I'm fairly fond of. It's a nice machine. It's hardly ground breaking or innovative. It has some nice features, and it looks pretty, but frankly I, think being able to move 322Tb/s through a router is a little more earth shattering than a fucking music player.

"how long until every country decides that your "private" T1 connecting New York to Tokyo needs to pass through traffic sniffing tools so that both countries are sure nobody is using private corporations for terrorist activities?"

Who cares?

Clearly some of the usual business-oriented players are moving in this direction (see RIM, Cisco); but Apple has shown that the big money is in entertainment devices. It's actually kind of funny how this works. Microsoft and RIM were dominating the suit-wearing, jet-setting crowd, but then Steve Jobs waltzes in and sells high end smartphones and iPod Touch's to McDonalds workers and teenagers (many of whom can't really afford them), dwarfs MSFT's profits, and creates huge new markets out of thin air.

... but getting back on subject, I agree, that sounds like a really useful gadget that I would like myself. :^)

Exploiting bugs in two different ATM machines

'ATM machines'? Really?

Here is an ATM machine:

http://www.cisco.com/en/US/products/hw/switches/ps1893/prod_view_selector.html

One could ask whether these ATMs use ATM for their communications.

They could not just reset the password. The routers/switches were configured with "no service password-recovery" and could not just be reset. If they had been, it would have wiped out the configuration on all of the devices and all of the agencies depending on them would have been down.

If the device configurations had been properly backed up and documented somewhere, this would not have been a problem (I don't know one way or another, but clearly no one in charge knew if they were or had enough of a clue). I didn't follow the case that closely, but even Cisco was involved and couldn't solve the problem (which is a good thing, you don't want a vendor to be able to recovery a configuration in a situation like that).

The point of a "no service password-recovery" is to prevent unauthorized access to a router/switch and configuration tampering. It is required in more secure environments, especially ones with FIPS and other requirements.

no service password-recovery

There is nothing wrong with "no service password-recovery", so long as you have the configurations backed up and others know where those backups are (documentation), such that if you are hit by a bus things can be properly maintained.

Good try, but it's wrong. That's an edge router, probably something like this

MW-ESR1-208-102-223-137.fuse.net

    While hostnames are frequently cryptic, sometimes, they hold valuable information.

That assumption is incorrect.

Read the source material. Cisco doesn't like full disclosure, but they are serious about tracking, fixing, and then informing. They mention welcoming contributions from 'independent researchers' several times in their docs, maintain multiple related mailing lists, and provide upload facilities for suspect firmware.

Hmmm:"Cisco Security Advisory: Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability: For Public Release 2010 July 07 1600 UTC (GMT) "

That assumption is incorrect.

Read the source material. Cisco doesn't like full disclosure, but they are serious about tracking, fixing, and then informing. They mention welcoming contributions from 'independent researchers' several times in their docs, maintain multiple related mailing lists, and provide upload facilities for suspect firmware.

Hmmm:"Cisco Security Advisory: Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability: For Public Release 2010 July 07 1600 UTC (GMT) "

Cisco collected that information so they and their "partners" could spam you: "... we believe your registration information - specifically your Cisco Live badge number, name, title, company address and email address- was accessed. No other information was available or accessed. Although these details are commonly accessed by our World of Solutions partners".... Their "partner locator" finds 16601 partners in the United States, 3241 in China, 998 in Russia, 427 in Romania. 330 in Nigeria, and 12 in Afghanistan. So just about anybody who wants that data could get it.

They're just irked that someone who didn't pay for their mailing list might spam you.

Cisco is OK with that

This baby: Cisco 7925G-EX is pure awesome except for the fact that it uses SCCP (Skinny Call Control Protocol) rather then SIP. But there's (limited) support for it in FreeSWITCH and Asterisk. I cite (emphasis added):

The Cisco Unified Wireless IP Phone 7925G-EX delivers all of the capabilities of the Cisco Unified Wireless IP Phone 7925G with the ruggedness and resiliency that is certified for deployment in potentially explosive environments such as chemical and manufacturing plants, utilities, and oil refineries.

I found this while looking for a WLAN IP phone with SRTP support. Oh well.

Market-proven security capabilities-The Cisco ASA 5500 Series integrates multiple full-featured, high-performance security services, including application-aware firewall, SSL and IPsec VPN, IPS, antivirus, antispam, antiphishing, and web filtering services. These technologies deliver strong network- and application-layer security, user-based access control, worm mitigation, malware protection, improved employee productivity, instant messaging and peer-to-peer control, and secure remote user and site connectivity.

Is it fool-proof? Absolutely not. Nothing is. But it's a hell of a lot more than NO, 0, nil, zip, NULL, or Zero.

PS I don't mean to pick on Linksys, it's just that they're the ones I'm most familiar with. Overall the fails seemed to be in proportion to market share although every one had its particular problems.

I'll pick on Linksys. Products which overheat, have bug-ridden firmware, and an utter lack of quality control do not belong on the market.

Remember that small workgroup switch you'll often find stuffed behind a file cabinet in small office environments? It's the one whose existence you only become aware of when one or more people suddenly cannot connect to the network. A brief power outage / moon phase / random fart caused that switch to quit receiving packets, requiring a power cycle. Yep - Linksys switches are infamous for this.

The WRT600N wireless router was a decent piece of hardware, but suffered greatly due to substandard firmware. Not only was the web interface prone to random acts of stupidity like refusing to clear a field (DNS entry #3 was one such field which could not be cleared without a complete factory reset), but wireless connections to this router would become inceasingly unreliable over an approximate period of 24 hours, at which point the router would drop connections completely.

Then there's the WRT120N. This router shipped with a slight flaw which prevented Intel 2200 wireless cards (Centrino) using the Intel drivers for Windows from obtaining a connection. How did QA miss that little bug?

Seeing the quality of products Cisco has shipped under the Linksys brand makes me wary of using Cisco-branded products as well. Any company which could put such badly made and tested products on the market doesn't need my business.

Cisco has agreed to license the iOS trademark to Apple for use as the name of Apple's operating system for iPhone, iPod touch and iPad. The license is for use of the trademark only and not for any technology.

Apple, that acronym is already taken for an operating system.

I'm really hoping Cisco is going to sue you over that. But I won't hold my breath.

Cisco also claims to hold the trademark to iPhone:

http://www.cisco.com/web/siteassets/legal/trademark.html

I had assumed that everyone was aware that Hauwei started out by copying Cisco's code and manuals - byte for byte - word for word. Programming errors and typos in the manuals were all fully duplicated in Hauwei's product. Based on some of the replies to my first post, I guess everyone was not aware of this.
Cisco sued Hauwei and settled out of court. Here is Cisco legal filing (details on pg 3 & 4): http://newsroom.cisco.com/dlls/Cisco_Mot_for_PI.pdf
TFA asked who owns & controls Hauwei. We don't know what the terms of the legal settlement were. Maybe Cisco owns a large stake.

You've just described what multicast was designed to solve.

https://www.cisco.com/en/US/products/ps6552/products_ios_technology_home.html

Too bad it isn't enabled on the public Internet.

https://www.cisco.com/en/US/products/ps6552/products_ios_technology_home.html

...shouldn't it be Synaptics? Their touchpads have been multitouch-capable since Apple was still using PowerPC chips and the iPhone was just some obscure Cisco product.

What about ISPs whose customers bring their own portable IP address space along with them, and then multi-home? (i.e. have two or more ISPs, and request BGP peering with both?)

The directly-connected ISPs can do their checks to make sure that their customer owns that IP address and adjust their filters accordingly... but anybody else with BGP peering to these ISPs (i.e. other ISPs) can only hope and pray that their peers are doing the right thing. Blind faith might not be good enough.

As I understand it, SBGP would implement PKI and digital signatures to ensure that only someone who actually *owns* a particular netblock/ASN can advertise a route for it.

Currently, anyone can advertise pretty much anything and it's only individual ISPs filtering settings that would prevent it getting propagated.

Perhaps multiple wavelengths a la DWDM or something like these 1000BASE-BX10-D and 1000BASE-BX10-U modules from Cisco

Our company switched to Cisco IP phones from an aspect phone system back when IE7 was just coming out. I don't know how much our company saved, but those who knew said it was a lot. The only limitation now is that the client software can only be installed on a system running IE6. Here is the field notice stating the issue. That means that we are stuck with Windows XP unless our company pays Cisco about $300,000 to upgrade their software. There is no problem with upgrading to IE7 or IE8 after the fact, but the client software can only be installed or reinstalled with IE6. All of the web based applications that we use work fine with IE7 and IE8. Unless my company has to start using some software that won't work on Windows XP, they are not going to spend the money on the upgrade.

The Linksys Refurbished WRT610N-RM for $110 free shipping in the US. The router might not be "open source" but you can and should load dd-wrt onto it. http://homestore.cisco.com/viewproduct.htm?productId=83108078&categoryId=85185 http://www.dd-wrt.com/wiki/index.php/Linksys_WRT610N