#arpnetworks 2011-04-28,Thu

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
***kingedgar has quit IRC (Ping timeout: 246 seconds)
_Ehtyar has quit IRC (Remote host closed the connection)
kingedgar has joined #arpnetworks
_Ehtyar has joined #arpnetworks
_Ehtyar has quit IRC (Remote host closed the connection)
_Ehtyar has joined #arpnetworks
[00:02]
__Ehtyar has quit IRC (Remote host closed the connection) [00:17]
......... (idle for 41mn)
LT has joined #arpnetworks [00:58]
......... (idle for 41mn)
ivan-kanis has joined #arpnetworks [01:39]
.................... (idle for 1h38mn)
ivan-kanis has quit IRC (Ping timeout: 258 seconds)
phreak has quit IRC (Quit: sleep)
phreak has joined #arpnetworks
[03:17]
stampshmm, should i get an ipv4 dhcp offer when configuring a new OS on my vps? [03:27]
hmm guess not. no ipv6 RAs either [03:37]
***phreak has quit IRC (Quit: sleep) [03:37]
LThave to configure it static [03:39]
stampsyeah, would have been nice if it happened automagically
had to boot back into the previous install to get the network config
[03:50]
LTthink if you log into your account there's a webpage with the IP details
personally I dislike the idea of dhcp for servers and the idea of RA at all
[03:58]
........ (idle for 38mn)
toddfRA is great, if you need dynamic allocation. better than dhcp, since its stateless. for static configs, pretty much not recommended indeed. [04:36]
LTcurious... why does being stateless make it better? [04:43]
toddfa) less memory requirements on the server
b) less roundtrips to configure
c) simpler
d) quicker
so in my mind dhcp is a book wrt conversation between the client/server. RA is a tweet.
need to prod or hack myself dns into rtadvd/rtsol on OpenBSD and then life would be complete. there are rfc's that describe it, just needs implementing.
[04:50]
Gtoddf: Windows also needs to implement it big time :) [04:53]
toddfwindows doesn't have a RA client?
osx so I've been told has RA but no dhcp6
at least by default
[04:53]
Gtoddf: RA client, but no DNS in RA [04:53]
toddfG: ah. [04:53]
Gtoddf: I think that's right wrt to OSX too
yeah, my OSX has an RA client
but it doesn't appear to have added the IPv6 NS server to /etc/resolv.conf
toddf: my other issue w/ Windows, is that it doesn't use the same EUI64 format
[04:53]
toddfdoesn't it do the privacy thing? [04:55]
Gyeah, I think it still uses the MAC, but it's not as resolvable or something [04:55]
toddfmy issue with windows is the closed source nature .. amongst other things.
resolvable? lower 64bits have no business in a sentence with 'resolvable'
[04:55]
GI mean back to the MAC address [04:56]
toddfso they used their own algorithm. great. score for 'windows hacks it up,.... again ;-(' [04:56]
Gmy RA'd Windows laptop, has the lower 64bits of: 39ba:ba9b:5ece:262b
where as, if I boot it into Fedora, it'll have something with fffe in the middle
which imo is actually more of a security risk, than telling the world want brand NICs you are running
"Ohhh that person must be connecting from a Windows box, lets exploit some bugs with the TCP replies"
[04:57]
toddfI can tell what os you are running down to the patchlevel if you establish a tcp connection that I can access either via pf or bpf. [04:59]
Gtoddf: good point :) [05:00]
toddfso conversations about the random algorithms for EUI64 are rather moot.
in the context of security and os discovery.
[05:00]
Gyeah, a good point I guess, I was trying to add a bit of drama to it :) [05:00]
toddfOpenBSD has a privacy extension thing as well. though I've never used it, as I don't see the point. [05:00]
Goh, where it fuddles with the EUI64? [05:01]
toddfsecurity through obscurity is playing russian rhoulette. [05:01]
Gexactly [05:01]
toddfat some point you're going to be had.
lookup dropship for an example.
[05:01]
GI laugh at the people that said that IPv6 needs NAT for security
because you shouldn't expose the public routable IPs that are internal to your network
my response is: that is what ACLs are for
don't allow external people to get that far into your network
[05:01]
toddfI am angered by them. I lost a client due to someone accusing me of having a bad plan for them since they had a class C and I was subnetting it to give windos systems public IP's (behind an OpenBSD firewall of course). the client believed the other person vs me. *SHAKES FIST* [05:02]
Gyeah, Cisco in their books have got the issue spot on imo
well in their CCNP training books anyway
[05:03]
toddfnice to know. *SHAKES FIST AT CISCO FOR MAKING SOME PEOPLE BELIEVE IT IS THE ONLY NETWORK FIREWALL/VPN WORTH TRUSTING* [05:04]
Gtoddf: ahh well with that I agree
I kinda find it funny how the Cisco Press books go on abotu how good IPv6 in all their products is, but the real world half the stuff doesn't support it, or doesn't support it properly (if what people actually using and trying to implement it, are asying is true
and well, when it comes to their Linksys business
"All our commercial/business kit supports IPv6, just about all home computers support IPv6 now, but the equipment needed in between, ha good luck!"
but anywho, it's not just Cisco
[05:04]
toddfG: so since you seem clueful on IPv6 and cisco, can you point me to the docs (or give the ios commands) on how to disable RA while still enabling ipv6 forwarding? (have a cisco I'd love to enable IPv6 on, but the instant I do, it starts advertising itself as the default router which is incorrect) [05:14]
LTI find the argument that RA requires less memory a bit suspect... with DHCP the server tracks a single address per host. with RA a host may assign itself as many addresses as it likes, each of which takes up memory in the routers neighbour cache, which is far smaller and more expensive than server memory [05:15]
Gtoddf: you mean 'ipv6 unicast-routing'?
oh wait, I get you now
yeah, you want ipv6 unicast-routing, but you don't want the RA's
toddf: tried http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/ipv6_f.html#wp1056151 ?
[05:17]
toddfipv6 nd suppress-ra
nice
[05:30]
***nuke` has quit IRC (Read error: Operation timed out)
shmget_ has joined #arpnetworks
[05:30]
toddfdanka [05:31]
***nukefree has joined #arpnetworks
shmget has quit IRC (Read error: Operation timed out)
[05:32]
toddfFailover does not support IPv6. The ipv6 address command does not support setting standby addresses
for failover configurations. The failover interface ip command does not support using IPv6 addresses
on the failover and Stateful Failover interfaces.
hah!
[05:33]
Gtoddf: oh gosh [05:34]
toddfcarp(4) to the rescue! [05:47]
LTI had a feeling cisco fixed that in a later version... or maybe that was only ASA and not FWSM [05:51]
***nerdd_ has joined #arpnetworks
Nigel_ has joined #arpnetworks
freedomcode has joined #arpnetworks
milki_ has joined #arpnetworks
nerdd has quit IRC (*.net *.split)
milki has quit IRC (*.net *.split)
reardencode has quit IRC (*.net *.split)
G has quit IRC (*.net *.split)
Nigel_ is now known as G
[05:52]
..... (idle for 24mn)
shmget_ has quit IRC (Read error: Connection reset by peer) [06:19]
ziyourenxiang has joined #arpnetworks
shmget has joined #arpnetworks
crazed has quit IRC (Read error: Connection reset by peer)
crazed has joined #arpnetworks
crazed has quit IRC (Changing host)
crazed has joined #arpnetworks
[06:24]
kingedgar has quit IRC (Quit: Ex-Chat) [06:40]
.......... (idle for 48mn)
ziyourenxiang has quit IRC (Quit: ziyourenxiang) [07:28]
............... (idle for 1h13mn)
ivan-kanis has joined #arpnetworks [08:41]
LT has quit IRC (Quit: Leaving)
ziyourenxiang has joined #arpnetworks
ivan-kan` has joined #arpnetworks
ivan-kan` has quit IRC (Remote host closed the connection)
[08:49]
ivan-kan` has joined #arpnetworks [09:08]
freedomcode is now known as reardencode [09:20]
.... (idle for 17mn)
ivan-kan` has quit IRC (Remote host closed the connection) [09:37]
cubelogic has joined #arpnetworks [09:44]
ziyourenxiang has quit IRC (Quit: ziyourenxiang)
HighJinx has quit IRC (Ping timeout: 250 seconds)
[09:56]
........ (idle for 35mn)
HighJinx has joined #arpnetworks [10:31]
ivan-kan` has joined #arpnetworks
ivan-kan` has quit IRC (Remote host closed the connection)
RandalSchwartz has quit IRC (Ping timeout: 248 seconds)
ivan-kanis has quit IRC (Remote host closed the connection)
[10:43]
.............................. (idle for 2h26mn)
phreak has joined #arpnetworks [13:15]
.......................... (idle for 2h6mn)
ikariW has left [15:21]
......... (idle for 43mn)
milki_ is now known as milki [16:04]
.............. (idle for 1h6mn)
RandalSchwartz has joined #arpnetworks
RandalSchwartz has quit IRC (Changing host)
RandalSchwartz has joined #arpnetworks
[17:10]
............. (idle for 1h2mn)
cubelogic has quit IRC (Ping timeout: 276 seconds) [18:12]
......... (idle for 40mn)
HighJinx has quit IRC (Ping timeout: 246 seconds) [18:52]
baklava has quit IRC (Ping timeout: 258 seconds) [19:02]
.................. (idle for 1h26mn)
HighJinx has joined #arpnetworks [20:28]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)