Search:
Type: Posts; User: ammo; Keyword(s):
Search:
Search took 0.03 seconds.
-
April 23rd, 2010, 03:58 AM
Haha, by some funny coincidence, I just happened to stumble across this old bookmark thought I'd peek in... I guess I'm not the only one that had forgot about AO..!
-
June 26th, 2008, 02:32 AM
-
October 9th, 2007, 06:10 AM
Indeed, you are bridging, hence there is no need for the ip helper.
Your dhcp server should handle your wifi clients in a normal fashion (broadcast dhcp without relay)...
-
October 9th, 2007, 03:13 AM
Couple of things:
-What version of IOS are you using?
-Show us the config of your wireless interface
-Are you receiving anything
You could always do a debug ip packet (match on port 67 and...
-
January 30th, 2007, 03:18 AM
The "router in front for security reasons" way doesn't really hold ground anymore IMHO:
It used to be that firewalls couldn't hold the load of being the edge device; that isn't so true anymore. ...
-
January 16th, 2007, 05:00 AM
You might want to have a look at the Cisco ASA 5505, ASA being the PIX newer replacement line, and the 5505 being the equivalent of the 501...
Ammo
-
November 30th, 2006, 04:00 AM
Not quite:
You'll need to define a global pool and use it in your nat instead of the nat "0" which tells the pix NOT to nat on traffic matching that acl...
Should look something like this:
...
-
November 28th, 2006, 02:20 AM
You need a normal nat entry to enable inside traffic to leave on the outside interface.
Ammo
-
November 20th, 2006, 04:10 AM
Careful with the self-signed certificate; make sure users validate the certificate hash when they first log on and that they then install the certificate if valid. And of course, never continu on a...
-
November 18th, 2006, 05:22 PM
You'll find better help over at the openbsd mailing list: misc@openbsd.org
DO however:
1- make sure to search the archives (http://marc.theaimsgroup.com/?l=openbsd-misc) before posting
2- make...
-
November 18th, 2006, 05:19 PM
Don't dismiss basic or digest authenticaiton too quickly..:
Both will do just fine IF you use then inside an SSL connection...
Ammo
-
November 18th, 2006, 05:11 PM
Funny, I just assisted to a demo of pointsec this thrusday..!
Pointsec has versions of BartPE boot disk that are preset with the appropriate stuff to boot/read off a pointsec encrypted drive; it...
-
November 9th, 2006, 03:12 AM
If you can't run a sniffer, just do the next best thing and capture on the pix itself:
I don't have the exact syntax in front of me, but it should run something like this:
access-list...
-
November 5th, 2006, 08:30 PM
Use a real throughput testing tool like ttcp; This tool is often included on linux (or in packages) and also availible as a windows port (http://www.pcausa.com/Utilities/pcattcp.htm).
This way you...
-
November 1st, 2006, 03:16 AM
I routinely use Visio at work, although I despise it...
My personal favorite is LanFlow (EdgeDiagramer) from PaceStar (www.pacestar.com).
Ammo
-
October 22nd, 2006, 03:12 PM
Did you say DSL? Do they use PPPoE?
I'll bet you 10 antipoints your problem is with the Path MTU.
My coworker had the same issue a couple weeks back: dsl line, cisco vpn, cheap router.
...
-
August 20th, 2006, 03:43 AM
Well, it's totally debateable, but I disagree...
The 80/20 rule doesn't stand much nowadays. Routing is fast enough that you're much better off segmenting your servers inside server vlan(s) and...
-
August 19th, 2006, 04:20 AM
Sort of...
Depending on how well the dns server is configured, you might be able to do a zone transfer from it.
I'll leave it up to you to google how one does a zone transfer...
Ammo
-
August 15th, 2006, 01:21 AM
(Depending on what you meant by or if the emphasis was on "from a single node")
There are other means also:
1- mac table flooding: spoof enough source mac addresses to overload the switch's...
-
July 27th, 2006, 04:00 PM
Indeed, you usually try to drop traffic as close to the edge as possible.
However, one reason for filtering out on an interface could be if you have a router with multiple interfaces and wanted...
-
July 25th, 2006, 04:10 AM
Backtrack is really nice...
-
July 19th, 2006, 04:07 AM
Our intent with port-security is mostly to prevent users from uplinking hubs or switches of their own. We'll limit each switchport to a single mac address (dynamicaly learned).
Indeed, we also...
-
July 14th, 2006, 01:09 AM
Couldn't agree more.
People are claiming 2-factor auth to be the wrong, while in fact it is the right answer... if you keep in mind the original question; now they're changing the question and,...
-
July 13th, 2006, 02:40 AM
Hey guys,
We're currently in the process of upgrading our access layer switches to Catalysts 3560s, which offer the folowing layer 2 security features:
BPDUguard
BPDUfilter
port security...
-
Ok, here it goes:
1- Install OpenBSD from ftp (stable branch).
2- Done.
;)
Ammo
|
|