Hi,
I was quite surprised to see the large number of Mac laptops at NANOG 42. I didn't do a formal count but it seemed like about 1/4 to 1/3 of the laptops in use were Macs.
...You know, now that you mention it, I was also quite impressed with how many macbook pros there were in room as well. That would be good to informally track I think :
what tools(laptops) do NANOG folk tend to use?
Macbook Pro (all of IANA (with one recent exception) use Macs of one form or another).
as this data might help SW dev types to target their netTools distributions to mac platforms more quickly.
That would be nice.
In the good ole days it seemed like 99% were PCs & maybe a couple were reinstalled with some form of unix,
I used to count the proportion of Mac laptops in the room (or, at least, my row) to pass the time when I was bored.
Nanog-29 was the first where I saw a substantial proportion. I remember at the 1999 Washington IETF I saw exactly one, and I
could hear people whisper about it around me.
Now, there are too many to make it interesting.
Regards
Marshall
So the overwhelming question for me is why? Is it simply the fact that the native *nix underpinnings are where most users (within the aforementioned demographic) spend most of their time anyway?
That's what did it for me - repeated attempts to get FreeBSD to run stable on the Inspiron I had at the time.
Note: The question isn't what's better, the question is what got all us router and systems jockeys so interested in the first place.
If this is too OT (or has the potential to become so), feel free to kill it.
my laptop, and both my desktops, run KDE. the underlying operating system
is usually something like opensuse (a linux distro) or pcbsd or desktopbsd
(which are freebsd distros). all i need from the OS is to support KDE well,
patch itself from a vendor mothership often, do suspend/resume and wireless.
the laptop hardware itself is thinkpad, to get a 3-button mouse, full sized
keys, and relative indestructibility. desktops are homebrew intel core-2,
with 15-year-old ibm high-clicky keyboards and 10-year old logitech mice.
the servers are all freebsd, to get /usr/ports (and recently, to get ZFS.)
server hardware tends to be supermicro. starting to abandon 3ware/areca RAID
in favour of either JBOD or multiport SATA-II, with ZFS.
The slight differences in the OS X gui vs 'Doze or KDE drive me nuts,
though. Full time Mac use doesn't interest me.
Anybody that knows me from any of the other 90 lists I'm on has
probably heard me talking up my Asus Eee PC, a $399 tiny Linux laptop,
which I'm very happy with and works great. When I'm traveling, I'm all
about small form factor and light -- and the Eee is far better (and
far cheaper) than my previous travel computer, an OQO Model 02 UMPC.
If you want a laptop with Linux out of the box, no weird driver issues
(works great with my Sprint EVDO card), etc., etc., I'd highly
recommend the Eee. Takes about 2 seconds to enable full KDE, comes
with a bunch of stuff preloaded, and it only weighs a couple pounds.
The downsides are few; the small disk space (4GB SSD) is probably the
biggest. Since it has an SDHC card slot, I added a 16GB SDHC card to
mine. I've also had a hell of a time getting the Cisco AnyConnect VPN
client working (but normal pptp vpn support has been a breeze).
Regards,
Al Iverson
Dave Pooser wrote:
I can understand the logic of dropping the port, but theres some
additional thought involved when looking at Port 22 - maybe i'm not
well-read enough, but the bots I've seen that are doing SSH scans, etc,
are not usually on Windows systems. I can figure them working on Linux,
MacOS systems - but surely the vast majority of 'vulnerable' hosts are
those running OS's coming from our favourite megacorp? Which typically
don't come shipped with neither SSH server nor SSH client... ?
They typically don't ship with an SMTP server either. Considering that my
preferred SSH client for Windows weighs in as a single 412k .exe, I'd
imagine that bot designers are just writing their own SSH clients for
brute-forcing.
Or are simply writing a bot that sens TCP SYNs to port 22 and are reporting those hosts that responds with a SYN ACK back to the C&C. Then the C&C can direct other compromised hosts with a more complete rootkit (or compromised *nix host) to do brute-force userid/password guessing.
Half the Mac users? You think? I know a dozen or so sysadmins who use Macs,
and about a hundred users who wouldn't know SSH from PCP; I think that's
probably a slightly skewed sample considering I'm a Mac geek who hangs
around with Mac geeks, and I'd guess the consumer users are a larger
percentage of the real-life population. I'd expect the number of folks who
want SSH unblocked to be under 1% of a consumer broadband network, and
probably closer to 0.1% or so. And again, it ought to be trivial to let your
users unblock the system, either via phone call or via self-service Web page
(though in the latter case you'd better use a captcha or something so the
bot doesn't automatically unblock itself).
Agreed. I don't think the end-user's OS makes them more or less likely to be using SSH unless the OS is a BSD or Linux (then I suspect you'd get a disproportionate # of SSH users compared to the other more simple OSs).
Justin
Macbook Pro (all of IANA (with one recent exception) use Macs of one form
> or another).
All of PCH uses MacBook Pros. Except Gaurab, who uses a MacBook Air. 
> > In the good ole days it seemed like 99% were PCs & maybe a couple were
> > reinstalled with some form of unix,
>
> I remember the 'good old days' a bit differently -- folks were indeed
> using PCs (Digital HiNote Ultras and hten Sony Vaio 505TXs) but
> reinstallation was the norm. Maybe it was just to crowd I hung out with...
In the good _old_ days, before the HiNotes, everybody used Duos, then the
HiNotes with FreeBSD, then the Vaios started creeping in, then the
Titanium PowerBooks came out.
-Bill
definitely agree with supermicro, freebsd, zfs for servers. it rocks!
and i lived through duo, hinote, viao, thinkpad, alienware, and now mac.
i keep the alienware because it has real graphics, 1920x1024, as
opposed to the mac.
on the alienware, i run winxp with cygwin as host, vmware, and then the
freebsd as guest. if the winxp gets sick, i can suspend the freebsd,
reboot the xp, and resume the suspended freebsd. so the bsd has a much
longer uptime than the host winxp opsys. how's that for a sick twist?
randy
There was a guy from Amazon at the San Jose meeting who'd transplanted an
ultra-high-resolution 15" LCD into his MacBook Pro, after the original one
had cracked. I _think_ it was 1280x2048, but I'm not sure I'm remembering
accurately. The pixels were too fine for me to see, no matter how close
I looked. He said the connector and bolt-positions were identical, but
it had required that he compile a new driver before it worked.
-Bill
Marshall Eubanks wrote:
I used to count the proportion of Mac laptops in the room (or, at least, my row) to pass the time when I was bored.
.... I remember at the 1999 Washington IETF I saw exactly one, and I
could hear people whisper about it around me.
I used to attend with various Powerbook flavors over the years. I'm sure
that I wasn't the only person with a Mac at IETF in 1999. I snuck my SO
into the terminal room with her Mac, too....
In the *really* old days, MacTCP (and MacPPP, of course) were pretty common
among my compatriots, talking to Sun farms. But in those days, I used PC
desktops and laptops with KA9Q NOS.
We ran an ISP entirely on MacOS machines (with NetBlazers and PortMasters)
from 1994 to circa 1999, when Yellow Dog Linux became available.
William Allen Simpson wrote:
Marshall Eubanks wrote:
I used to count the proportion of Mac laptops in the room (or, at least, my row) to pass the time when I was bored.
.... I remember at the 1999 Washington IETF I saw exactly one, and I
could hear people whisper about it around me.
I used to attend with various Powerbook flavors over the years. I'm sure
that I wasn't the only person with a Mac at IETF in 1999. I snuck my SO
into the terminal room with her Mac, too....
So there was two of us at least I probably still had my "Blackbird".
Mark.
Dave Pooser wrote:
Do bots try brute force attacks on Telnet and FTP? All I see at my firewall
are SSH attacks and spam. But sure, if there's a lot of Telnet abuse block
23 too; I think it's used about as rarely by "normal" customers as SSH is.
Depending on the ip space I find FTP brute force attacks 10 times more common than SSH attacks. There really isn't a blanket rule you can impose.
On a different note, unless you clearly advertise that you're offering filtered services I don't really find the practice ethical - and no a tiny line in the TOS doesn't really cut it IMHO.
That doesn't mean it can't be done, simply spin the imposed ACL as a value-add and that your customers are now on a "safer internet".
Regards,
Chris
>Do bots try brute force attacks on Telnet and FTP? All I see at my firewall
>are SSH attacks and spam. But sure, if there's a lot of Telnet abuse block
>23 too; I think it's used about as rarely by "normal" customers as SSH is.
>
Depending on the ip space I find FTP brute force attacks 10 times more
common than SSH attacks. There really isn't a blanket rule you can impose.
On a different note, unless you clearly advertise that you're offering
filtered services I don't really find the practice ethical - and no a
tiny line in the TOS doesn't really cut it IMHO.
That doesn't mean it can't be done, simply spin the imposed ACL as a
value-add and that your customers are now on a "safer internet".
Does anyone have any handy links to actual raw data and papers about this?
I'm sure we've all got our own personal datapoints to support automated
network probes but I'd prefer to stuff something slightly more concrete
and official(!) into the Wiki.
Adrian
Adrian Chadd wrote:
Does anyone have any handy links to actual raw data and papers about this?
I'm sure we've all got our own personal datapoints to support automated
network probes but I'd prefer to stuff something slightly more concrete
and official(!) into the Wiki.
SANS ISC might have some useful reports. I see a few links in this article:
http://www.incidents.org/diary.html?storyid=4045
Justin
Depends on how you ask the questions.
How about: Should a statefull firewall be provided for casual broadband dynamic Internet access connections by default? Users may change the default settings of the stateful firewall as they choose.
1. Unsolicited inbound (to user LAN) traffic
Are there LAN-only protocols and other data packets which shouldn't be accepted on WAN Internet access links without prior coordination (if ever)?
1. Anti-spoofing controls of source addresses
2. Proxy/gratitious ARP, ICMP redirects, DHCP server->client, RIP?
3. "Local" multicast data and broadcasts
4. "Sanity" checks of IP headers (i.e. source==destination,
loopback, etc) which should never appear on the wire
5. Layer 2 non-Internet (non-IP, non-IPv6, non-ARP, non-PPPOE)
Are there some protocols that should have prior coordination when using some Internet access types, e.g. dynamic or unauthenticated connections?
1. outbound to off-net SMTP (port 25) instead of MSA (port 587)
2. NetBios over TCP, the exploding Microsoft protocol?
Might as well do TCP 20, 21 and 23, too. Woah, that slope's getting slippery!
Oh, no, this one again.
*** The Internet Is Not The Web. ***
Could someone put that onto a t-shirt ?
If it becomes normal for home users to only have 80 and 443, then how can I innovate and design something that needs a new protocol ? What happens to the new voice and video services for example ?
Might as well do TCP 20, 21 and 23, too. Woah, that slope's getting slippery!
Oh, no, this one again.
*** The Internet Is Not The Web. ***
Could someone put that onto a t-shirt ?
If it becomes normal for home users to only have 80 and 443, then how can I innovate and design something that needs a new protocol ? What happens to the new voice and video services for example ?
The DOD has already been faced with this (I know of some AFB that have instituted this policy).
The solution, of course, is to hire consultants (SIBR if possible) to port everything to port 80 !
You can't say they don't have a plan.
Regards
Marshall
That's been going on for years. Back when it was common for ISPs to run squid servers and transparently proxy to them (probably around 2000), I ran into a customer using some sort of aviation data in real time app which used port 80 (and wasn't HTTP). I had to special case traffic to that service's IP to get it not to hit squid. When I asked them why they were running a non-HTTP protocol on 80/tcp, the answer was "that gets us through most firewalls."
There's patches to Squid to make it silently transparently proxy stuff
that doesn't look like HTTP.
(I need to make it knob-able before I commit it, as some people -like- having
the "must be HTTP" implication of transparent interception.)
Adrian