My biggest complain about modern firewalls is their lack of the ability to create rules based on URLs or HTTP streams; you have to open access between IP addresses. Yes, I know there are other means to do that, but I want my ASA/PIX/FWSM to do it without making me do so much work. Anyway, […]
I can’t believe I haven’t talked about object-groups yet. I had a whole other blog entry written up, and, when I went to link things over, I realized I couldn’t find an intro to it. Here it goes. Welcome to the modern world. A world of wonder. A world of quickly-advancing technology. A world where […]
Wow. A new entry. Everyone sit down before you pass out. I’ve got a real-world example for you today. We have an ASA 5540 installed at a business unit with interfaces in multiple networks, including one containing the production servers and another containing the accounting servers. The production network sits on a 7600 that’s not […]
I apologize to my adoring fans (both of you) for the lack of posting. I’m in the middle of moving, buying a new house, selling my current house, getting a mortgage, etc. I’ve up until 11:30 nearly every night filling out forms and going through red tape. Don’t get me started on getting money from […]
I can’t believe I stuck with something for 2 years. I usually get a month in before I get bored and give up. Anyway, 2 years ago this month, I wrote a terribly-written article on The Principle of Least Privilege. Since then, though, my writing has improved (at least, I think it has), the topics […]
EtherChannel lets you aggregate links into one logical connection, but the distribution of traffic is not uniform. It does not use per-packet load-balancing or the like to determine what interface in the bundle to use. Instead, it uses a XOR function on packet information to generate a hash that is used to determine what interface […]
I promise I’m still here. It’s just vacation time, and I’ve been slacking. On top of that, I’m doing some work-travelling this week, and that really puts a damper on your schedule. I’ll try my darndest to get some new stuff up this week. I know there are people rolling around on the floor in […]
I’ve decided to take on the CCNP certification, so I’m going to wind up with a few posts will be more my own notes than anything. 🙂 A switch port on a 2960 comes up with a default configuration on VLAN 1. What happens from the perspective of spanning-tree? First, the port comes up on […]
I’ve got a non-technical one for you today. If you’re paying attention to stuff around you, you’ll probably end up with a little paranoia after reading this. We’re having another circuit installed, and the LEC came out to do their end-to-end testing. The tech, Dan, calls me up on the phone and tells me who […]
SSH is more than just a shell. You can copy files from and to a server or piece of network gear with it. You can use it to tunnel traffic. Possibly my favorite, though, is to use SSH to run a command on a remote box without interacting with a shell. One of my biggest […]