Skip to Content

April 2006

My Secret-Ninja DNS Servers

Thu, 2006-04-06 07:17

There's always a time where I'll be configuring a Cisco router or switch or some other device at a client site and have a need for DNS capabilities. Well, figuring out what their DNS Server is is always a pain. Years ago, someone mentioned some public DNS servers to me that I've been using ever since. They are hosted by Layer 3 Communications. I personally love them because their IP address is SO EASY to remember. So, I figured I'd pass on the info for everone to have:
Public DNS Server 1: 4.2.2.2
Public DNS Server 2: 4.2.2.3
Isn't that easy? :)

Cisco Emulator

Fri, 2006-04-07 07:14

I've seen this one posted on a couple blogs 'round the net, but it's too awesome to pass up. This fellow has created a CISCO EMULATOR! Not just a simulator, but an actual emulator allowing you to boot up a 7200 IOS on a Linux- or Windows-based PC!!! When I first got into Cisco 8 years ago, this is something I would have given a left kidney for. I've tested it out and it works GREAT - I'm really excited to see this develop into a system that can emulate other router models and interfaces.
You will need a copy of a 7200 IOS version to make this happen.

HSRP vs. VRRP vs. GLBP

Sat, 2006-04-15 15:47

This last week, I ended up doing a basic deployment over at the AT&T NOC here in Mesa, Arizona. There's nothing like the feeling of walking into a NOC, complete with full hand scanners that also check for a pulse equipping each door, hundreds of racks of equipment, the fan whir so loud that you can't hear yourself think. Ah, I'm slipping back into it just thinking about it.
Back to the topic at hand.

This redundant topology just begged to use one of the redundancy protocols: HSRP, VRRP, or GLBP. The big question is...which one? ...and why? Well, me being a Cisco spud, I immediately gravitated to HSRP since that's all I know very well. But before I left, I decided to check out the competition, here's what I found:

Cisco Hot-Standby Router Protocol (HSRP):

  • Created by Cisco, for Cisco in 1994
  • Uses a default hello timer of 3 seconds with a hold timer of 10 seconds

Guidelines on Firewalls and Firewall Policy

Sat, 2006-04-29 11:00

I just finished reading through the National Institute of Standards and Technology (NIST)'s Guidelines on Firewalls and Firewall Policy. It's actually very well written with casual-enough language to hold your attention. I thought I'd sum up some of the key points for blocking traffic in a good firewall design. The following traffic types should always be blocked:

  • Inbound traffic from a non-authenticated source system with a destination address of the firewall itself
  • Inbound traffic with a source address indicating that the packet originated on a network behind the firewall
  • Inbound traffic containing ICMP
  • Inbound or outbound traffic from a system using a source address that falls within the private address ranges show n in RFC 1918
  • Inbound traffic from a non-authenticated source system containing SNMP
  • Inbound traffic containing IP Source Routing information


Dr. Radut