|
Latest News
- Moved tools from qorbit.net to cymru.com. New location is at http://www.cymru.com/gillsr/tools.html
- Moved documents from qorbit.net to cymru.com. New location is at http://www.cymru.com/gillsr/documents.html
- 09/10/2003 - Nrancid posted to the tools page.
This is an addon written for Rancid v. 2.2.2 for automation of your Netscreen configuration backups.
- 09/09/2003 - IP2ASN posted to the tools page.
These scripts will determine the AS number from a list of IP addresses and can be run against a route-server or offline
against a BGP table dump. Credits to Team-Cymru for
making the tools available.
- 09/09/2003 - BGP Snarf
posted to the tools page. This tool has been made available to the public as a relatively easy way for
network engineers to monitor their own BGP prefixes. Credits to
Team-Cymru for making the tools available.
- 08/26/2003 - Removed 220/8 from JUNOS [Secure|BGP] Templates. It was erroneously listed as a bogon.
- 05/08/2003 - Fixed typo in the JUNOS ISP Prefix Filter Loose and Strict Templates in Phase 7 for 128.0.0.0/2 and 192.0.0.0/3. Thanks to Daniel Kerr for pointing this out!
- 02/10/2003 - Opened up the
BGP
Snarf tool v2.2 to the public for monitoring critical DNS
and infrastructure prefixes. Two monitornig points are in
place. Seeking others to participate in the project.
- 12/20/2002 - Fixed a few bugs in the
jtext JUNOS config conversion tool to address problems with 'group' statements, annotations, and disabled commands.
- 12/10/2002 - Posted "ScreenOS Hidden Commands Revealed", a command-line reference guide that describes as many
undocumented ScreenOS commands as possible for those administrators who just can't get enough.
- 12/10/2002 - Posted two ISP prefix filter templates based on
Barry Greene's Cisco counterparts. The templates are
almost identical except for their filtering policies which are
based on loose and strict prefix allocation guidelines.
- 11/29/2002 - Posted a dynamic web page that lists the up-to-date
Golden Networks. The web page is updated on a daily basis and checks the root server prefixes as well as the
COM, NET, ORG, GOV, MIL, ARPA top level domains.
- 11/26/2002 - Updated special DNS prefixes in JUNOS BGP Template and JUNOS BGP Appnote. After manual verification it was determined that several
of the Golden-networks prefixes are outdated and require modification including: j-root and i-gtld, j-gtld, k-gtld, and m-gtld.
- 11/23/2002 - 82.0.0.0/8 allocated to RIPE. Bogon networks in all templates have been updated accordingly.
- 11/01/2002 - Formally released "Catalyst Secure Template", a
detailed configuration template describing techniques on how to secure a Cisco
Catalyst switch running IOS 12.0 and above.
- 10/16/2002 - All documents have been converted to HTML
format for increased readability. Both PDF and HTML are
now available for each paper published on this site.
- 10/15/2002 - Public release of a paper covering attacks directed at stateful
firewalls and countermeasures for mitigation entitled "Maximizing
Firewall Availability." Related notices: CERT VU# 539363.
- 09/15/2002 - Announced the NetscreenNews
mailing list. This list is aimed at providing a medium for
knowledge sharing among Netscreen product end users.
- 08/26/2002 - Posted "PGP
Key Verification", a brief paper on retrieving and verifying the
authenticity of newly received PGP keys with examples using PGP
Freeware and GnuPG.
- 08/07/2002 - 69.0.0.0/8 allocated to ARIN.
Bogon networks in all templates have been updated accordingly.
- 07/10/2002 - Posted "Application Note: Hardening Netscreen
Firewalls", a detailed configuration template summarizing the steps necessary to harden
ScreenOS 3.1 configurations.
- 07/08/2002 - Added 198.18.0.0/15 (RFC 2544) and
128.0.0.0/16 (IANA Reserved) to all bogon lists. Current JUNOS document versions are
v1.62.
- 07/04/2002 - 221.0.0.0/8 allocated to APNIC. Bogon networks in all templates have been updated accordingly.
- 06/29/2002 - Posted a brief paper entitled,"ICMP
redirects are ba'ad, mkay?", reviewing ICMP redirects and
why their use should be avoided.
- 06/21/2002 - Corrected bugs in the JUNOS BGP Template and
Application Note relating to the filtering of small prefixes.
- 06/16/2002 - Formally released "Application Note: Securing BGP on
Juniper Routers", a paper based on the "JUNOS Secure BGP
Template" that covers in detail the steps required to fully
secure BGP on Juniper Routers.
- 05/12/2002 - Awaiting feedback from CERT, Netscreen, Cisco, and Check Point on "Maximizing Firewall Availabilty", a
paper describing techniques on improving resilience to session table DoS attacks.
- 04/04/2002 - Added a simple packet generator name "scooter" written
for FreeBSD 4.5 that makes use of the rate limiting features of ipfw and the dummynet interface.
It currently supports TCP, UDP, and ICMP-ECHO.
- 11/16/2001 - Formally released "JUNOS
RADIUS Authentication", a document that reviews how to
troubleshoot and configure RADIUS authentication and
authorization between a Juniper router and Funk Steel-Belted
Radius. You might end up learning something about the
RADIUS protocol along the way.
- 11/06/2001 - Updated document names on this site to reflect a simpler naming convention. If you are having
troubles with broken links, please update your shortcuts appropriately.
- 09/29/2001 - Updated diagrams and references in both JUNOS
templates. Existing diagrams were a bit hard to understand and
lacking in color. Also updated BGP damping configuration according
to final RIPE-210 draft.
- 09/13/2001 - Formally released "RIPE-210
Addendum", a document which presents additional information
regarding the original RIPE-210 publication surrounding the
updating of DNS netblocks within standard BGP damping parameters.
- 09/11/2001 - Our deepest sympathies go out to those who have suffered so
much as a result of the horrible tragedies that occurred today
in the US. Our prayers are with those individuals who are experiencing
such immense sorrow, and with those who felt the horrible need
to create such terror. May we look to Christ for comfort, strength,
and direction in our lives.
- 08/11/2001 - Corrected bugs in the JUNOS templates related
to BGP damping and static discard routes.
- 07/05/2001 - Fixed a minor bug in the "JUNOS Secure Template",
and improved support for newline characters in the "jtext" tool.
- 07/01/2001 - Posted the newly released jtext-gui,
a front-end for the JUNOS Config Converter.
- 06/28/2001 - Added support for the "deactivate" statement
in the JUNOS Config Converter.
- 06/09/2001 - Cleaned up the code for "icgen",
an ICMP error message generator, and decided to make it available
in the tools section. It can be used to send any ICMP error
message based on the arguments you specify.
- 06/04/2001 - Completed the win32 console version of "jtext"
and posted it in the tools section.
- 05/28/2001 - Updated the "JUNOS
Secure Template" [v 1.0 draft] and "JUNOS
Secure BGP Template" [v 1.0 draft] to reflect the most recent
additions to their Cisco compatriots presented by Rob Thomas:
"Secure
IOS Template" [v 2.1] and "Secure
BGP Template" [v 2.3].
- 05/26/2001 - I've written a web based tool named "jtext.pl"
to convert JUNOS "function" style configurations into more user
friendly "set" commands. I don't profess to be a perl monger,
so if you have any code suggestions or enhancement requests
let me know! This program has been taken offline and has been replaced
by much better coding and updated bug fixes.
- 05/21/2001 - "JUNOS
upto v. through route-filter" document complete. Covers
in detail how the 'through' match-type actually functions.
- 05/02/2001 - qOrbit.net is now fully registered and operational.
- 04/27/2001 - First draft of this website created. There
may be a few bugs and errors here and there, so if you see any
we'd like to know.
- 04/27/2001 - I'm working on registering qOrbit.net as my permanent
domain name. Hopefully this site will be around for a
long time.
- 04/25/2001 - The first drafts of the "JUNOS
Secure Template" and "JUNOS
Secure BGP Template" have been completed. They
are currently being reviewed and tested for bugs. The
first official release of the documents should be available
within the near future.
[Home]
[Tools]
[Documents]
|
