<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><br><div dir="ltr">On May 5, 2020, at 9:51 PM, Thomas DeBellis <<a href="mailto:tommytimesharing@gmail.com">tommytimesharing@gmail.com</a>> wrote:<br><br></div><blockquote type="cite"><div dir="ltr"><span>Blocking NTP??  Boy, that's pretty anti-social...</span><br></div></blockquote><div><br></div><div>They allow client connections to their own NTP servers. The problem is I had four servers contributing to the NTP Pool project (<a href="https://www.ntppool.org/a/chk9fxzbh9h64vbcdx6dr">https://www.ntppool.org/a/chk9fxzbh9h64vbcdx6dr</a>). Upgrading to their newer hypervisors is their solution. I have started to migrate.</div><div><br></div><br><blockquote type="cite"><div dir="ltr"><span></span><br><span>Perhaps they only wanted queries to go to internal NTP servers and not outside to non-ISP servers?  One reason for this is if you get an 'accurate' clock and declare yourself a level-1 node, you get wind up getting hit with a lot of traffic.</span><br><span></span><br><span>On 5/5/20 7:32 PM, Peter Lothberg wrote:</span><br><blockquote type="cite"><span>Blocking NTP? So how do you get time? (udp 123)</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>----- Original Message -----</span><br></blockquote><blockquote type="cite"><span>From: "bqt" <<a href="mailto:bqt@softjar.se">bqt@softjar.se</a>></span><br></blockquote><blockquote type="cite"><span>To: "hecnet" <<a href="mailto:hecnet@Update.UU.SE">hecnet@Update.UU.SE</a>></span><br></blockquote><blockquote type="cite"><span>Sent: Tuesday, May 5, 2020 6:23:20 PM</span><br></blockquote><blockquote type="cite"><span>Subject: Re: [HECnet] Cisco DECnet routers and NML</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>They are unfortunately mostly incompetent, set to watch over even more</span><br></blockquote><blockquote type="cite"><span>incompetent people hooking up to the internet. So they try to do what</span><br></blockquote><blockquote type="cite"><span>they think is right, but it's a royal pain for people who actually do</span><br></blockquote><blockquote type="cite"><span>know what they are doing, and who want to do some things...</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>(I will not even tell you how much problems I have with mail in</span><br></blockquote><blockquote type="cite"><span>different directions...)</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>    Johnny</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>On 2020-05-06 00:15, Supratim Sanyal wrote:</span><br></blockquote><blockquote type="cite"><blockquote type="cite"><span>it's important we watch our blood pressure. I got this gem back. Trying</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>to figure out why SNMP is not working based on this list ...</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Support Ticket #62899404 has been updated</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Description:</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Hello Supratim,</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>We've been implementing measures to avoid cyber attacks from and or to</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>our network, For this reason, ports:</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>23,123,7722,389,135,137-139,445,69,514,161-162,6667 have been blocked.</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>---</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Supratim Sanyal, W1XMT</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>39.19151 N, 77.23432 W</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>QCOCAL::SANYAL via HECnet <<a href="http://www.update.uu.se/~bqt/hecnet.html">http://www.update.uu.se/~bqt/hecnet.html</a>></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>On May 5, 2020, at 6:05 PM, Dave McGuire <<a href="mailto:mcguire@neurotica.com">mcguire@neurotica.com</a></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span><<a href="mailto:mcguire@neurotica.com">mailto:mcguire@neurotica.com</a>>> wrote:</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>On 5/5/20 5:22 PM, Paul Koning wrote:</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>The Cisco DECnet router implementation does not speak "decnet</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>management" as</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>we all knew. The way we are using them the tunnel end-points are on</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>the Internet.</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Most of the information "missing" is actually available through the</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>SNMP MIB,</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>so if we could agree on a common read-only community and publish</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>the IP addresses</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>of those routers it would be possible to complete Paul's map..</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>I would definitely be up for that. Maybe "hecnet-ro" for the</span><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>community name?</span><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Regards, Tim.</span><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Unfortunately this doesn't seem to be feasible.  The issue is that my</span><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>ISP blocks SNMP outbound -- I have no idea why they would so such a</span><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>thing.  And as far as I can tell there isn't any way to tell Cisco to</span><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>accept incoming SNMP requests on any port other than the standard one.</span><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>  I would be on the phone with them cursing a blue streak.  I mean, do</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>they sell you a damn net connection, or not?  There's life outside of</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>port 80!  Wow.</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>  One thing you might be able to do is create a port mapping coming into</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>whatever terminates the "web browsing connection" from your upstream</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>provider, on some port that they don't presume to block, forwarding back</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>to port 161 on the Cisco.</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>            -Dave</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>-- </span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Dave McGuire, AK4HZ</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>New Kensington, PA</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><span></span><br></blockquote></div></blockquote></body></html>