[HECnet] Cisco DECnet routers and NML

Tue May 5 20:35:53 PDT 2020

> On May 5, 2020, at 9:51 PM, Thomas DeBellis <tommytimesharing at gmail.com> wrote:
> 
> Blocking NTP??  Boy, that's pretty anti-social...

They allow client connections to their own NTP servers. The problem is I had four servers contributing to the NTP Pool project (https://www.ntppool.org/a/chk9fxzbh9h64vbcdx6dr). Upgrading to their newer hypervisors is their solution. I have started to migrate.

> 
> Perhaps they only wanted queries to go to internal NTP servers and not outside to non-ISP servers?  One reason for this is if you get an 'accurate' clock and declare yourself a level-1 node, you get wind up getting hit with a lot of traffic.
> 
>> On 5/5/20 7:32 PM, Peter Lothberg wrote:
>> Blocking NTP? So how do you get time? (udp 123)
>> 
>> ----- Original Message -----
>> From: "bqt" <bqt at softjar.se>
>> To: "hecnet" <hecnet at Update.UU.SE>
>> Sent: Tuesday, May 5, 2020 6:23:20 PM
>> Subject: Re: [HECnet] Cisco DECnet routers and NML
>> 
>> They are unfortunately mostly incompetent, set to watch over even more
>> incompetent people hooking up to the internet. So they try to do what
>> they think is right, but it's a royal pain for people who actually do
>> know what they are doing, and who want to do some things...
>> 
>> (I will not even tell you how much problems I have with mail in
>> different directions...)
>> 
>>    Johnny
>> 
>>> On 2020-05-06 00:15, Supratim Sanyal wrote:
>>> it's important we watch our blood pressure. I got this gem back. Trying
>>> to figure out why SNMP is not working based on this list ...
>>> 
>>> Support Ticket #62899404 has been updated
>>> 
>>> Description:
>>> Hello Supratim,
>>> We've been implementing measures to avoid cyber attacks from and or to
>>> our network, For this reason, ports:
>>> 23,123,7722,389,135,137-139,445,69,514,161-162,6667 have been blocked.
>>> 
>>> ---
>>> Supratim Sanyal, W1XMT
>>> 39.19151 N, 77.23432 W
>>> QCOCAL::SANYAL via HECnet <http://www.update.uu.se/~bqt/hecnet.html>
>>> 
>>> 
>>> On May 5, 2020, at 6:05 PM, Dave McGuire <mcguire at neurotica.com
>>> <mailto:mcguire at neurotica.com>> wrote:
>>> 
>>>> On 5/5/20 5:22 PM, Paul Koning wrote:
>>>>>>> The Cisco DECnet router implementation does not speak "decnet
>>>>>>> management" as
>>>>>>> we all knew. The way we are using them the tunnel end-points are on
>>>>>>> the Internet.
>>>>>>> 
>>>>>>> Most of the information "missing" is actually available through the
>>>>>>> SNMP MIB,
>>>>>>> so if we could agree on a common read-only community and publish
>>>>>>> the IP addresses
>>>>>>> of those routers it would be possible to complete Paul's map..
>>>>>>> 
>>>>>> I would definitely be up for that. Maybe "hecnet-ro" for the
>>>>>> community name?
>>>>>> 
>>>>>> Regards, Tim.
>>>>> Unfortunately this doesn't seem to be feasible.  The issue is that my
>>>>> ISP blocks SNMP outbound -- I have no idea why they would so such a
>>>>> thing.  And as far as I can tell there isn't any way to tell Cisco to
>>>>> accept incoming SNMP requests on any port other than the standard one.
>>>>  I would be on the phone with them cursing a blue streak.  I mean, do
>>>> they sell you a damn net connection, or not?  There's life outside of
>>>> port 80!  Wow.
>>>> 
>>>>  One thing you might be able to do is create a port mapping coming into
>>>> whatever terminates the "web browsing connection" from your upstream
>>>> provider, on some port that they don't presume to block, forwarding back
>>>> to port 161 on the Cisco.
>>>> 
>>>>            -Dave
>>>> 
>>>> -- 
>>>> Dave McGuire, AK4HZ
>>>> New Kensington, PA
>> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sonic.net/pipermail/hecnet-list/attachments/20200505/66d90b3c/attachment-0001.html>