Profile cover photo
Profile photo
jean-christophe Manciot
278 followers -
Network & Security Engineer
Network & Security Engineer

278 followers
About
Posts

Post has attachment
#Cloudflare 's call to promote #RPKI as a first step into securing #BGP through the use of ROAs created by the Trust Anchors (RIRs): https://blog.cloudflare.com/rpki/
Cloudflare provides their open source implementation of the RPKI to Router protocol (RTR) called #GoRTR : https://github.com/cloudflare/gortr
Photo
Add a comment...

Post has attachment
2 of my @gitlab projects have been archived without any warning or justification by the staff. That is a strange and brutal way of dealing with people.
It seems that it's time to move on.
Photo
Add a comment...

Post has attachment

Post has attachment
How is it even conceivable that in april 2018, none of the following major websites has any #IPv6 address yet?
- @Twitter
- @github
- @gitlab
- @ubuntu +Ubuntu
- Launchpad

23 years after the first IETF specification (RFC 1883), still no progress in that matter.
Unbelievable ... yet sadly real:

# for host in twitter.com github.com gitlab.com ubuntu.com launchpad.net google.com; do echo "Digging IPv4 address for $host"; dig $host A +short; echo "Digging IPv6 address for $host"; dig $host AAAA +short; done

Digging IPv4 address for twitter.com
104.244.42.129
104.244.42.65
Digging IPv6 address for twitter.com
Digging IPv4 address for github.com
192.30.253.112
192.30.253.113
Digging IPv6 address for github.com
Digging IPv4 address for gitlab.com
52.167.219.168
Digging IPv6 address for gitlab.com
Digging IPv4 address for ubuntu.com
91.189.94.40
Digging IPv6 address for ubuntu.com
Digging IPv4 address for launchpad.net
91.189.89.223
91.189.89.222
Digging IPv6 address for launchpad.net
Digging IPv4 address for google.com
172.217.22.142
Digging IPv6 address for google.com
2a00:1450:4007:80f::200e
Photo
Add a comment...

Post has attachment
In France, the #NetNeutrality is still respected (but for how long?), according to the #Wehe #Android app which I have run over the following 2 ISPs with no differentiation on all 7 tested applications:
- #Orange Gigabit fiber
- #BouyguesTélécom 4G mobile
Photo
Photo
1/26/18
2 Photos - View album
Add a comment...

Post has attachment
There does not seem to be a place for reporting G+ issues, so I'm posting here.
The number of allowed characters of a collection title is higher than the ones that are displayed once the collection has been edited.
This means that the collection title can be unintentionally trimmed.
For instance, the original title of the collection below was correctly defined & saved as "Cloud/DC Computing, Hypervisors & Containers", but is displayed as ""Cloud/DC Computing, Hypervisors &".
EDIT: as suggested by +Kamal Tailor, this issue is triggered by some specific zoom level and font size.
Photo

Post has attachment
+Ivan Pepelnjak 's playbook which uses ssh-keygen to automate the process of collecting SSH public keys has a major security flaw when used in the wild: it does not verify the collected keys and thus exposes your communication with your alleged targets to man in the middle attacks.

The issue with ansible is that you don't get the fingerprint verification question the first time you connect to a device before saving the target's public SSH key into your known_hosts file.
It is possible to automate the process of fingerprint verification even in insecure environments.
Add a comment...

Post has attachment
How to defeat any model-driven telemetry HA design, by #Cisco:
"In the event that a telemetry receiver goes down, other receivers will see data flow interrupted."
The context is NX-OS 7.x on 9k.
The gem is available below.
Add a comment...

#CumulusNetworks has just deleted a bug reported online about netd not being able to start on Cumulus VX. I have not a single clue about the why...
Maybe someone can help troubleshoot this issue.
The bug report states the following:

Cumulus VX 3.3.2

root@cumulus:~# net show

ERROR: net could not connect to netd

Try starting netd with:
sudo systemctl start netd

To configure netd to start when the box boots:
sudo systemctl enable netd
root@cumulus:~# systemctl start netd
root@cumulus:~# systemctl status netd
● netd.service - Network Command Line Utility Daemon
Loaded: loaded (/lib/systemd/system/netd.service; enabled)
Active: activating (auto-restart) (Result: signal) since Tue 2017-07-25 13:13:55 UTC; 3s ago
Process: 1095 ExecStart=/usr/bin/python /usr/sbin/netd -d (code=killed, signal=KILL)
Main PID: 1095 (code=killed, signal=KILL)

Jul 25 13:13:55 cumulus systemd[1]: netd.service: main process exited, code=killed, status=9/KILL
Jul 25 13:13:55 cumulus systemd[1]: Unit netd.service entered failed state.

root@cumulus:~# more /var/log/syslog | grep netd
2017-07-25T09:24:55.172459+00:00 cumulus systemd[1]: netd.service: main process exited, code=killed, status=9/KILL
2017-07-25T09:24:55.174868+00:00 cumulus systemd[1]: Unit netd.service entered failed state.
2017-07-25T09:25:00.236966+00:00 cumulus systemd[1]: netd.service holdoff time over, scheduling restart.
2017-07-25T09:25:00.927487+00:00 cumulus systemd[1]: netd.service: main process exited, code=killed, status=9/KILL
2017-07-25T09:25:00.928581+00:00 cumulus systemd[1]: Unit netd.service entered failed state.
2017-07-25T09:25:05.985206+00:00 cumulus systemd[1]: netd.service holdoff time over, scheduling restart.
2017-07-25T09:25:06.763703+00:00 cumulus systemd[1]: netd.service: main process exited, code=killed, status=9/KILL
2017-07-25T09:25:06.767093+00:00 cumulus systemd[1]: Unit netd.service entered failed state.
2017-07-25T09:25:11.736479+00:00 cumulus systemd[1]: netd.service holdoff time over, scheduling restart.
2017-07-25T09:25:11.738437+00:00 cumulus systemd[1]: netd.service start request repeated too quickly, refusing to start.
2017-07-25T09:25:11.739216+00:00 cumulus systemd[1]: Unit netd.service entered failed state.
...and so on
Add a comment...

Post has attachment
Deploying GNS3 Server on a remote Bare-Metal or VM server with a hardened security is available on my:
- #PPA repository: https://git.sdxlive.com/PPA/tree/GNS3/gns3-install-on-remote-server.sh for latest Ubuntu
and
- #DR repository: https://git.sdxlive.com/DR/tree/GNS3/gns3-install-on-remote-server.sh for latest Debian
- it's the same bash script which now takes care of both #Linux distributions.
- It can be typically used when local resources - RAM/vCPUs - are too scarce to run NFVs images on the local computer/laptop/server.
- you continue to run GNS3 GUI on your local computer/laptop/server.
- it is designed to function on any public cloud provider which supports nested virtualization or bare metal servers.
- I use it on packet.net @packethost
Add a comment...
Wait while more posts are being loaded