From sales at prihost.com Fri Aug 1 01:38:01 2003 From: sales at prihost.com (PRIHOST SALES) Date: Tue Jan 18 13:57:52 2005 Subject: [Ascend] (no subject) Message-ID: - ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From rt_mena at yahoo.com Sat Aug 2 00:13:01 2003 From: rt_mena at yahoo.com (Robert Mena) Date: Tue Jan 18 13:57:52 2005 Subject: [Ascend] (ASCEND) Strange MAX TNT disconnection Message-ID: <20030801193706.278.qmail@web9804.mail.yahoo.com> Hi, I've been receiving some complaints from users who get disconnected before even get authenticated. The same user can connect no another analog-based RAS and other digital ones such as PM3. I've managed to reproduce the error using linux+minicom. One thing that is "different" from other RAS is that with the other I get the banner and login: prompt but not with MAX. I am using TAOS 8.0.2 This session was made with linux+minicom+usr courier modem Welcome to minicom 2.00.0 AT S7=45 S0=0 L1 V1 X4 &c1 E1 Q0 OK atdt222-2222 CONNECT 31200/ARQ NO CARRIER atdt222-2222 CONNECT 31200/ARQ NO CARRIER a*tdt333-3333 CONNECT 31200/ARQ User Access Verification Login: fmota Password: Entering PPP mode. Async interface address is unnumbered (Ethernet0) Your IP address is A.B.C.D. MTU is 1500 bytes Header compression will match your system. ~~}#þ!}!} }8}"}&} }*} } }#}$þ#}%}&},.>.}'}"}(}"8})~~}#þ!}!ù} }8}"}&} }*} } }# ~ ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From troy at psknet.com Sat Aug 2 10:16:00 2003 From: troy at psknet.com (Troy Settle) Date: Tue Jan 18 13:57:52 2005 Subject: [Ascend] RE: (ASCEND) Strange MAX TNT disconnection In-Reply-To: <20030801193706.278.qmail@web9804.mail.yahoo.com> Message-ID: <000901c35903$a55682b0$0100a8c0@tws> It would help if you could include more information, such as some syslog entries or radius accounting records (hint: set stop-only to yes). The key information I would need to help you out, are the Connect-Progress and Disconnect-Cause codes. -- Troy Settle Pulaski Networks http://www.psknet.com 540.994.4254 ~ 866.477.5638 Pulaski Chamber 2002 Small Business Of The Year > -----Original Message----- > From: owner-ascend-users@max.bungi.com > [mailto:owner-ascend-users@max.bungi.com] On Behalf Of Robert Mena > Sent: Friday, August 01, 2003 3:37 PM > To: ascend-users@bungi.com > Subject: (ASCEND) Strange MAX TNT disconnection > > > Hi, > > I've been receiving some complaints from users who get > disconnected before even get authenticated. > > The same user can connect no another analog-based RAS > and other digital ones such as PM3. > > I've managed to reproduce the error using > linux+minicom. > > One thing that is "different" from other RAS is that > with the other I get the banner and login: prompt but > not with MAX. > > I am using TAOS 8.0.2 > > This session was made with linux+minicom+usr courier > modem > > Welcome to minicom 2.00.0 > > AT S7=45 S0=0 L1 V1 X4 &c1 E1 Q0 > OK > atdt222-2222 > CONNECT 31200/ARQ > NO CARRIER > > atdt222-2222 > CONNECT 31200/ARQ > NO CARRIER > > a*tdt333-3333 > CONNECT 31200/ARQ > > > User Access Verification > > Login: fmota > Password: > Entering PPP mode. > Async interface address is unnumbered (Ethernet0) > Your IP address is A.B.C.D. MTU is 1500 bytes > Header compression will match your system. > > ~~}#?!}!} }8}"}&} }*} } > }#}$?#}%}&},.>.}'}"}(}"8})~~}#?!}!?} }8}"}&} }*} } }# > ~ > > > > ++ Ascend Users Mailing List ++ > To unsubscribe: send unsubscribe to > ascend-users-request@bungi.com > Archives: http://www.nexial.com/mailinglists/ > ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From rt_mena at yahoo.com Sun Aug 3 08:38:01 2003 From: rt_mena at yahoo.com (Robert Mena) Date: Tue Jan 18 13:57:52 2005 Subject: [Ascend] (ASCEND) MAX TNT refusing to accept fixed IP Message-ID: <20030803133131.25878.qmail@web9806.mail.yahoo.com> Hi, Still on the MAX TNT configuration I've noticed that all my users that have a fixed IP (set by radius) does not connect. They get authenticated but windows shows a could not link message and drops the connection. If I use other login/password with the same equipment evetything is fine. - rt __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From rt_mena at yahoo.com Sun Aug 3 08:38:02 2003 From: rt_mena at yahoo.com (Robert Mena) Date: Tue Jan 18 13:57:53 2005 Subject: [Ascend] RE: (ASCEND) Strange MAX TNT disconnection In-Reply-To: <000901c35903$a55682b0$0100a8c0@tws> Message-ID: <20030803132759.85473.qmail@web9804.mail.yahoo.com> Hi Troy, Maybe I did not use the correct terms. I have other RAS from Lucent, cisco and if I connect to those with minicom or that windows terminal option enabled I receive a message banner (like welcome to my ISP) and I am prompted with Login and Password. After I give the correct values and get authenticated automatically I receive the PPP packages. For example : User Access Verification Login: fmota Password: Entering PPP mode. Async interface address is unnumbered (Ethernet0) Your IP address is A.B.C.D. MTU is 1500 bytes Header compression will match your system. I'd like to have the same functionality under MAX as it seems that some Clients, perhaps with old windows, seems to have problem with the current setup where no prompt is given. Regards. --- Troy Settle wrote: > > It would help if you could include more information, > such as some syslog > entries or radius accounting records (hint: set > stop-only to yes). The > key information I would need to help you out, are > the Connect-Progress > and Disconnect-Cause codes. > > -- > Troy Settle > Pulaski Networks > http://www.psknet.com > 540.994.4254 ~ 866.477.5638 > Pulaski Chamber 2002 Small Business Of The Year > > > > -----Original Message----- > > From: owner-ascend-users@max.bungi.com > > [mailto:owner-ascend-users@max.bungi.com] On > Behalf Of Robert Mena > > Sent: Friday, August 01, 2003 3:37 PM > > To: ascend-users@bungi.com > > Subject: (ASCEND) Strange MAX TNT disconnection > > > > > > Hi, > > > > I've been receiving some complaints from users who > get > > disconnected before even get authenticated. > > > > The same user can connect no another analog-based > RAS > > and other digital ones such as PM3. > > > > I've managed to reproduce the error using > > linux+minicom. > > > > One thing that is "different" from other RAS is > that > > with the other I get the banner and login: prompt > but > > not with MAX. > > > > I am using TAOS 8.0.2 > > > > This session was made with linux+minicom+usr > courier > > modem > > > > Welcome to minicom 2.00.0 > > > > AT S7=45 S0=0 L1 V1 X4 &c1 E1 Q0 > > OK > > atdt222-2222 > > CONNECT 31200/ARQ > > NO CARRIER > > > > atdt222-2222 > > CONNECT 31200/ARQ > > NO CARRIER > > > > a*tdt333-3333 > > CONNECT 31200/ARQ > > > > > > User Access Verification > > > > Login: fmota > > Password: > > Entering PPP mode. > > Async interface address is unnumbered (Ethernet0) > > Your IP address is A.B.C.D. MTU is 1500 bytes > > Header compression will match your system. > > > > ~~}#þ!}!} }8}"}&} }*} } > > }#}$þ#}%}&},.>.}'}"}(}"8})~~}#þ!}!ù} }8}"}&} }*} } > }# > > ~ > > > > > > > > ++ Ascend Users Mailing List ++ > > To unsubscribe: send unsubscribe to > > ascend-users-request@bungi.com > > Archives: http://www.nexial.com/mailinglists/ > > > __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From jouwerk_379 at aapi.co.uk Wed Aug 13 06:30:01 2003 From: jouwerk_379 at aapi.co.uk (FREE SOFTWARE! (ALMOST)) Date: Tue Jan 18 13:57:53 2005 Subject: [Ascend] (ASCEND) Re: Your Software Message-ID: A non-text attachment was scrubbed... Name: not available Type: text Size: 1060 bytes Desc: not available Url : http://shadowknight.real-time.com/pipermail/rte-ascend/attachments/20030813/520a3f1e/attachment.asc From jouphi_270 at iskratel.si Wed Aug 13 06:32:00 2003 From: jouphi_270 at iskratel.si (FREE SOFTWARE! (ALMOST)) Date: Tue Jan 18 13:57:53 2005 Subject: [Ascend] (ASCEND) Re: Your Software Message-ID: <200308131116.EAA23583@max.bungi.com> A non-text attachment was scrubbed... Name: not available Type: text Size: 1060 bytes Desc: not available Url : http://shadowknight.real-time.com/pipermail/rte-ascend/attachments/20030813/8c506672/attachment.pot From abcjr at abcjr.net Wed Aug 13 15:15:11 2003 From: abcjr at abcjr.net (Arnold Cavazos Jr.) Date: Tue Jan 18 13:57:53 2005 Subject: [Ascend] (ASCEND) Filters for Lovesan/MSBlast ? Message-ID: <20030813193827.GA34708@abcjr.net> Has anybody implemented Max-based filters for the Lovesan/MSBlast worm? If so are you using radius or defined filters on the Max? Anybody care to share configs? -- Arnold Cavazos, Jr. abcjr at abcjr . net ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From nealis at rcn.com Thu Aug 14 11:59:01 2003 From: nealis at rcn.com (Jason Nealis) Date: Tue Jan 18 13:57:53 2005 Subject: [Ascend] Re: (ASCEND) Filters for Lovesan/MSBlast ? In-Reply-To: <20030813193827.GA34708@abcjr.net> References: <20030813193827.GA34708@abcjr.net> Message-ID: <20030814163507.GA30503@rcn.com> I'm curious if any of you have started to encounter any wierd routing / Ethernet-card problems on your TNT's since the beloved MSBLast worm hit. On Wed, Aug 13, 2003 at 02:38:28PM -0500, Arnold Cavazos Jr. stated > Has anybody implemented Max-based filters for the Lovesan/MSBlast worm? > > If so are you using radius or defined filters on the Max? > > Anybody care to share configs? > > -- > Arnold Cavazos, Jr. abcjr at abcjr . net > ++ Ascend Users Mailing List ++ > To unsubscribe: send unsubscribe to ascend-users-request@bungi.com > Archives: http://www.nexial.com/mailinglists/ -- ------ Jason Nealis Internet Systems and Services RCN (NASDAQ) RCNC ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From pauly at HRZ.Uni-Marburg.DE Thu Aug 14 11:59:03 2003 From: pauly at HRZ.Uni-Marburg.DE (Martin Pauly) Date: Tue Jan 18 13:57:53 2005 Subject: [Ascend] Re: (ASCEND) Filters for Lovesan/MSBlast ? In-Reply-To: <20030813193827.GA34708@abcjr.net> References: <20030813193827.GA34708@abcjr.net> Message-ID: <200308141844.58653.pauly@hrz.uni-marburg.de> Hi, > Has anybody implemented Max-based filters for the Lovesan/MSBlast worm? no, but I would very much like to do that. > Anybody care to share configs? It can't be too hard: all you have to do is to block TCP Port 135 in either direction. My problem is: I have never done any filtering on my MAX 4000s before, and I simply cannot get _any_ filter to work. For instance, blocking _all_ pings (and other ICMPs) should be achieved by setting up a symmetrical pair of filters (in/out) of Type=IP, with Forward=No, Protocol=1 and leaving everything else on the default -- right? I applied all setting in the menus below Ethernet-->Filters. Am I missing some some global config switch or the like? Any help is very much appreciated Thanks, Martin -- Dr. Martin Pauly Fax: 49-6421-28-26994 HRZ Univ. Marburg Phone: 49-6421-28-23527 Hans-Meerwein-Str. E-Mail: pauly@HRZ.Uni-Marburg.DE D-35032 Marburg ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From abcjr at abcjr.net Thu Aug 14 13:10:02 2003 From: abcjr at abcjr.net (Arnold Cavazos Jr.) Date: Tue Jan 18 13:57:53 2005 Subject: [Ascend] (ASCEND) Lovesan/MSBlast Filters Message-ID: <20030814180043.GB49724@abcjr.net> Thanks for all of your replies. There are basically two ways to define the filters, in your Radius Reply, or statically on the APX/TNT/MAX. If you define them statically, you will have to activate them for each call. This can be done by passing the Filter-Id = attribute in your radius reply, or by using the "Answer-Defaults" facility of the NAS itself. Details are below. YMMV use at your own risk... BTW.. The ports are based on CERT advisory: http://www.cert.org/advisories/CA-2003-20.html -- Arnold Cavazos, Jr. abcjr at abcjr . net Here is the ruleset for a Radius Reply: Ascend-Data-Filter = ip in drop udp dstport = 69, Ascend-Data-Filter = ip in drop udp dstport = 135, Ascend-Data-Filter = ip in drop udp dstport = 139, Ascend-Data-Filter = ip in drop udp dstport = 445, Ascend-Data-Filter = ip in drop tcp dstport = 135, Ascend-Data-Filter = ip in drop tcp dstport = 139, Ascend-Data-Filter = ip in drop tcp dstport = 445, Ascend-Data-Filter = ip in drop tcp dstport = 4444, Ascend-Data-Filter = ip in forward, Ascend-Data-Filter = ip out drop udp dstport = 69, Ascend-Data-Filter = ip out drop udp dstport = 135, Ascend-Data-Filter = ip out drop udp dstport = 139, Ascend-Data-Filter = ip out drop udp dstport = 445, Ascend-Data-Filter = ip out drop tcp dstport = 135, Ascend-Data-Filter = ip out drop tcp dstport = 139, Ascend-Data-Filter = ip out drop tcp dstport = 445, Ascend-Data-Filter = ip out drop tcp dstport = 4444, Ascend-Data-Filter = ip out forward, Here is the ruleset for a 6096 config file: START=FILT=900=3 Name=blaster In filter 01...Valid=Yes In filter 01...Type=IP In filter 01...Ip...Protocol=17 In filter 01...Ip...Dst Port Cmp=Eql In filter 01...Ip...Dst Port #=69 In filter 02...Valid=Yes In filter 02...Type=IP In filter 02...Ip...Protocol=17 In filter 02...Ip...Dst Port Cmp=Eql In filter 02...Ip...Dst Port #=135 In filter 03...Valid=Yes In filter 03...Type=IP In filter 03...Ip...Protocol=17 In filter 03...Ip...Dst Port Cmp=Eql In filter 03...Ip...Dst Port #=139 In filter 04...Valid=Yes In filter 04...Type=IP In filter 04...Ip...Protocol=17 In filter 04...Ip...Dst Port Cmp=Eql In filter 04...Ip...Dst Port #=445 In filter 05...Valid=Yes In filter 05...Type=IP In filter 05...Ip...Protocol=6 In filter 05...Ip...Dst Port Cmp=Eql In filter 05...Ip...Dst Port #=135 In filter 06...Valid=Yes In filter 06...Type=IP In filter 06...Ip...Protocol=6 In filter 06...Ip...Dst Port Cmp=Eql In filter 06...Ip...Dst Port #=139 In filter 07...Valid=Yes In filter 07...Type=IP In filter 07...Ip...Protocol=6 In filter 07...Ip...Dst Port Cmp=Eql In filter 07...Ip...Dst Port #=445 In filter 08...Valid=Yes In filter 08...Type=IP In filter 08...Ip...Protocol=6 In filter 08...Ip...Dst Port Cmp=Eql In filter 08...Ip...Dst Port #=4444 In filter 09...Valid=Yes In filter 09...Type=IP In filter 09...Generic...Forward=Yes In filter 09...Ip...Forward=Yes In filter 09...Ipx...Forward=Yes Out filter 01...Valid=Yes Out filter 02...Type=IP Out filter 01...Ip...Protocol=17 Out filter 01...Ip...Dst Port Cmp=Eql Out filter 01...Ip...Dst Port #=69 Out filter 02...Valid=Yes Out filter 02...Type=IP Out filter 02...Ip...Protocol=17 Out filter 02...Ip...Dst Port Cmp=Eql Out filter 02...Ip...Dst Port #=135 Out filter 03...Valid=Yes Out filter 04...Type=IP Out filter 03...Ip...Protocol=17 Out filter 03...Ip...Dst Port Cmp=Eql Out filter 03...Ip...Dst Port #=139 Out filter 04...Valid=Yes Out filter 04...Type=IP Out filter 04...Ip...Protocol=17 Out filter 04...Ip...Dst Port Cmp=Eql Out filter 04...Ip...Dst Port #=445 Out filter 05...Valid=Yes Out filter 05...Type=IP Out filter 05...Ip...Protocol=6 Out filter 05...Ip...Dst Port Cmp=Eql Out filter 05...Ip...Dst Port #=135 Out filter 06...Valid=Yes Out filter 06...Type=IP Out filter 06...Ip...Protocol=6 Out filter 06...Ip...Dst Port Cmp=Eql Out filter 06...Ip...Dst Port #=139 Out filter 07...Valid=Yes Out filter 07...Type=IP Out filter 07...Ip...Protocol=6 Out filter 07...Ip...Dst Port Cmp=Eql Out filter 07...Ip...Dst Port #=445 Out filter 08...Valid=Yes Out filter 08...Type=IP Out filter 08...Ip...Protocol=6 Out filter 08...Ip...Dst Port Cmp=Eql Out filter 08...Ip...Dst Port #=4444 Out filter 09...Valid=Yes Out filter 09...Type=IP Out filter 09...Generic...Forward=Yes Out filter 09...Ip...Forward=Yes Out filter 09...Ipx...Forward=Yes END=FILT=900=3 To Apply the filter: Option #1 Use the MAX to apply the filter to all calls: Ethernet-> Answer-> Session Options -> Data Filter -> [blaster] Option #2 Use Radius Reply attributes to apply the filter: Filter-Id = "blaster" And the same for a TNT/APX: new FILTER set filter-name = blaster set input-filters 1 valid-entry = yes set input-filters 1 Type = ip-filter set input-filters 1 ip-filter protocol = 17 set input-filters 1 ip-filter Dst-Port-Cmp = eql set input-filters 1 ip-filter dest-port = 69 set input-filters 2 valid-entry = yes set input-filters 2 Type = ip-filter set input-filters 2 ip-filter protocol = 17 set input-filters 2 ip-filter Dst-Port-Cmp = eql set input-filters 2 ip-filter dest-port = 135 set input-filters 3 valid-entry = yes set input-filters 3 Type = ip-filter set input-filters 3 ip-filter protocol = 17 set input-filters 3 ip-filter Dst-Port-Cmp = eql set input-filters 3 ip-filter dest-port = 139 set input-filters 4 valid-entry = yes set input-filters 4 Type = ip-filter set input-filters 4 ip-filter protocol = 17 set input-filters 4 ip-filter Dst-Port-Cmp = eql set input-filters 4 ip-filter dest-port = 445 set input-filters 5 valid-entry = yes set input-filters 5 Type = ip-filter set input-filters 5 ip-filter protocol = 6 set input-filters 5 ip-filter Dst-Port-Cmp = eql set input-filters 5 ip-filter dest-port = 135 set input-filters 6 valid-entry = yes set input-filters 6 Type = ip-filter set input-filters 6 ip-filter protocol = 6 set input-filters 6 ip-filter Dst-Port-Cmp = eql set input-filters 6 ip-filter dest-port = 139 set input-filters 7 valid-entry = yes set input-filters 7 Type = ip-filter set input-filters 7 ip-filter protocol = 6 set input-filters 7 ip-filter Dst-Port-Cmp = eql set input-filters 7 ip-filter dest-port = 445 set input-filters 8 valid-entry = yes set input-filters 8 Type = ip-filter set input-filters 8 ip-filter protocol = 6 set input-filters 8 ip-filter Dst-Port-Cmp = eql set input-filters 8 ip-filter dest-port = 4444 set input-filters 9 valid-entry = yes set input-filters 9 forward = yes set input-filters 9 Type = ip-filter set output-filters 1 valid-entry = yes set output-filters 1 Type = ip-filter set output-filters 1 ip-filter protocol = 17 set output-filters 1 ip-filter Dst-Port-Cmp = eql set output-filters 1 ip-filter dest-port = 69 set output-filters 2 valid-entry = yes set output-filters 2 Type = ip-filter set output-filters 2 ip-filter protocol = 17 set output-filters 2 ip-filter Dst-Port-Cmp = eql set output-filters 2 ip-filter dest-port = 135 set output-filters 3 valid-entry = yes set output-filters 3 Type = ip-filter set output-filters 3 ip-filter protocol = 17 set output-filters 3 ip-filter Dst-Port-Cmp = eql set output-filters 3 ip-filter dest-port = 139 set output-filters 4 valid-entry = yes set output-filters 4 Type = ip-filter set output-filters 4 ip-filter protocol = 17 set output-filters 4 ip-filter Dst-Port-Cmp = eql set output-filters 4 ip-filter dest-port = 445 set output-filters 5 valid-entry = yes set output-filters 5 Type = ip-filter set output-filters 5 ip-filter protocol = 6 set output-filters 5 ip-filter Dst-Port-Cmp = eql set output-filters 5 ip-filter dest-port = 135 set output-filters 6 valid-entry = yes set output-filters 6 Type = ip-filter set output-filters 6 ip-filter protocol = 6 set output-filters 6 ip-filter Dst-Port-Cmp = eql set output-filters 6 ip-filter dest-port = 139 set output-filters 7 valid-entry = yes set output-filters 7 Type = ip-filter set output-filters 7 ip-filter protocol = 6 set output-filters 7 ip-filter Dst-Port-Cmp = eql set output-filters 7 ip-filter dest-port = 445 set output-filters 8 valid-entry = yes set output-filters 8 Type = ip-filter set output-filters 8 ip-filter protocol = 6 set output-filters 8 ip-filter Dst-Port-Cmp = eql set output-filters 8 ip-filter dest-port = 4444 set output-filters 9 valid-entry = yes set output-filters 9 forward = yes set output-filters 9 Type = ip-filter write -f To Apply: Option #1 Use the TNT to apply the filter to all calls: read answer-defaults set use-answer-for-all-defaults = yes set session-info data-filter = blaster set session-info filter-required = no write -f Option #2 Use Radius Reply attributes to apply the filter: Filter-Id = "blaster" ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From nealis at rcn.com Thu Aug 14 23:08:00 2003 From: nealis at rcn.com (Jason Nealis) Date: Tue Jan 18 13:57:53 2005 Subject: [Ascend] Re: (ASCEND) Lovesan/MSBlast Filters In-Reply-To: <20030814180043.GB49724@abcjr.net> References: <20030814180043.GB49724@abcjr.net> Message-ID: <20030815033953.GA31571@rcn.com> Man, I wish I would have seen this email before I spent all day building the filters. Anyhow, Just as a heads up, My TNT"s where crashing throughout the day. I have ethernet2 cards in the majority of my NAS's and they were FATAL 2'ing pretty much all day. I've put the filters up and so far so good. Kinda sad that by just passing port scanning traffic caused the cards to crash. I sent forth a bunch of coredumps and I'm looking forward to see what lucent says was the issue. Not happy :( Jason Nealis RCN On Thu, Aug 14, 2003 at 01:00:43PM -0500, Arnold Cavazos Jr. stated > the filters, in your Radius Reply, or statically on the APX/TNT/MAX. > If you define them statically, you will have to activate them for each > call. This can be done by passing the > > Filter-Id = > > attribute in your radius reply, or by using the "Answer-Defaults" > facility of the NAS itself. Details are below. > > YMMV use at your own risk... > > BTW.. The ports are based on CERT advisory: > > http://www.cert.org/advisories/CA-2003-20.html > > -- > Arnold Cavazos, Jr. abcjr at abcjr . net > > > Here is the ruleset for a Radius Reply: > > Ascend-Data-Filter = ip in drop udp dstport = 69, > Ascend-Data-Filter = ip in drop udp dstport = 135, > Ascend-Data-Filter = ip in drop udp dstport = 139, > Ascend-Data-Filter = ip in drop udp dstport = 445, > Ascend-Data-Filter = ip in drop tcp dstport = 135, > Ascend-Data-Filter = ip in drop tcp dstport = 139, > Ascend-Data-Filter = ip in drop tcp dstport = 445, > Ascend-Data-Filter = ip in drop tcp dstport = 4444, > Ascend-Data-Filter = ip in forward, > Ascend-Data-Filter = ip out drop udp dstport = 69, > Ascend-Data-Filter = ip out drop udp dstport = 135, > Ascend-Data-Filter = ip out drop udp dstport = 139, > Ascend-Data-Filter = ip out drop udp dstport = 445, > Ascend-Data-Filter = ip out drop tcp dstport = 135, > Ascend-Data-Filter = ip out drop tcp dstport = 139, > Ascend-Data-Filter = ip out drop tcp dstport = 445, > Ascend-Data-Filter = ip out drop tcp dstport = 4444, > Ascend-Data-Filter = ip out forward, > > Here is the ruleset for a 6096 config file: > > START=FILT=900=3 > Name=blaster > In filter 01...Valid=Yes > In filter 01...Type=IP > In filter 01...Ip...Protocol=17 > In filter 01...Ip...Dst Port Cmp=Eql > In filter 01...Ip...Dst Port #=69 > In filter 02...Valid=Yes > In filter 02...Type=IP > In filter 02...Ip...Protocol=17 > In filter 02...Ip...Dst Port Cmp=Eql > In filter 02...Ip...Dst Port #=135 > In filter 03...Valid=Yes > In filter 03...Type=IP > In filter 03...Ip...Protocol=17 > In filter 03...Ip...Dst Port Cmp=Eql > In filter 03...Ip...Dst Port #=139 > In filter 04...Valid=Yes > In filter 04...Type=IP > In filter 04...Ip...Protocol=17 > In filter 04...Ip...Dst Port Cmp=Eql > In filter 04...Ip...Dst Port #=445 > In filter 05...Valid=Yes > In filter 05...Type=IP > In filter 05...Ip...Protocol=6 > In filter 05...Ip...Dst Port Cmp=Eql > In filter 05...Ip...Dst Port #=135 > In filter 06...Valid=Yes > In filter 06...Type=IP > In filter 06...Ip...Protocol=6 > In filter 06...Ip...Dst Port Cmp=Eql > In filter 06...Ip...Dst Port #=139 > In filter 07...Valid=Yes > In filter 07...Type=IP > In filter 07...Ip...Protocol=6 > In filter 07...Ip...Dst Port Cmp=Eql > In filter 07...Ip...Dst Port #=445 > In filter 08...Valid=Yes > In filter 08...Type=IP > In filter 08...Ip...Protocol=6 > In filter 08...Ip...Dst Port Cmp=Eql > In filter 08...Ip...Dst Port #=4444 > In filter 09...Valid=Yes > In filter 09...Type=IP > In filter 09...Generic...Forward=Yes > In filter 09...Ip...Forward=Yes > In filter 09...Ipx...Forward=Yes > Out filter 01...Valid=Yes > Out filter 02...Type=IP > Out filter 01...Ip...Protocol=17 > Out filter 01...Ip...Dst Port Cmp=Eql > Out filter 01...Ip...Dst Port #=69 > Out filter 02...Valid=Yes > Out filter 02...Type=IP > Out filter 02...Ip...Protocol=17 > Out filter 02...Ip...Dst Port Cmp=Eql > Out filter 02...Ip...Dst Port #=135 > Out filter 03...Valid=Yes > Out filter 04...Type=IP > Out filter 03...Ip...Protocol=17 > Out filter 03...Ip...Dst Port Cmp=Eql > Out filter 03...Ip...Dst Port #=139 > Out filter 04...Valid=Yes > Out filter 04...Type=IP > Out filter 04...Ip...Protocol=17 > Out filter 04...Ip...Dst Port Cmp=Eql > Out filter 04...Ip...Dst Port #=445 > Out filter 05...Valid=Yes > Out filter 05...Type=IP > Out filter 05...Ip...Protocol=6 > Out filter 05...Ip...Dst Port Cmp=Eql > Out filter 05...Ip...Dst Port #=135 > Out filter 06...Valid=Yes > Out filter 06...Type=IP > Out filter 06...Ip...Protocol=6 > Out filter 06...Ip...Dst Port Cmp=Eql > Out filter 06...Ip...Dst Port #=139 > Out filter 07...Valid=Yes > Out filter 07...Type=IP > Out filter 07...Ip...Protocol=6 > Out filter 07...Ip...Dst Port Cmp=Eql > Out filter 07...Ip...Dst Port #=445 > Out filter 08...Valid=Yes > Out filter 08...Type=IP > Out filter 08...Ip...Protocol=6 > Out filter 08...Ip...Dst Port Cmp=Eql > Out filter 08...Ip...Dst Port #=4444 > Out filter 09...Valid=Yes > Out filter 09...Type=IP > Out filter 09...Generic...Forward=Yes > Out filter 09...Ip...Forward=Yes > Out filter 09...Ipx...Forward=Yes > END=FILT=900=3 > > To Apply the filter: > > Option #1 Use the MAX to apply the filter to all calls: > > Ethernet-> Answer-> Session Options -> Data Filter -> [blaster] > > > Option #2 Use Radius Reply attributes to apply the filter: > > Filter-Id = "blaster" > > > And the same for a TNT/APX: > > new FILTER > set filter-name = blaster > set input-filters 1 valid-entry = yes > set input-filters 1 Type = ip-filter > set input-filters 1 ip-filter protocol = 17 > set input-filters 1 ip-filter Dst-Port-Cmp = eql > set input-filters 1 ip-filter dest-port = 69 > set input-filters 2 valid-entry = yes > set input-filters 2 Type = ip-filter > set input-filters 2 ip-filter protocol = 17 > set input-filters 2 ip-filter Dst-Port-Cmp = eql > set input-filters 2 ip-filter dest-port = 135 > set input-filters 3 valid-entry = yes > set input-filters 3 Type = ip-filter > set input-filters 3 ip-filter protocol = 17 > set input-filters 3 ip-filter Dst-Port-Cmp = eql > set input-filters 3 ip-filter dest-port = 139 > set input-filters 4 valid-entry = yes > set input-filters 4 Type = ip-filter > set input-filters 4 ip-filter protocol = 17 > set input-filters 4 ip-filter Dst-Port-Cmp = eql > set input-filters 4 ip-filter dest-port = 445 > set input-filters 5 valid-entry = yes > set input-filters 5 Type = ip-filter > set input-filters 5 ip-filter protocol = 6 > set input-filters 5 ip-filter Dst-Port-Cmp = eql > set input-filters 5 ip-filter dest-port = 135 > set input-filters 6 valid-entry = yes > set input-filters 6 Type = ip-filter > set input-filters 6 ip-filter protocol = 6 > set input-filters 6 ip-filter Dst-Port-Cmp = eql > set input-filters 6 ip-filter dest-port = 139 > set input-filters 7 valid-entry = yes > set input-filters 7 Type = ip-filter > set input-filters 7 ip-filter protocol = 6 > set input-filters 7 ip-filter Dst-Port-Cmp = eql > set input-filters 7 ip-filter dest-port = 445 > set input-filters 8 valid-entry = yes > set input-filters 8 Type = ip-filter > set input-filters 8 ip-filter protocol = 6 > set input-filters 8 ip-filter Dst-Port-Cmp = eql > set input-filters 8 ip-filter dest-port = 4444 > set input-filters 9 valid-entry = yes > set input-filters 9 forward = yes > set input-filters 9 Type = ip-filter > set output-filters 1 valid-entry = yes > set output-filters 1 Type = ip-filter > set output-filters 1 ip-filter protocol = 17 > set output-filters 1 ip-filter Dst-Port-Cmp = eql > set output-filters 1 ip-filter dest-port = 69 > set output-filters 2 valid-entry = yes > set output-filters 2 Type = ip-filter > set output-filters 2 ip-filter protocol = 17 > set output-filters 2 ip-filter Dst-Port-Cmp = eql > set output-filters 2 ip-filter dest-port = 135 > set output-filters 3 valid-entry = yes > set output-filters 3 Type = ip-filter > set output-filters 3 ip-filter protocol = 17 > set output-filters 3 ip-filter Dst-Port-Cmp = eql > set output-filters 3 ip-filter dest-port = 139 > set output-filters 4 valid-entry = yes > set output-filters 4 Type = ip-filter > set output-filters 4 ip-filter protocol = 17 > set output-filters 4 ip-filter Dst-Port-Cmp = eql > set output-filters 4 ip-filter dest-port = 445 > set output-filters 5 valid-entry = yes > set output-filters 5 Type = ip-filter > set output-filters 5 ip-filter protocol = 6 > set output-filters 5 ip-filter Dst-Port-Cmp = eql > set output-filters 5 ip-filter dest-port = 135 > set output-filters 6 valid-entry = yes > set output-filters 6 Type = ip-filter > set output-filters 6 ip-filter protocol = 6 > set output-filters 6 ip-filter Dst-Port-Cmp = eql > set output-filters 6 ip-filter dest-port = 139 > set output-filters 7 valid-entry = yes > set output-filters 7 Type = ip-filter > set output-filters 7 ip-filter protocol = 6 > set output-filters 7 ip-filter Dst-Port-Cmp = eql > set output-filters 7 ip-filter dest-port = 445 > set output-filters 8 valid-entry = yes > set output-filters 8 Type = ip-filter > set output-filters 8 ip-filter protocol = 6 > set output-filters 8 ip-filter Dst-Port-Cmp = eql > set output-filters 8 ip-filter dest-port = 4444 > set output-filters 9 valid-entry = yes > set output-filters 9 forward = yes > set output-filters 9 Type = ip-filter > write -f > > To Apply: > > Option #1 Use the TNT to apply the filter to all calls: > > read answer-defaults > set use-answer-for-all-defaults = yes > set session-info data-filter = blaster > set session-info filter-required = no > write -f > > Option #2 Use Radius Reply attributes to apply the filter: > > Filter-Id = "blaster" > ++ Ascend Users Mailing List ++ > To unsubscribe: send unsubscribe to ascend-users-request@bungi.com > Archives: http://www.nexial.com/mailinglists/ -- ------ Jason Nealis Internet Systems and Services RCN (NASDAQ) RCNC ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From imranmir at cyber.net.pk Sat Aug 16 02:38:01 2003 From: imranmir at cyber.net.pk (Imran Ahmed Mir) Date: Tue Jan 18 13:57:53 2005 Subject: [Ascend] (ASCEND) MAX TNT Connections with Static IP Message-ID: <3f3ddc56.aa3.0@cyber.net.pk> An HTML attachment was scrubbed... URL: http://shadowknight.real-time.com/pipermail/rte-ascend/attachments/20030816/6d9313dd/attachment.html From imranmir at cyber.net.pk Sat Aug 16 06:35:01 2003 From: imranmir at cyber.net.pk (Imran Ahmed Mir) Date: Tue Jan 18 13:57:53 2005 Subject: [Ascend] Re: (ASCEND) MAX TNT Connections with Static IP Message-ID: <3f3e14ae.28b1.0@cyber.net.pk> An HTML attachment was scrubbed... URL: http://shadowknight.real-time.com/pipermail/rte-ascend/attachments/20030816/a30ea037/attachment.htm From augusto at megacom.tv Tue Aug 19 14:26:00 2003 From: augusto at megacom.tv (Augusto Montoya) Date: Tue Jan 18 13:57:54 2005 Subject: [Ascend] (ASCEND) MAX3000 Message-ID: <000501c36684$41799870$a800a8c0@AUGUSTO> I'll apreciatted if some helpme to find the tbiv.m30 relaes 9.0 or later for the MAX3000 Regards Augusto ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From admin at singlefin.net Tue Aug 19 20:59:01 2003 From: admin at singlefin.net (Content Filter) Date: Tue Jan 18 13:57:54 2005 Subject: [Ascend] (ASCEND) Undeliverable message returned to sender Message-ID: <20030820002004.2DE1C141020@mail5-kan-R.bigfish.com> This message was created automatically by mail delivery software. Delivery failed for the following recipients(s): webmaster@adviceco.com The message you sent contained an attachment which the recipient has chosen to block. Usually these sort of attachments are blocked to prevent malicious software from being sent to the recipient in question. The name(s) of the blocked file(s) follow: application.pif To send this file, please place it in a compressed archive using WinZip (http://www.winzip.com) or the archive software of your choice. ----- Original Message Header ----- Received: by mail5-kan (MessageSwitch) id 1061338804125031_6452; Wed, 20 Aug 2003 00:20:04 +0000 (UCT) Received: from CONSOLIDATIONS1 (unknown [216.212.198.234]) by mail5-kan.bigfish.com (Postfix) with ESMTP id DFCA8144081 for ; Wed, 20 Aug 2003 00:19:29 +0000 (UCT) From: To: Subject: Re: That movie Date: Tue, 19 Aug 2003 19:28:21 --0500 X-MailScanner: Found to be clean Importance: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MSMail-Priority: Normal X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="_NextPart_000_00403FFF" Message-Id: <20030820001929.DFCA8144081@mail5-kan.bigfish.com> ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From darcydraven at excite.com Tue Aug 19 21:12:01 2003 From: darcydraven at excite.com (darcydraven@excite.com) Date: Tue Jan 18 13:57:54 2005 Subject: [Ascend] (ASCEND) Vacation response: Re: Details Message-ID: <20030820015458.12208.qmail@xprdmailbe.nwk.excite.com> This is no longer my primary address. If you're emailing about the Outsiders page, forget it, the site is gone and I have NOTHING to do with the Stay Gold site and I don't care how in love you are with Ponyboy or Sodapop or whoever and you want more pictures to spank off to or that you have to do a class project on the movie or book. If you're cool and just trying to get ahold of me, email me at daryn@chriscooper.zzn.com but don't mention The Outsiders cuz I don't care and you wil ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From nul at typingmaster.com Tue Aug 19 21:29:01 2003 From: nul at typingmaster.com (nul@typingmaster.com) Date: Tue Jan 18 13:57:54 2005 Subject: [Ascend] (ASCEND) Autoreply: Re: Your application Message-ID: Dear Customer, Thank you for contacting TypingMaster, Inc. ******************************************** This reply was sent from an unmonitored email account so please don't click on reply. ******************************************** Unfortunately Support(@)TypingMaster.COM email address has been closed and your email was not delivered to us. In order to contact our support team more easily in future and to receive a personal support ticket number to follow up, please click link below to fill a contact request form: http://www.TypingMaster.com/contact/support.asp All contact requests are responded within 12-48 hours. HOW TO CALL/CONTACT TYPINGMASTER, INC: Please click here for further details how to contact us: http://www.typingmaster.com/index.asp?go=company P.S. For the immediate help please also check out our on-line Manuals and Frequently Asked Questions/Answers: http://www.TypingMaster.com/support.htm _______________________________________________________________________ TypingMaster - Solutions for Better Typing. http://www.TypingMaster.com/ ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From perl-bounces at perl.org.il Tue Aug 19 22:34:01 2003 From: perl-bounces at perl.org.il (perl-bounces@perl.org.il) Date: Tue Jan 18 13:57:54 2005 Subject: [Ascend] (ASCEND) Your message to Perl awaits moderator approval Message-ID: Your mail to 'Perl' with the subject Thank you! Is being held until the list moderator can review it for approval. The reason it is being held: Post by non-member to a members-only list Either the message will get posted to the list, or you will receive notification of the moderator's decision. If you would like to cancel this posting, please visit the following URL: http://www.perl.org.il/mailman/confirm/perl/2a0cd00c7af555cc2bdfc5725f740852ca9d64df ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From rwdozier at apex2000.net Wed Aug 20 12:11:01 2003 From: rwdozier at apex2000.net (Bob Dozier) Date: Tue Jan 18 13:57:54 2005 Subject: [Ascend] (ASCEND) Pipeline 130 lost full access password (NINDY) References: <200308200545.WAA28530@max.bungi.com> Message-ID: <03b101c3673b$f8d64830$3220b8d8@PC50> We have a Pipeline 130 to put in service and have no full access password. I have attempted to NINDY a Pipeline 130 (SN 7265122) per serveral proceedures found on the web and have gotten nowhere. The unit retains its current software version (6.1.7, bi.p13) and the configuration even after uploading a file greater than 1MB to clear both the primary and backup flash chips per step #6 here: http://www.tek-tips.com/gpviewthread.cfm/qid/447408/pid/547/lev2/8/lev3/58 Lucent support wants a support contract to handle this and even access to the support web site is now fee based. Any suggestions will be appreciated. ...Bob ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From cnx at eazier.com Wed Aug 20 18:53:01 2003 From: cnx at eazier.com (cnx@eazier.com) Date: Tue Jan 18 13:57:54 2005 Subject: [Ascend] (ASCEND) jmseph ortery Message-ID: <526s0-36x$$6k@ko5hi.oly> - ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From pautler at buffalo.edu Thu Aug 21 11:41:00 2003 From: pautler at buffalo.edu (Joe Pautler) Date: Tue Jan 18 13:57:54 2005 Subject: [Ascend] Re: (ASCEND) Filters for Lovesan/MSBlast ? In-Reply-To: <20030814163507.GA30503@rcn.com>; from nealis@rcn.com on Thu, Aug 14, 2003 at 12:35:07PM -0400 References: <20030813193827.GA34708@abcjr.net> <20030814163507.GA30503@rcn.com> Message-ID: <20030821111659.Z2675@lurch.cit.buffalo.edu> Jason Nealis wrote: (written on 08/14/03 at 12:35) ] ]I'm curious if any of you have started to encounter any wierd routing / Ethernet-card problems ]on your TNT's since the beloved MSBLast worm hit. Yes... My TNT's lose the ability to communicate with their local subnet. For example, a TNT with IP address 128.205.x.y/24 loses the ability to communicate with any other hosts on the 128.205.x.0/24 subnet, but everything else continues to work just fine. This appears to be related to all of the ICMP traffic destined for inactive IP addresses, which causes the TNT to be waiting for many ARP replies. I saw on another mailing list that Lucent is supposedly aware of this issue, and is working on a software fix. In the mean time, I'm working on setting up some filters for 92 byte ICMP packets... -Joe ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From ucodes at cityofutica.com Thu Aug 21 12:03:00 2003 From: ucodes at cityofutica.com (ucodes@cityofutica.com) Date: Tue Jan 18 13:57:54 2005 Subject: [Ascend] (ASCEND) Thank you! Message-ID: This account is no longer active. The new e-mail address is codes@cityofutica.com Please send any messages to codes@cityofutica.com Thank you, City of Utica PostMaster ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From intm at lists.isp-lists.com Thu Aug 21 21:30:02 2003 From: intm at lists.isp-lists.com (Internet.com) Date: Tue Jan 18 13:57:54 2005 Subject: [Ascend] (ASCEND) Internet.Com Format Error Message-ID: Sorry, your email containing an attachment can not be distributed through Internet.Com discussion lists. The only acceptable format for posting to isp-equipment is ASCII Text, with NO attachments. Please, re-send your post to continue your discussion on isp-equipment. ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From kevins at hutchtel.net Fri Aug 22 10:38:01 2003 From: kevins at hutchtel.net (Kevin Steinhaus) Date: Tue Jan 18 13:57:54 2005 Subject: [Ascend] (ASCEND) Fatal Error Codes Message-ID: <000801c368ba$bebc19b0$2a7309ce@htc.hutchtel.net> Hello, I'm looking for info on the following error codes... I've looked through past archives and am having a hard time finding anything pertaining to these. The sympoms of this box are random reboots a couple times per day. FATAL ERROR: Index: 2 Load: tik.m60 Revision: 9.0.2 Date: 08/19/2003. Time: 17:40:32 Location: b02d6364 b018582c b01411e4 b0366d18 b03669c4 b0141008 SYSTEM IS UP: Index: 100 Load: tik.m60 Revision: 9.0.2 Date: 08/19/2003. Time: 17:44:02 WARNING: Index: 179 Load: tik.m60 Revision: 9.0.2 Date: 08/19/2003. Time: 18:54:24 Location: b01cc718 b03bf79c b01bd510 b01bdff8 b01bdf20 b02dedf0 FATAL ERROR: Index: 1 Load: tik.m60 Revision: 9.0.2 Date: 08/20/2003. Time: 08:28:48 Location: b01ba444 b01bf598 b01bf5b0 b01bd79c b01ce358 b01cfd7c SYSTEM IS UP: Index: 100 Load: tik.m60 Revision: 9.0.2 Date: 08/20/2003. Time: 08:32:17 WARNING: Index: 179 Load: tik.m60 Revision: 9.0.2 Date: 08/20/2003. Time: 20:03:21 Location: b01cc718 b03bf79c b01bd510 b01bdff8 b01bdf20 b02dedf0 FATAL ERROR: Index: 2 Load: tik.m60 Revision: 9.0.2 Date: 08/21/2003. Time: 07:09:21 Location: b02d6364 b018582c b03c835c b03c879c b0185a64 00000000 SYSTEM IS UP: Index: 100 Load: tik.m60 Revision: 9.0.2 Date: 08/21/2003. Time: 07:12:51 FATAL ERROR: Index: 1 Load: tik.m60 Revision: 9.0.2 Date: 08/21/2003. Time: 09:19:39 Location: b01ba444 b01bf598 b01bf5b0 b01bd79c b01ce358 b01cfd7c Thanks Kevin Steinhaus Hutchinson Telephone Company ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From cwhitten at nexband.com Fri Aug 22 18:41:00 2003 From: cwhitten at nexband.com (Chad Whitten) Date: Tue Jan 18 13:57:54 2005 Subject: [Ascend] (ASCEND) hdlc card Message-ID: <200308221715.25667.cwhitten@nexband.com> i recently swapped out chassis's on a max tnt and my hdlc card didnt come up. when i do a "show" it shows as RESET is there someting i can do to enable it or has the card gone bad? fultnt01>show Shelf 1 ( standalone ): { shelf-1 slot-1 0 } UP 8t1-card { shelf-1 slot-2 0 } UP 8t1-card { shelf-1 slot-3 0 } RESET hdlc2-card { shelf-1 slot-4 0 } UP 4ether2-card { shelf-1 slot-5 0 } UP csmx-card { shelf-1 slot-6 0 } UP csmx-card { shelf-1 slot-7 0 } UP csmx-card { shelf-1 slot-8 0 } UP csmx-card { shelf-1 slot-10 0 } UP csmx-card { shelf-1 slot-12 0 } UP csmx-card { shelf-1 slot-13 0 } UP csmx-card -- Chad Whitten Network/Systems Administrator neXband Communications cwhitten@nexband.com 601-944-4801 Phone 601-714-5012 Fax ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From nealis at rcn.com Sat Aug 23 12:42:01 2003 From: nealis at rcn.com (Jason Nealis) Date: Tue Jan 18 13:57:54 2005 Subject: [Ascend] Re: (ASCEND) Filters for Lovesan/MSBlast ? In-Reply-To: <20030821111659.Z2675@lurch.cit.buffalo.edu> References: <20030813193827.GA34708@abcjr.net> <20030814163507.GA30503@rcn.com> <20030821111659.Z2675@lurch.cit.buffalo.edu> Message-ID: <20030823172338.GB27020@rcn.com> Yup, I was experiencing ame thing here. I provided a large amount of data dumps that allowed them to build a release to address it. Ultimately until they get these fixes into a patch release it's highly suggested you filter icmp. Jason On Thu, Aug 21, 2003 at 11:16:59AM -0400, Joe Pautler stated > Jason Nealis wrote: (written on 08/14/03 at 12:35) > ] > ]I'm curious if any of you have started to encounter any wierd routing / Ethernet-card problems > ]on your TNT's since the beloved MSBLast worm hit. > > Yes... > My TNT's lose the ability to communicate with their local subnet. > For example, a TNT with IP address 128.205.x.y/24 loses the ability > to communicate with any other hosts on the 128.205.x.0/24 subnet, > but everything else continues to work just fine. > > This appears to be related to all of the ICMP traffic destined > for inactive IP addresses, which causes the TNT to be waiting > for many ARP replies. I saw on another mailing list that Lucent > is supposedly aware of this issue, and is working on a software > fix. > > In the mean time, I'm working on setting up some filters for > 92 byte ICMP packets... > > -Joe > ++ Ascend Users Mailing List ++ > To unsubscribe: send unsubscribe to ascend-users-request@bungi.com > Archives: http://www.nexial.com/mailinglists/ -- ------ Jason Nealis Internet Systems and Services RCN (NASDAQ) RCNC ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From nealis at rcn.com Sat Aug 23 14:14:37 2003 From: nealis at rcn.com (Jason Nealis) Date: Tue Jan 18 13:57:54 2005 Subject: [Ascend] Re: (ASCEND) hdlc card In-Reply-To: <200308221715.25667.cwhitten@nexband.com> References: <200308221715.25667.cwhitten@nexband.com> Message-ID: <20030823172216.GA27020@rcn.com> you can re-seed it, perhaps do a slot -b 1 3 to try and bounce the card again. If it doesn't come up, then perhaps it may need to be rma'd. On Fri, Aug 22, 2003 at 05:15:25PM -0500, Chad Whitten stated > i recently swapped out chassis's on a max tnt and my hdlc card didnt come up. > when i do a "show" it shows as RESET > > is there someting i can do to enable it or has the card gone bad? > > fultnt01>show > Shelf 1 ( standalone ): > { shelf-1 slot-1 0 } UP 8t1-card > { shelf-1 slot-2 0 } UP 8t1-card > { shelf-1 slot-3 0 } RESET hdlc2-card > { shelf-1 slot-4 0 } UP 4ether2-card > { shelf-1 slot-5 0 } UP csmx-card > { shelf-1 slot-6 0 } UP csmx-card > { shelf-1 slot-7 0 } UP csmx-card > { shelf-1 slot-8 0 } UP csmx-card > { shelf-1 slot-10 0 } UP csmx-card > { shelf-1 slot-12 0 } UP csmx-card > { shelf-1 slot-13 0 } UP csmx-card > > -- > Chad Whitten > Network/Systems Administrator > neXband Communications > cwhitten@nexband.com > 601-944-4801 Phone > 601-714-5012 Fax > ++ Ascend Users Mailing List ++ > To unsubscribe: send unsubscribe to ascend-users-request@bungi.com > Archives: http://www.nexial.com/mailinglists/ -- ------ Jason Nealis Internet Systems and Services RCN (NASDAQ) RCNC ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From postmaster at davita.com Sun Aug 24 13:01:01 2003 From: postmaster at davita.com (postmaster@davita.com) Date: Tue Jan 18 13:57:54 2005 Subject: [Ascend] (ASCEND) Your email message was blocked Message-ID: The DaVita Mail Gateway has not delivered the following message: Message: B000549449.00000001.mml From: ascend-users@bungi.com To: lbuneo@davita.com Subject: Re: That movie This is due to automatic rules that have determined that the intended recipient is not authorized to receive messages with certain potentially dangerous filetypes attached. If you believe this message was business related please send a message to postmaster@davita.com and request that the message be released to it's intended recipient. If no contact is made within 7 days the message will automatically be deleted. From mknewman at box.net Sun Aug 24 14:01:01 2003 From: mknewman at box.net (Marc Newman) Date: Tue Jan 18 13:57:54 2005 Subject: [Ascend] (ASCEND) Gear for sale In-Reply-To: <200308240545.WAA22316@max.bungi.com> from "owner-ascend-users-digest@max.bungi.com" at Aug 23, 2003 10:45:02 PM Message-ID: <200308241853.h7OIrGYM011426@box.net> 4 Max 4004 chassis, all with 4 PRI/T1s 11 8 port V.90 Max modem cards 5 12 port V.90 Max modem cards 3 Black Box T1/56k CSU/DSU (fancy ones with LCD front panel and SNMP) Alcatel/Assured Access X1000 router, 80 V.90 modems, T3/ATM, dual power supplies, 4 ethernet ports, 16 T1/PRI ports Please contact me at marc@newman.org if you are interested in any of this equipment. Marc ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From troy at psknet.com Mon Aug 25 19:23:01 2003 From: troy at psknet.com (Troy Settle) Date: Tue Jan 18 13:57:54 2005 Subject: [Ascend] (ASCEND) Call-Route Message-ID: <000301c36b64$d492adb0$0100a8c0@tws> All, I have a TNT with a DS3 to the PSTN and a T1/PRI to my PBX. Inbound calling works like a champ with a few simple call-routes, but for the life of me, I can't figure out how to get the TNT to properly route calls from my PBX to the PSTN. I've played with 'Preferred-Source' and 'Trunk-Group' values in the call routes, but had no luck. About the only thing left I can think to try, is to change the default call routes to go out the PSTN instead of the DSP cards, then create call routes to route incoming modem/ISDN calls back to the DSPs. This is all with TAOS 9.0.9. Can anyone shed some light on this subject? -- Troy Settle Pulaski Networks http://www.psknet.com 540.994.4254 ~ 866.477.5638 Pulaski Chamber 2002 Small Business Of The Year ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From max_and_tnt at hotmail.com Tue Aug 26 00:58:01 2003 From: max_and_tnt at hotmail.com (Joe Max) Date: Tue Jan 18 13:57:55 2005 Subject: [Ascend] Re: (ASCEND) Call-Route Message-ID: Try either assigning a phone number to each ds0 on the PSTN lines (T1 profile), or create call-routes (type trunk-call) with the phone number set for each PSTN line. Incoming calls from the PBX can then "dial" these numbers to connect to these DS0s. One or both of the above should work. -J >I have a TNT with a DS3 to the PSTN and a T1/PRI to my PBX. Inbound >calling works like a champ with a few simple call-routes, but for the >life of me, I can't figure out how to get the TNT to properly route >calls from my PBX to the PSTN. > >I've played with 'Preferred-Source' and 'Trunk-Group' values in the call >routes, but had no luck. > >About the only thing left I can think to try, is to change the default >call routes to go out the PSTN instead of the DSP cards, then create >call routes to route incoming modem/ISDN calls back to the DSPs. > >This is all with TAOS 9.0.9. > >Can anyone shed some light on this subject? _________________________________________________________________ Get MSN 8 and help protect your children with advanced parental controls. http://join.msn.com/?page=features/parental ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From yogendraj at hotmail.com Tue Aug 26 11:00:02 2003 From: yogendraj at hotmail.com (Yogendra Joshi) Date: Tue Jan 18 13:57:55 2005 Subject: [Ascend] (ASCEND) Serious problem with TNT Message-ID: Hi I am having 3 TNT boxes with TAOS 8.0.4 loaded on it. All these 3 boxes were very stable for last 4 years , but for last 1 week these boxes are giving different problems which I am not able to understand at all. Suddenly one of the TNTs start giving error as "radius client time out " and I am not getting the requests on my IC Radius. At the same time I get requests from other 2 TNTs in the same network and on the same radius. I checked for the connectivity & n/w issues between the perticular TNT and the radius, but there is not any problem with connectivity. This goes in round robin for 3 different TNTs and at different times. Some times I dont get the POP3 server from one of the TNTs and then only solution for all the above problems is to reboot the TNT. This is happening very frrequently and at different times and on different TNTs. Surprisingly when this problem has started I am getting a different message in my syslog saying " Lost control messaging link to slot 1/5 " where 1/5 slot contains my ethernet card. This happens N number of times on all 3 different TNTs and I am not able to understand if this corelates with the above problem. Even I tried different things like changing the radius , rebooting the radius , rebooting only the ethernet card of the TNTs , but in vain only solution is to reboot the TNTs , which I cant afford at peak times in my live set up , but I have to do it. I have only 8 MB Flash card thats why I can't upgrade my TAOS to 9.x & above. Do you feel that the problem is related to TAOS ? I have also cheked the TNT for attacks , but I dont see any attack on it. Is anybody have faced the similar problem ? and resolved the problem ? ( By any chance is it blaster attack ?) Thanks Yogendra _________________________________________________________________ Dress up your desktop! Get the best wallpapers. http://server1.msn.co.in/msnchannels/Entertainment/wallpaperhome.asp Just click here! ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From chadwick at nexband.com Wed Aug 27 12:06:01 2003 From: chadwick at nexband.com (Chad Whitten) Date: Tue Jan 18 13:57:55 2005 Subject: [Ascend] Re: (ASCEND) Serious problem with TNT In-Reply-To: Message-ID: I am having a similar problem. At first, I had 1 tnt rebooting itself every few hours (always it seemed at peak traffic times) and the only errors I would get would be related to the ethernet card. Now I have another TNT doing the same thing. Both are running 7.2.3 TAOS, both have the 4 port ethernet cards. They are on different networks connecting to different radius servers. The TNT that has just started acting up has much lower usage (about 70 users at peak time) than the other TNT (400+ at peak time). The problem first appeared last week and has now spread to another machine. I have one more TNT that isnt doing this and a bunch of max2024's and max4048's that are fine. Very frustrating. Anyone else care to chime in? Chad Whitten Network/Systems Administrator neXband Communications cwhitten@nexband.com 601-944-4801 On Tue, 26 Aug 2003, Yogendra Joshi wrote: > Hi > > I am having 3 TNT boxes with TAOS 8.0.4 loaded on it. All these 3 boxes were > very stable for last 4 years , but for last 1 week these boxes are giving > different problems which I am not able to understand at all. Suddenly one of > the TNTs start giving error as "radius client time out " and I am not > getting the requests on my IC Radius. At the same time I get requests from > other 2 TNTs in the same network and on the same radius. I checked for the > connectivity & n/w issues between the perticular TNT and the radius, but > there is not any problem with connectivity. This goes in round robin for 3 > different TNTs and at different times. Some times I dont get the POP3 server > from one of the TNTs and then only solution for all the above problems is > to reboot the TNT. This is happening very frrequently and at different > times and on different TNTs. Surprisingly when this problem has started I am > getting a different message in my syslog saying " Lost control messaging > link to slot 1/5 " where 1/5 slot contains my ethernet card. This happens N > number of times on all 3 different TNTs and I am not able to understand if > this corelates with the above problem. Even I tried different things like > changing the radius , rebooting the radius , rebooting only the ethernet > card of the TNTs , but in vain only solution is to reboot the TNTs , which I > cant afford at peak times in my live set up , but I have to do it. > > I have only 8 MB Flash card thats why I can't upgrade my TAOS to 9.x & > above. Do you feel that the problem is related to TAOS ? I have also cheked > the TNT for attacks , but I dont see any attack on it. Is anybody have faced > the similar problem ? and resolved the problem ? ( By any chance is it > blaster attack ?) > > Thanks > > Yogendra > > ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From joure99_362 at ve.physics.carleton.ca Wed Aug 27 17:02:01 2003 From: joure99_362 at ve.physics.carleton.ca (Sue Ellen) Date: Tue Jan 18 13:57:55 2005 Subject: [Ascend] (ASCEND) Your user name and password Message-ID: <200308272148.h7RLmmqd016365@max.bungi.com> A non-text attachment was scrubbed... Name: not available Type: text Size: 938 bytes Desc: not available Url : http://shadowknight.real-time.com/pipermail/rte-ascend/attachments/20030827/0a12506f/attachment.asc From ejay.hire at isdn.net Thu Aug 28 02:42:01 2003 From: ejay.hire at isdn.net (Ejay Hire) Date: Tue Jan 18 13:57:55 2005 Subject: [Ascend] RE: (ASCEND) Serious problem with TNT Message-ID: I am crossposting a message I sent to NANOG. We have had similar issues on a crippling scale over the last few days, but it appears we have finally resolved them. -----Forwarded Message----- From: Ejay Hire Sent: Wednesday, August 27, 2003 11:47 AM To: 'Andy Walden'; Geo. Cc: NANOG Subject: RE: Max TNT ping thing Here is a summary of our experiences with the bug. Last Thursday, A TNTs with years of uptime rebooted. No cause was apparent, and nothing relevant happened in the logs. On Friday, It happened to a different TNT. This occurred with increasing frequency over the weekend, and we didn't get a lot of sleep. We tried using a filter in the tnt to block port 135 and 4444 to no avail, and then tried a filter to block ICMP in the tnt also to no avail. Next, we removed the tnt filters and tried rate-limiting ICMP to the TNT's. That didn't work. Next we removed the rate-limit and applied the Cisco-supplied anti-nachi route-map to the upstream interfaces facing the Tnt's. This significantly reduced the problem, but we were still rebooting every 12 hours or so. Disabling route-caching on the TNT stopped the rebooting problem, but we were seeing 40% packet loss on one of the TNTs. (Note, both TNT's have a Ds-3 of PRI's, and use the TNT-SL-E10-100 four port Ethernet cards) The packet loss was only affecting one TNT, and we discovered that it was running 9.0.6 while the unaffected box was running 9.0.9. Upgrading the box to 9.0.9 fixed the packet loss issue. We are currently up and haven't had any blips in 24 hours. (knock on wood.) -Ejay -----Original Message----- From: Chad Whitten [mailto:chadwick@nexband.com] Sent: Tuesday, August 26, 2003 10:33 PM To: Yogendra Joshi Cc: ascend-users@max.bungi.com; Subject: Re: (ASCEND) Serious problem with TNT I am having a similar problem. At first, I had 1 tnt rebooting itself every few hours (always it seemed at peak traffic times) and the only errors I would get would be related to the ethernet card. Now I have another TNT doing the same thing. Both are running 7.2.3 TAOS, both have the 4 port ethernet cards. They are on different networks connecting to different radius servers. The TNT that has just started acting up has much lower usage (about 70 users at peak time) than the other TNT (400+ at peak time). The problem first appeared last week and has now spread to another machine. I have one more TNT that isnt doing this and a bunch of max2024's and max4048's that are fine. Very frustrating. Anyone else care to chime in? Chad Whitten Network/Systems Administrator neXband Communications cwhitten@nexband.com 601-944-4801 On Tue, 26 Aug 2003, Yogendra Joshi wrote: ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From c.jackson at gopic.com Thu Aug 28 05:13:01 2003 From: c.jackson at gopic.com (Chris) Date: Tue Jan 18 13:57:55 2005 Subject: [Ascend] (ASCEND) answer me! Message-ID: <200308281002.h7SA2nqd018361@max.bungi.com> Hot barely legal ladies acting extremely dirty for you. http://www.ir-internet.com/index.html Download these chicks unseen photos now! http://www.ir-internet.com/index.html Stop mailing here: http://www.ir-internet.com/us.html ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From denny at reiters.org Thu Aug 28 07:58:01 2003 From: denny at reiters.org (Denny Reiter) Date: Tue Jan 18 13:57:55 2005 Subject: [Ascend] Re: (ASCEND) Serious problem with TNT In-Reply-To: References: Message-ID: <20030828124602.GF62465@reiters.org> We experienced the packet loss with 9.0.9. Turning off the route cache or limiting it to 15000 helped keep the TNTs responsive on their own subnet, but copious rebooting and just watching a sniffer for infected customer's dialed up and disabling them is all we've come up with to help. The fact that people running 10.x.x don't seem to have this problem irritates the hell out of me. I don't remember once having anything being solved by Lucent the years I had a service contract. I either got help here or figured it out on my own. In several instances, doing the opposite of what they recommended was the solution. I'll be happy when the spare parts run out and we can replace these things. On Wed, Aug 27, 2003 at 01:54:28PM -0500, Ejay Hire wrote: > I am crossposting a message I sent to NANOG. We have had similar issues > on a crippling scale over the last few days, but it appears we have > finally resolved them. > > -----Forwarded Message----- > From: Ejay Hire > Sent: Wednesday, August 27, 2003 11:47 AM > To: 'Andy Walden'; Geo. > Cc: NANOG > Subject: RE: Max TNT ping thing > > Here is a summary of our experiences with the bug. > > Last Thursday, A TNTs with years of uptime rebooted. No cause was > apparent, and nothing relevant happened in the logs. On Friday, It > happened to a different TNT. This occurred with increasing frequency > over the weekend, and we didn't get a lot of sleep. We tried using a > filter in the tnt to block port 135 and 4444 to no avail, and then tried > a filter to block ICMP in the tnt also to no avail. Next, we removed > the tnt filters and tried rate-limiting ICMP to the TNT's. That didn't > work. Next we removed the rate-limit and applied the Cisco-supplied > anti-nachi route-map to the upstream interfaces facing the Tnt's. This > significantly reduced the problem, but we were still rebooting every 12 > hours or so. Disabling route-caching on the TNT stopped the rebooting > problem, but we were seeing 40% packet loss on one of the TNTs. (Note, > both TNT's have a Ds-3 of PRI's, and use the TNT-SL-E10-100 four port > Ethernet cards) The packet loss was only affecting one TNT, and we > discovered that it was running 9.0.6 while the unaffected box was > running 9.0.9. Upgrading the box to 9.0.9 fixed the packet loss issue. > We are currently up and haven't had any blips in 24 hours. (knock on > wood.) > > -Ejay > > -----Original Message----- > From: Chad Whitten [mailto:chadwick@nexband.com] > Sent: Tuesday, August 26, 2003 10:33 PM > To: Yogendra Joshi > Cc: ascend-users@max.bungi.com; > Subject: Re: (ASCEND) Serious problem with TNT > > I am having a similar problem. At first, I had 1 tnt rebooting itself > every few hours (always it seemed at peak traffic times) and the only > errors I would get would be related to the ethernet card. Now I have > another TNT doing the same thing. Both are running 7.2.3 TAOS, both > have > the 4 port ethernet cards. They are on different networks connecting to > different radius servers. The TNT that has just started acting up has > much lower usage (about 70 users at peak time) than the other TNT (400+ > at > peak time). > > The problem first appeared last week and has now spread to another > machine. I have one more TNT that isnt doing this and a bunch of > max2024's and max4048's that are fine. > > Very frustrating. Anyone else care to chime in? > > Chad Whitten > Network/Systems Administrator > neXband Communications > cwhitten@nexband.com > 601-944-4801 > > On Tue, 26 Aug 2003, Yogendra Joshi wrote: > > > > > ++ Ascend Users Mailing List ++ > To unsubscribe: send unsubscribe to ascend-users-request@bungi.com > Archives: http://www.nexial.com/mailinglists/ -- Denny Reiter denny@reiters.org So I don't hurt your feelings: happydenny@reiters.org The ability to quote is a serviceable substitute for wit. - Maugham ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From carll at forcomm.net Thu Aug 28 10:37:01 2003 From: carll at forcomm.net (Carl Jagerski) Date: Tue Jan 18 13:57:55 2005 Subject: [Ascend] (ASCEND) Non Radius Local Dialup TNT Message-ID: <5.2.1.1.0.20030828111851.017233a8@mail.forcomm.net> Hi All, How do you setup a local authentication on a TNT to be able to dialin and connect with PPP if radius goes down? I just need one connection for dialin support of the unit. (Unit - TNT TAOS 8.0.5 and 9.0.9, DS3 card, Ethernet card(4 port), the rest are modem cards) TIA Carl Jagerski Network Administrator, Forward Communications carll@forcomm.net 724-378-4490 ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From jfbeam at prime.btitelecom.net Thu Aug 28 11:48:01 2003 From: jfbeam at prime.btitelecom.net (Ricky Beam) Date: Tue Jan 18 13:57:55 2005 Subject: [Ascend] Re: (ASCEND) Non Radius Local Dialup TNT In-Reply-To: <5.2.1.1.0.20030828111851.017233a8@mail.forcomm.net> Message-ID: On Thu, 28 Aug 2003, Carl Jagerski wrote: >How do you setup a local authentication on a TNT to be able to dialin and >connect with PPP if radius goes down? I just need one connection for >dialin support of the unit. (Unit - TNT TAOS 8.0.5 and 9.0.9, DS3 card, >Ethernet card(4 port), the rest are modem cards) new CONNECTION set station = set active = yes set ip-options remote-address = /32 set ip-options netmask-remote = 255.255.255.255 set ip-options source-ip-check = yes set session-options idle-timer = 1800 set ppp-options recv-password = set ppp-options link-compression = stac-9 set framed-only = yes write -f Note: the account is always available (not just when RADIUS is down.) --Ricky ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From cwhitten at nexband.com Thu Aug 28 15:06:01 2003 From: cwhitten at nexband.com (Chad Whitten) Date: Tue Jan 18 13:57:55 2005 Subject: [Ascend] (ASCEND) cisco isdn client to lucent max tnt Message-ID: <200308281426.25612.cwhitten@nexband.com> having some trouble getting a cisco isdn client connected using same config ive used for quite a while on the tnt and on the cisco here is error i get on tnt STOP: 'Answer'; cause 185.; progress 2.; host 0.0.0.0 [MBID 1431; 6628342033->6019691001] [Answer] and on the cisco im getting no reply to the ppp negation any suggestions? profile on tnt is as follows [in CONNECTION/hunter-eng] station* = hunter-eng active = yes encapsulation-protocol = mp called-number-type = national dial-number = "" clid = "" ip-options = { yes yes 0.0.0.0/0 0.0.0.0/0 1 60 120 no no 0 0.0.0.0 routing-off+ ipx-options = { no router-peer both both no 00:00:00:00 00:00:00:00 "" no [ 0 0+ bridging-options = { 0 no } session-options = { "" "" no 120 no-idle 900 "" 0 disabled autobaud 1088000 256+ telco-options = { answer-only no off 1 no no 64k-clear 0 "" "" no no 0 any } ppp-options = { pap-ppp-auth "" "" QQQQQQQQ stac 1524 yes 600 600 no cbcp-no+ mp-options = { 1 1 2 no no } mpp-options = { "" quadratic transmit-recv 1 1 15 5 10 80 } fr-options = { "" 16 "" no "" 16 "" } tcp-clear-options = { "" 0 "" 0 "" 0 "" 0 no "" 256 20 } ara-options = { "" 0 } v120-options = { 7 3 1500 30000 256 } answer-options = { } x75-options = { 7 10 1000 1024 } appletalk-options = { no "" 0 0 router-peer } usrRad-options = { global 0.0.0.0 1646 "" 1 acct-base-10 } calledNumber = "" shared-prof = no framed-only = no tunnel-options = { disabled atmp-protocol 0 rip-off "" "" 5150 "" "" } vrouter = "" atm-options = { aal5-llc 0 32 } port-redirect-options = { none 0 0.0.0.0 } -- Chad Whitten Network/Systems Administrator neXband Communications cwhitten@nexband.com 601-944-4801 Phone 601-714-5012 Fax ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From pautler at buffalo.edu Sat Aug 30 08:27:01 2003 From: pautler at buffalo.edu (Joe Pautler) Date: Tue Jan 18 13:57:55 2005 Subject: [Ascend] (ASCEND) question about TNT hardware support Message-ID: <20030829083126.E32401@mail.oss.buffalo.edu> We currently have the following assortment of cards in our TNT's: Name/Model Quantity Load file ------------------------------------------------------------------ t3-card 2 cards + spare tntt3.ffs 4ether2-card 2 cards + spare tntenet2.ffs 48modem-56k-card 6 cards (288 modems) + spares tntmdm56k.ffs TNT-SL-48MOD-S56 csmx-card 12 cards (576 modems) tntcsmx.ffs TNT-SL-48MOD-S-C csm3v-card 4 cards (192 modems) + spare tntcsm3v.ffs TNT-SL-48MODV3-S-C We're running software 9.0.9. I'm trying to determine what the most recent software version is for the TNT, and which cards (if any) have been end-of-lifed along the way. I do have a service contract with Lucent (which is a huge hassle every time I try to use it...but that's another story). It appears that 10.1.1 is the latest version of software. However, it appears that the dual slot 48modem-56k-card/TNT-SL-48MOD-S56 cards aren't supported (I don't see a tntmdm56k.ffs laod file). Is that true? When was support discontinued for them? Are any of the other cards listed above (such as the 4ether2) on the way out? I'm still digging around on the Lucent site trying to figure this out, but I thought maybe one of you TNT gurus might know off the top of your head. Thanks! -Joe Pautler University at Buffalo ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From pautler at buffalo.edu Sat Aug 30 08:27:03 2003 From: pautler at buffalo.edu (Joe Pautler) Date: Tue Jan 18 13:57:55 2005 Subject: [Ascend] Re: (ASCEND) Serious problem with TNT In-Reply-To: <20030828124602.GF62465@reiters.org>; from denny@reiters.org on Thu, Aug 28, 2003 at 07:46:02AM -0500 References: <20030828124602.GF62465@reiters.org> Message-ID: <20030829082238.D32401@mail.oss.buffalo.edu> Denny Reiter wrote: (written on 08/28/03 at 07:46) ] ]We experienced the packet loss with 9.0.9. Turning off the route ]cache or limiting it to 15000 helped keep the TNTs responsive on ]their own subnet, but copious rebooting and just watching a sniffer ]for infected customer's dialed up and disabling them is all we've ]come up with to help. We have 3 TNT's, running 9.0.9 software, using the ethernet2 cards. Approximately 2 weeks ago the TNT's started to continually lose the ability to communicate with their local subnet. In other words, dialin users could connect just fine, however they couldn't access anything on the same subnet as the TNT (there are a couple of web servers on the same subnet). The TNT was also not ping-able from that subnet... but it was pingable from everywhere else. We attributed the problem to the massive amounts of ICMP traffic flooding the TNT's, due to the Welchia/Nachi/Lovsan worm. We applied the following filter to the ethernet interface on each of our TNT's: new filter block-92B-ICMP set input-filters 1 valid-entry = yes set input-filters 1 forward = no set input-filters 1 gen-filter offset = 16 set input-filters 1 gen-filter len = 2 set input-filters 1 gen-filter more = yes set input-filters 1 gen-filter mask = ff:ff:00:00:00:00:00:00:00:00:00:00 set input-filters 1 gen-filter value = value = 00:5c:00:00:00:00:00:00:00:00:00: 00 set input-filters 2 valid-entry = yes set input-filters 2 forward = no set input-filters 2 gen-filter offset = 23 set input-filters 2 gen-filter len = 1 set input-filters 2 gen-filter mask = ff:00:00:00:00:00:00:00:00:00:00:00 set input-filters 2 gen-filter value = value = 01:00:00:00:00:00:00:00:00:00:00: 00 set input-filters 3 valid-entry = yes set input-filters 3 forward = yes write read ethernet {1 2 4} set filter-name = block-92B-ICMP write The above filter will stop all ICMP packets that are 92 Bytes in length, which is the signature for the worm. The ping utilities for windows, linux, etc, do not use 92 Byte packets, thus the above filter only blocks the worm and does not affect other types of ICMP. The above filter got rid of our problem, however then we started having a new one. Some dialin users would be able to connect, however after connecting they could not access anything. A sniffer capture showed their traffic coming out of the TNT, followed by the replies coming back to the TNT, however the TNT was not forwarding the replies back to the dialin user. Approximately 10% of dialin connections were suffering from that problem. Although we put the above filter on the TNT ethernet interfaces, the TNT's were still getting hammered with the ICMP packets from dialin users who were infected. We then decided to block the 92 Byte ICMP packets coming in from dialin users. We did this in our radius profile, as follows: Ascend-Data-Filter = "generic in drop 23 ff 01 == more" Ascend-Data-Filter = "generic in drop 16 ffff 005c ==" Ascend-Data-Filter = "ip in forward 0 0 0", Ascend-Data-Filter = "ip out forward 0 0 0", That was 3 days ago, and everything has been stable ever since. (knock on wood!!) -Joe Pautler University at Buffalo ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From NAVMSE-EXCHANGE at spartahospital.com Sun Aug 31 01:13:01 2003 From: NAVMSE-EXCHANGE at spartahospital.com (NAVMSE-EXCHANGE@spartahospital.com) Date: Tue Jan 18 13:57:55 2005 Subject: [Ascend] (ASCEND) Symantec AVF detected an unrepairable virus in a message you sent Message-ID: <04ee01c36f7f$a2ee45c0$de0510ac@hospital.spartahospital.com> Subject of the message: Your details Recipient of the message: Brown, Barb ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/ From NAVMSE-EXCHANGE at spartahospital.com Sun Aug 31 23:07:01 2003 From: NAVMSE-EXCHANGE at spartahospital.com (NAVMSE-EXCHANGE@spartahospital.com) Date: Tue Jan 18 13:57:55 2005 Subject: [Ascend] (ASCEND) Symantec AVF detected an unrepairable virus in a message you sent Message-ID: <05ae01c37028$763d56c0$de0510ac@hospital.spartahospital.com> Subject of the message: Your details Recipient of the message: Brown, Barb ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com Archives: http://www.nexial.com/mailinglists/