BGP.guru

BGP.guru

A Nerd blog.

21 Nov 2014

Service Status via SaltStack 2014.7 with Nagios

Exploring SaltStack 2014.7's nagios module: remote execution of nagios-plugins on minions, pillar-defined check lists with Jinja templating, distributed monitoring ideas, and contributing documentation fixes to SaltStack.
08 Nov 2014

New and Removed ASNs

Automating Canadian ASN discovery using Blockfinder: daily diff emails tracking ARIN assignments, patching TTY progress bar issues for cron jobs, and proposing ARIN's arin-issued list for AS numbers (later implemented).
23 Oct 2014

Troubleshooting ICMPv6 with tcpdump

Fixing OpenBSD PF firewall ICMPv6 rules by using tcpdump to identify required neighbor discovery types (133-137): isolating NDP traffic with packet filters and properly allowing router/neighbor solicitation/advertisement messages.
16 Oct 2014

Internet Connection Sharing

Tracking down rogue DHCP server on corporate network: using arpwatch to identify Mac sharing causing 192.168.137.x leases, correlating MAC to CDP/switch port, and why DHCP snooping prevents these issues.
16 Oct 2014

SSLv3 Disabled

Responding to POODLE vulnerability by disabling SSLv3 across all services: enforcing TLSv1.0+, updating cipher suites from Mozilla wiki, logging protocol/cipher combinations to verify modern client support.