Berkeley CSUA MOTD:Entry 25567
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/07/08 [General] UID:1000 Activity:popular
7/8     

2002/8/15 [Computer/Networking] UID:25567 Activity:very high
8/14    Has anyone ever used any Netscreen hardware?  I've been offered the
        use of a Netscreen 100 on indefinite loan, and I was wondering if
        it's worth the time/effort required to setup and experiment with.
        Comments/Advice on ease/difficulty of setup as well as evidence
        (anecdotal or otherwise) of the security record for Netscreen
        equipment would be much appreciated.
        \_ We evaluated Netscreens for my last (big) client.  They decided
           to buy them.  Not a good idea.  Take it if it's free--however,
           if you want to do anything reasonably advanced with them, they
           are close to useless.  This includes inter-platform IPSEC,
           debugging, whatnot.  You are far better off with a *nix running
           IPFilter for anything involving customization.  Netscreens have
           a cute web gui, and that's about it.  As below, if the price is
           right, take it--but for these, free is the only right price.  -John
           \_ Which devices have you been trying to interoperate them with?
                        -mlee
        \_ I played with two Netscreen 5 (set up a home-to-office VPN last wk)
           Not sure about the 100. Worth it to play with it, esp. if its free.
           Everything is browser-based now. Piece of cake.
           As for security, reliability and performance, I am still testing.
        \_ as a former Netscreen "consultant" and reseller... they are GREAT
           for simple stuff... crazy easy to configure and manage... but when
           it comes down to flexibility and ease of doing some crazy stuff with
           the security policy and address translation they SUCK ASS. when it
           comes to VPN... they suck ass and suck some more.. Netscreens
           are cheap and simple. use them for simple/small environ.. -shac
           \_ If you're talking about the messy UI configuration of VPNs,
              they have remedied in ScreenOS 4.0.  -mlee
        \_ I used an NS100 in an office.  Worked fine there.  Put the mail
           server in dmz, the rest in the 'trusted' zone (as if I trusted any
           of the stupid bastards at that company) and the internet is the
           untrusted zone.  Does all the basics really easily.  Free is a
           good price for it.  Keep it.
        \_ On the same token, anyone have opinions on Checkpoint FW-1 vs.
           a Cisco Pix?
           \_ Pix is very similar to other Cisco stuff as far as configuring
              it.  If you know Cisco routers, you know Cisco pix.
              \_ Cisco Pix shouldn't even be in this discussion.  -mlee
2025/07/08 [General] UID:1000 Activity:popular
7/8     

You may also be interested in these entries...
2013/8/22-10/28 [Computer/Companies/Yahoo, Industry/SiliconValley] UID:54732 Activity:nil
8/22    http://marketingland.com/yahoo-1-again-not-there-since-early-08-56585
        Y! is back to #1! Marissa, you are SEXY!!!
        \_ how the heck do you only have 225M uniq vis/month when there
           are over 1 billion internet devices out there?
           \_ You think that every single Internet user goes to Y!?
        \_ Tall blonde skinny pasty, not my type at all -former Y!
	...
2013/6/26-8/13 [Computer/Domains, Computer/Networking, Computer/SW/WWW/Browsers] UID:54697 Activity:nil
6/26    This ones for you psb -ausman
        http://25.media.tumblr.com/027fe67c84c2288cc16e9c85db690834/tumblr_mp0ag8DCQI1qzwozco1_1280.jpg
        \- that's pretty good. i wish someone had put the idea to be before i saw
           it on the internet, so see if i'd have put the 9 justices in the same
           boxes. JOHN PAUL STEVENS >> All the sitting justices. --psb
        \- that's pretty good. i wish someone had put the idea to be before i
	...
2012/4/2-6/4 [Computer/SW/Languages/Java, Computer/SW/RevisionControl] UID:54353 Activity:nil
4/02    We use Perforce at work for revision control. It seems to work okay.
        Lately, a lot of the newer developers are saying that Perforce
        sucks and we should switch to Mercurial or Git. I have done some
        searching on the Internet and some others have this opinion. Added
        advantage is that Mercurial and Git are free. However, there would
        be some work to switch for the sysadmins and the developers.
	...
2012/4/26-6/4 [Computer/Networking] UID:54371 Activity:nil
4/26    I see that soda has an ipv6 address but ipv6 traffic from this box
        doesn't actually work (ping6 <DEAD>ipv6.google.com<DEAD>, ping6 http://www.v6.facebook.com
        Is this expected to work?
        \_ Soda doesn't have a real IPv6 address.  The IPv6 addresses you see
           in ifconfig are just link-local addresses; any IPv6-capable machine
           will autogenerate these, whether or not it's connected to an IPv6
	...
2011/11/8-30 [Computer/SW/Security, Computer/SW/OS/Windows] UID:54218 Activity:nil
11/8    ObM$Sucks
        http://technet.microsoft.com/en-us/security/bulletin/ms11-083
        \_ How is this different from the hundreds of other M$ security
           vulnerabilities that people have been finding?
           \_ "The vulnerability could allow remote code execution if an
               attacker sends a continuous flow of specially crafted UDP
	...
2010/11/1-2011/1/13 [Computer/Networking] UID:54002 Activity:nil
11/1    I'm moving from a home in Fremont to another home within the same ZIP
        code in Fremont, and AT&T customer service says I cannot transfer my
        DSL service because DSL is not available at my new home.  Is that BS?
        Are they just trying to push me to subscribe to their more expensive
        U-verse service?  I'm not asking for any lightening-speed connection.
            \_ could be
	...