PacketPushers Special – Internets of Interest for mid-April 2012


Once we started the Packet Pushers Podcast, it was clear from talking to our listeners that some people didn’t want to run a blog, or publish the occasional article that almost no one reads but they still had something to share, pass on or whatever. The following blogs posts are just some of those that I thought were of interest in the last few weeks.


You can get a list of the most recent blog posts at blog category  (this link will take you to the blog posts only). You can add the the URL “” to get the latest blog posts (without the podcasts etc).

Packet Pushers is happy to welcome you to join the amazing roster of writers. Write when you can, even if it is just once, and share it with the community. Contact us by emailing [email protected] and we will set you up with an account.

Understanding When A Cisco ASA NAT Rule Can Override The ASA Routing Table – Gotcha!

So…here’s the thing. A Cisco ASA does not always determine the egress interface of a packet based on the routing table. Instead, it’s possible that a NAT rule is overriding the routing table. What Cisco says about this is as follows, taken from their official configuration documentation for the ASA:

Show 97 – The Future of TRILL and Spanning Tree – Part 1 – This two part TRILL podcast has been hugely popular with large numbers of people downloading it. Technical and nerdy – just the way we like it.

TRILL has been on the radar for about three years and while we are seeing some shipping hardware and early deployments, it’s not clear what the current status of TRILL is. This week, Jon Hudson IETF Member for TRILL and Brocade engineer is joined with Andy Shalomon from Cisco, who is conducting testing and deployment on Cisco’s FabricPath for a discussion about where TRILL is today.

Thin Slicing Security Data – I agree with Mrs Y here. The security industry needs to change radically to adapt to the future. Here is some very interesting thoughts on a new approach.

Maybe the real evolution in the security industry will come when we realize that we can’t quantify or fight all the unknowns.  What we can do is create strong infrastructures that minimize technical debt by building secure applications and protocols from the start, then add the equivalent of air bags to our architecture for when the inevitable intrusion occurs. We could also focus more on the things we can control, like the human factor, because even though compromises originate with humans,  people are your best intrusion detection mechanisms.

An Alternate Route to a Networking Career – Bob McCouch talk about his path into Networking – for those people who are interested in talking about their career and planning how to be somewhere in the workforce.

Recently, I was reflecting on this sage advice to get into a NOC and answer the phone for down circuits, failed routers, and the like. I realized it’s nothing like the path I took to become a (relatively) successful networking professional. However, unlike “recovering server admins” who moved into networking after years in another IT discipline, I’ve been in networking for my entire working career. As practitioners of the networking arts know, there’s always another way.

Certified Ethical Hacker v7: Certification Review – Ethan talks about his CEH exam experience.

Taking the exam was like any other professional certification I’ve done. You walk into the testing center. They take two forms of ID and sign you in. You can’t bring anything with you like notes or a cell phone. They sit you in front of a PC in a cramped little cube. They load the test, you agree to the terms, the countdown timer starts, and off you go.

RFC Prophecies – Mrs Y talks about April Fool’s IETF RFCs and how they aren’t always funny…….

Wait a second. Users actually DO this on networks with applications like BarbaTunnel and HTTPTunnel. In fact, people do all kinds of things to subvert firewall rules. The only funny part of that RFC is how ineffective firewalls have truly become.