I had a network outage this morning brought about by a BGP route explosion at around
6:30 EST(-4) this morning. Anyone else notice it, and who the culprit whats? I got
the exact same hit from both my providers, ATT Can, and Telus.
Thanks
Andrew
I had a network outage this morning brought about by a BGP route explosion at around
6:30 EST(-4) this morning. Anyone else notice it, and who the culprit whats? I got
the exact same hit from both my providers, ATT Can, and Telus.
Yeah its been reported a few places - we saw about 130K
On Wed, 1 May 2002 08:42:02 -0400
[EMAIL PROTECTED] (Andrew Herdman) wrote:
I had a network outage this morning brought about by a
BGP route explosion at around 6:30 EST(-4) this morning.
Anyone else notice it, and who the culprit whats? I got
the exact same hit from both my providers,
AS818 saw the spike, courtesy Geoff Houston's Table Data Program:
http://ryouko.dgim.crc.ca/bgp/bgp-all.html
Neat tool - I tried to grab the src but the first 1000 or so lines are blank
and uncompilable. Anyone have a good version of the src?
http://1010wins.com/topstories/StoryFolder/story_1199630592_html
WINS) May 1, 2002 6:49 am US/Eastern
(New York-AP) -- Telephone service in a section of midtown Manhattan has
been disrupted by a construction accident.
Verizon spokesman Cliff Lee says a construction crew working on 58th
} I'm trolling for newspeers, if there is anyone out there still using
} NNTP..
http://www.usenet-se.net/peering/
A useless list based on my experience (zero responses to requests
to twelve different sites).
--lyndon
supernews.com is my news provider and they are pretty good.
Todd
- Original Message -
From: Lyndon Nerenberg [EMAIL PROTECTED]
To: Katsuhiro Kondou [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Wednesday, May 01, 2002 9:53 AM
Subject: Re: news-peering
} I'm trolling for
On Wed, 1 May 2002, Lyndon Nerenberg wrote:
} I'm trolling for newspeers, if there is anyone out there still using
} NNTP..
http://www.usenet-se.net/peering/
A useless list based on my experience (zero responses to requests
to twelve different sites).
Some of the information on
I don't know if this is an annual argument yet, but the frog is in the
pot, and the flame is on. Guess who's playing the part of the frog?
Answer: ISPs who do this sort of thing. Value added security is a nice
thing. Crippling Internet connections will turn the Internet into the
phone
On Wed, 01 May 2002 14:55:02 PDT, Eliot Lear said:
some access-lists. Just make sure that when that next really fun game is
delivered on a play station that speaka de IP your customers can play it,
and that you haven't built a business model around them not being able to
play it.
There
At 3:03 PM -0700 5/1/02, Scott Francis wrote:
On Wed, May 01, 2002 at 02:55:02PM -0700, [EMAIL PROTECTED] said:
I don't know if this is an annual argument yet, but the frog is in the
pot, and the flame is on. Guess who's playing the part of the frog?
Answer: ISPs who do this sort of thing.
There's been plenty of discussion about DDoS attacks, and my
IDS system is darn good at identifying them. But what are
effective methods for large service-provider networks (ie
ones where a firewall at the front would not be possible) to
deal with DDoS attacks?
Current method of updating ACLs
I think a lot of the GRPS stuff is heading towards IPv6 w/IPv4
gatewaying.
The NAT issue has certainly resulted in a quite a few disgruntled
satellite customers (I'm thinking here primarily of direcpc.com) who're
willing to put up with the large latencies, but get really irate when
their apps
http://www.secsup.org/Tracking/
UUNet uses that...others might as well, Shrug.
Quick, simple, effective tracking of DDoS attacks.
As for identifying attacks, quite honestly large ISP's are typically still
relying on customer notification. I know that's how we do it.
On Wed, 1 May 2002,
Then you are pushing out /32's and peers would need to accept them. Then
someone will want to blackhole /30's, /29's, etc. Route bloat. Yum!
Additionally you are creating a way to basically destroy the Internet as a
whole. One kiddie gets ahold of a router, say of a large backbone
Then you are pushing out /32's and peers would need to accept them. Then
someone will want to blackhole /30's, /29's, etc. Route bloat. Yum!
I am in no way proposing discounting current filtering rules. There are
alway two
different intersts one must consider, one that of the customer and
In a message written on Wed, May 01, 2002 at 08:17:04PM -0500, dies wrote:
Then you are pushing out /32's and peers would need to accept them. Then
someone will want to blackhole /30's, /29's, etc. Route bloat. Yum!
I'm not sure what form this would take, but I have long wished
route
On Wed, May 01, 2002 at 09:38:52PM -0400, Wojtek Zlobicki wrote:
How about the following :
We develop a new community , being fully transitive (666 would be
appropriate ) and either build into router code or create a route map to
null route anything that contains this community. The
On Wed, 1 May 2002, Deepak Jain wrote:
I'm more concerned that if the major metropolitan markets deploying GPRS
all use NAT, then the Next Big Thing won't ever happen on GPRS devices.
Customers won't jump ship if they have no where to jump to.
The only people who'd be deploying GPRS are GSM
On Wed, 1 May 2002, Pete Kruckenberg wrote:
We experience a lot of types of attacks (education/research
network = easy hacker target). With DDoS incidents, it
seems we are more often an unknowing/unwilling participant
than the target, partly due to owning big chunks of IP
address space.
On Wed, 1 May 2002 [EMAIL PROTECTED] wrote:
and then again, there has been much discussion on simple
DoS attacks, where the term DDoS is erroneously used...
I am very much not trying to imply that this is the case
here, but it's important that the two be thoroughly
distinguished from
What we use and we're a 'largeish' network:
http://www.secsup.org/Tracking/
(shameless plug #1)
Among other things this is a tool we use... there was a great set of
slides and presentation given at NANOG23:
http://www.nanog.org/mtg-0110/greene.html
(shameless plug #2)
There is also a set of
On Wed, 1 May 2002 [EMAIL PROTECTED] wrote:
True DDoS attacks, fortunately, are rarer than most people believe. If they
were not, the Internet as we know it would look a lot more like a telephone
system in USSR-at-it's-worst-days. For example, of the two recent DDoS's I
have been on
On Wed, 1 May 2002, dies wrote:
Then you are pushing out /32's and peers would need to accept them. Then
someone will want to blackhole /30's, /29's, etc. Route bloat. Yum!
Yes.
Additionally you are creating a way to basically destroy the Internet as a
whole. One kiddie gets ahold
On Wed, 1 May 2002, Wojtek Zlobicki wrote:
Where are providers drawing the line ? Anyone have somewhat detailed
published policies as to what a provider can do in order to protect their
nework as a whole.
At what point (strength of the attack) does a customers netblock (assuming a
/24
On Wednesday, May 1, 2002, at 10:33 , Steven J. Sobol wrote:
On Wed, 1 May 2002, Deepak Jain wrote:
I'm more concerned that if the major metropolitan markets deploying
GPRS
all use NAT, then the Next Big Thing won't ever happen on GPRS devices.
Customers won't jump ship if they have no
On Thu, May 02, 2002 at 04:28:44AM +, Christopher L. Morrow wrote:
Let me say this one more time... RATE LIMITS DON'T DO SHIT TO STOP
ATTACKS for the victim atleast, all they do is make the job of the
attacker that much easier. For instance:
1) I synflood www.avleen.org
2) you
On Wed, 1 May 2002, Richard A Steenbergen wrote:
I give it 2 months, then they'll start hitting random dst IPs in a target
prefix (say a common /24 going through the same path).
Damn you, don't give them any ideas :)
On Thu, May 02, 2002 at 04:45:43AM +, Christopher L. Morrow wrote:
On Wed, 1 May 2002, Wojtek Zlobicki wrote:
Where are providers drawing the line ? Anyone have somewhat detailed
published policies as to what a provider can do in order to protect their
nework as a whole.
At what
On Wed, 1 May 2002, Pete Kruckenberg wrote:
On Wed, 1 May 2002, Richard A Steenbergen wrote:
DDoS attacks is such a generic term. There are a wide
variety of attacks which each need to be handled in
their own way, the extra D is just one possible twist.
Can you explain what kind of
On Wed, 1 May 2002, Pete Kruckenberg wrote:
On Wed, 1 May 2002 [EMAIL PROTECTED] wrote:
and then again, there has been much discussion on simple
DoS attacks, where the term DDoS is erroneously used...
I am very much not trying to imply that this is the case
here, but it's important
On Wed, 1 May 2002, Basil Kruglov wrote:
On Thu, May 02, 2002 at 04:45:43AM +, Christopher L. Morrow wrote:
On Wed, 1 May 2002, Wojtek Zlobicki wrote:
Where are providers drawing the line ? Anyone have somewhat detailed
published policies as to what a provider can do in order
On Thu, 2 May 2002, Richard A Steenbergen wrote:
SYN packet comes in, one of these machines responses with a
RST to the source, which is actually the target of the
You have an interesting situation. I think rate limiting
outbound RSTs would be the least offensive thing you
could do, off
On Wed, 1 May 2002, Pete Kruckenberg wrote:
On Thu, 2 May 2002, Richard A Steenbergen wrote:
SYN packet comes in, one of these machines responses with a
RST to the source, which is actually the target of the
You have an interesting situation. I think rate limiting
outbound RSTs
34 matches
Mail list logo
