BGP Update Report
Interval: 04-Feb-08 -to- 06-Mar-08 (32 days)
Observation Point: BGP Peering with AS2.0
TOP 20 Unstable Origin AS
Rank ASNUpds % Upds/PfxAS-Name
1 - AS949894122 1.6% 76.0 -- BBIL-AP BHARTI BT INTERNET LTD.
2 - AS24731 68420
This report has been generated at Fri Mar 7 21:14:14 2008 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org for a current version of this report.
Recent Table History
Date
Looking for a consultant or someone that could help a company I am
working with migrate 15 racks of servers from Canada to US. Not all will
be coming, but we will be re-purchasing some equipment to create a
second data centre.
Anyone interested or knows someone please contact me offlist.
One app I like a lot is Ping Plotter, but it only runs on Windows, so it
isn't good for remote monitoring. We do use it for some things,
however. I like the detailed traceroute / latency visualization it
has. It also has a hard time with a lot (100+) nodes being monitored.
SmokePing
My bad, you might be able to do it with PingPlotter using remote proxies
that are linux. I can see using the Vixie personal colo list to find
cheap vm offerings in various locations. Other option, a few could get
together and share some resources to get the proxies distributed.
Jason LeBlanc wrote:
My bad, you might be able to do it with PingPlotter using remote proxies
that are linux. I can see using the Vixie personal colo list to find
cheap vm offerings in various locations. Other option, a few could get
together and share some resources to get the proxies
I did look at it, it still lacks a few things, but it does cover most.
It would be nice if you added some screenshots or demo pages as to what
the reporting looks like. I had to dig around and find a paper on the
slammer worm to see what the output looks like.
Jeroen Massar wrote:
Jason
Jason LeBlanc wrote:
I did look at it, it still lacks a few things, but it does cover most.
It would be nice if you added some screenshots or demo pages as to what
the reporting looks like. I had to dig around and find a paper on the
slammer worm to see what the output looks like.
Yeah, much of it is noise. However there is a a lot of coordination to
much of what I'm seeing. Many of the scans stop at hosts with
accessible SSH daemons and pound on them for minutes to hours. Others
are more subtle. I'll see one host scan our ranges and pick out the IPs
running SSH.
This question will probably get lost in the Friday afternoon lull but
we'll give it a try anyway.
What kind of customer-facing filtering do you do (ingress and egress)?
This of course is dependent on the type of customer, so lets assume
we're talking about an average residential customer.
On Fri, 7 Mar 2008, Justin Shore wrote:
Do you block any customer-facing egress traffic at all? What about ingress?
SMTP, NetBIOS, MS-SQL, common proxy ports (3128, 6588)?
What ICMP types do you allow or disallow?
In my previous life, I worked at a mid-sized ISP. A common practice for
On Fri, 07 Mar 2008 13:55:05 CST, Justin Shore said:
I'm assuming everyone uses uRPF at all their edges already so that
eliminates the need for specific ACEs with ingress/egress network
verification checks.
You're new here, aren't you? :)
pgpck6mspgZyp.pgp
Description: PGP signature
[EMAIL PROTECTED] wrote:
On Fri, 07 Mar 2008 13:55:05 CST, Justin Shore said:
I'm assuming everyone uses uRPF at all their edges already so that
eliminates the need for specific ACEs with ingress/egress network
verification checks.
You're new here, aren't you? :)
Hopefully optimistic.
I would *love* to be able to run uRPF on all of our edge devices, but we
use Cisco ME3400s, 3550s, 3560s and they don't support it. :-(
[EMAIL PROTECTED] wrote:
On Fri, 07 Mar 2008 13:55:05 CST, Justin Shore said:
I'm assuming everyone uses uRPF at all their edges already so that
On Fri, Mar 07, 2008 at 01:55:05PM -0600, Justin Shore wrote:
What kind of customer-facing filtering do you do (ingress and egress)?
This of course is dependent on the type of customer, so lets assume
we're talking about an average residential customer.
...
As part of a recent measurement
Justin M. Streiner wrote:
I do recall weighing the merits of extending that to drop outbound SMTP
to exerything except our mail farm, but it wasn't deployed because there
was a geat deal a fear of customer backlash and that it would drive more
calls into the call center.
This seems to be
We also use ingress bogon ACLs at our borders.
--
Tim Sanderson, network administrator
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Justin Shore
Sent: Friday, March 07, 2008 3:20 PM
To: [EMAIL PROTECTED]
Cc: NANOG
Subject: Re:
On Mar 7, 2008, at 12:55 PM, Justin Shore wrote:
This question will probably get lost in the Friday afternoon lull
but we'll give it a try anyway.
What kind of customer-facing filtering do you do (ingress and
egress)? This of course is dependent on the type of customer, so
lets
---
What kind of customer-facing filtering do you do (ingress and
egress)? This of course is dependent on the type of customer, so
lets assume we're talking about an average residential customer.
---
From a
Same concerns here. Glad to know we're not alone.
I think a transition to blocking outbound SMTP (except for one's own e-mail
servers) would benefit from an education campaign, but perhaps the pain
level is small enough that it can implemented without. One could start
doing a subnet block a
Scott Weeks wrote:
fire + gasoline = religious argument on this issue that we've had *many* times
in the past... ;-)
I wore my flame-retardent tidy whiteys today though so I'm prepared. :-)
I can understand the problem from both camps. As a tech-savvy user I
don't want my provider to
To me there is no question of whether or not you filter traffic for
residential broadband customers.
SBC in my area (Dallas) went from wide open to outbound 25 blocked by
default/opened on request. I think doing the same thing with port 22 would
hardly be an undue burden on users, and would
--- [EMAIL PROTECTED] wrote:
To me there is no question of whether or not you filter traffic for
residential broadband customers.
SBC in my area (Dallas) went from wide open to outbound 25 blocked by
default/opened on request. I think doing the same thing with port 22 would
hardly be an
That's the problem isn't it? Who decides what can and cant go through. I think
the tier approach is better, a basic user account where everything is blocked
and a Sysadmin type account where everything is open. If the price is different
enough then only people who are going to use those extra
Might as well do TCP 20, 21 and 23, too. Woah, that slope's getting slippery!
Do bots try brute force attacks on Telnet and FTP? All I see at my firewall
are SSH attacks and spam. But sure, if there's a lot of Telnet abuse block
23 too; I think it's used about as rarely by normal customers as
--- [EMAIL PROTECTED] wrote:
That's the problem isn't it? Who decides what can and cant go through. I think
the tier approach is better, a basic user account where everything is blocked
and a Sysadmin type account where everything is open. If the price is different
enough then only people
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Scott Weeks [EMAIL PROTECTED] wrote:
We need to take this off-line. All long timers are groaning, rolling
their eyes and putting this in their kill file.
Try convincing your product managers to create a new product just to
appease 'sysadmin
Scott Weeks wrote:
We need to take this off-line. All long timers are groaning, rolling their
eyes and putting this in their kill file.
Are the long-timers groaning and ignoring this thread? I certainly hope
not. It's threads like these that need the benefit of their experience
the
On Fri, 7 Mar 2008, Dave Pooser wrote:
Might as well do TCP 20, 21 and 23, too. Woah, that slope's getting
slippery!
Do bots try brute force attacks on Telnet and FTP? All I see at my firewall
are SSH attacks and spam. But sure, if there's a lot of Telnet abuse block
23 too; I think
On Fri, Mar 07, 2008, Justin Shore wrote:
Scott Weeks wrote:
We need to take this off-line. All long timers are groaning, rolling
their eyes and putting this in their kill file.
Are the long-timers groaning and ignoring this thread? I certainly hope
not. It's threads like these that
Just straight up blocking outbound ports (with the debatable exception of
port 25) seems heavy handed and too slanted toward admin convenience over
customer satisfaction. It's a slippery slope because unlike with spam,
people who are affected by brute force attacks have some degree of
Blocking port 25 outbound for dynamic users until they specifically request
it be unblocked seems to me to meet the no undue burden test; so would
port 22 and 23. Beyond that, I'd probably be hesitant until I either started
getting a significant number of abuse reports about a certain flavor of
Dave Pooser wrote:
To me there is no question of whether or not you filter traffic for
residential broadband customers.
SBC in my area (Dallas) went from wide open to outbound 25 blocked by
default/opened on request. I think doing the same thing with port 22 would
also people who do real
The last few spam incidents I measured an outflow of about 2 messages per
second. Does anyone know how aggressive Telnet and SSH scanning is? Even
if it was greater, it's my guess there are many more hosts spewing spam than
there are running abusive telnet and SSH scans.
Frank
-Original
Frank Bulk wrote:
The last few spam incidents I measured an outflow of about 2 messages per
second. Does anyone know how aggressive Telnet and SSH scanning is? Even
if it was greater, it's my guess there are many more hosts spewing spam than
there are running abusive telnet and SSH scans.
Port 22 outbound? And 23? Telnet and SSH _outbound_ cause that much of a
concern? I can only assume it's to stop clients exploited boxen being used
to anonymise further telnet/ssh attempts - but have to admit this
discussion is the first i've heard of it being done 'en masse'.
On one test
On Sat, 8 Mar 2008, Dave Pooser wrote:
Port 22 outbound? And 23? Telnet and SSH _outbound_ cause that much of a
concern? I can only assume it's to stop clients exploited boxen being used
to anonymise further telnet/ssh attempts - but have to admit this
discussion is the first i've heard
37 matches
Mail list logo
