Request for data : Earth Hour - traffic stats [28 March 2009 20:30-21:30 local]
Ninjas, I'm compiling some data re this year's Earth Hour[1] . For those not in the know, or those that dismissed it, Earth Hour is something the World Wildlife Fund cooked up, suggesting that the world turn off all non-essential electrical devices, to demonstrate some global-warming hypothesis. I'm looking for data - either compiled or raw - of activity between 8:30 (20:30) and 9:30 (21:30) local time. Power usage (and comparisons against previous weeks if available) and probably easier to push out - bandwidth info (and, again, comparisons against previous 2030-2130-saturday-night data). All data will be anonymized. Sources, if you send from $work email, will not be included in any summarizations. I think this will turn out to be some rather interesting info. I'll post findings to nanog, of course, or at least, appropriate urls and such. TIA, -jamie [1] http://en.wikipedia.org/wiki/Earth_Hour | http://www.earthhour.org/about/ -- Jamie Rishaw // .com.a...@j - reverse it. ish. [Impressive C-level Title Here], arpa / arpa labs
Re: Request for data : Earth Hour - traffic stats [28 March 2009 20:30-21:30 local]
jamie rishaw wrote: Ninjas, I'm compiling some data re this year's Earth Hour[1] . For those not in the know, or those that dismissed it, Earth Hour is something the World Wildlife Fund cooked up, suggesting that the world turn off all non-essential electrical devices, to demonstrate some global-warming hypothesis. I'm looking for data - either compiled or raw - of activity between 8:30 (20:30) and 9:30 (21:30) local time. Power usage (and comparisons against previous weeks if available) and probably easier to push out - bandwidth info (and, again, comparisons against previous 2030-2130-saturday-night data). All data will be anonymized. Sources, if you send from $work email, will not be included in any summarizations. I think this will turn out to be some rather interesting info. I'll post findings to nanog, of course, or at least, appropriate urls and such. I say we all run off the grid on generator power for earth hour. (At least that's what I'm saying because it was coincidentally my regular automatic exercise time with load transfer.) ~Seth
Re: iBGP Scaling
On Sat, Mar 28, 2009 at 05:13:54PM +, tt tt wrote: Hi List, We are looking to move our non infrastructure routes into iBGP to help with our IGP scalability (OSPF). We already run full BGP tables on our core where we connect to multiple upstream and downstream customers. Most of our aggregation and edge routers cannot hold full tables and it's certainly not possible to upgrade them. Is there any reason why we shouldn't filter iBGP routes between our core and aggregation layers (we plan to use route reflectors) or should we be look at using a private AS number per POP? Dave, This isn't an either/or. If you are memory-starved then even with a confederation model you'd need to be filtering or summarizing at the core/aggregation boundary. The decision axis there has to do with the number of routers, fluidity VS rigidity of your core/agg relationships, restrictions or capabilities of your equipment, etc. The only reason not to limit the aggregation-heard routes in your situation is if there are downstream customers (or internal servers/ services) which need the data. For manageability, follow cgucker's advice and tag everything with various communities to describe them: customer/peer/transit, your transit's customer VS truly remote, internal pop heard, geographic region, et al. Based upon a good set of tags, it will be easy to see what data can be reduced from your memory-starved sites with a limited pathway to the rest of your net. Cheers, Joe -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE
Re: Fiber cut on Irish Sea
affecting whom? and who's network? --- On Sun, 3/29/09, Ken Gilmour ken.gilm...@gmail.com wrote: From: Ken Gilmour ken.gilm...@gmail.com Subject: Fiber cut on Irish Sea To: nanog@nanog.org Date: Sunday, March 29, 2009, 4:55 PM Hi There, Since we use a vendor of the vendor of two Irish sea submarine cables I am wondering if anyone has first hand information on the fiber cut this morning? Does anyone have a status update on what is happening? I am getting some Chinese whispers going on here. Thanks! Ken
Re: Fiber cut on Irish Sea
We received the report from Packet Exchange, however they are not the owners of the cable. I assume they just rent spectrum. 2009/3/29 isabel dias isabeldi...@yahoo.com: affecting whom? and who's network? --- On Sun, 3/29/09, Ken Gilmour ken.gilm...@gmail.com wrote: From: Ken Gilmour ken.gilm...@gmail.com Subject: Fiber cut on Irish Sea To: nanog@nanog.org Date: Sunday, March 29, 2009, 4:55 PM Hi There, Since we use a vendor of the vendor of two Irish sea submarine cables I am wondering if anyone has first hand information on the fiber cut this morning? Does anyone have a status update on what is happening? I am getting some Chinese whispers going on here. Thanks! Ken
Re: Fiber cut on Irish Sea
Are you able to provide historical information on the incident/outgae you have experienced? Are you able to provide an egress and/or igress traffic coming in and out of your network to make sure your traffic was crossing that transmission path? I guess you must have visibility of planned work or outage notification if anything happen and you were directly affected- YES/NO? --- On Sun, 3/29/09, Ken Gilmour ken.gilm...@gmail.com wrote: From: Ken Gilmour ken.gilm...@gmail.com Subject: Re: Fiber cut on Irish Sea To: isabeldi...@yahoo.com Cc: nanog@nanog.org Date: Sunday, March 29, 2009, 5:04 PM We received the report from Packet Exchange, however they are not the owners of the cable. I assume they just rent spectrum. 2009/3/29 isabel dias isabeldi...@yahoo.com: affecting whom? and who's network? --- On Sun, 3/29/09, Ken Gilmour ken.gilm...@gmail.com wrote: From: Ken Gilmour ken.gilm...@gmail.com Subject: Fiber cut on Irish Sea To: nanog@nanog.org Date: Sunday, March 29, 2009, 4:55 PM Hi There, Since we use a vendor of the vendor of two Irish sea submarine cables I am wondering if anyone has first hand information on the fiber cut this morning? Does anyone have a status update on what is happening? I am getting some Chinese whispers going on here. Thanks! Ken
Re: Fiber cut on Irish Sea
Hi, This has been fixed now. I will follow up directly with PE for an RFO. Thanks for your help on and off list. Regards, Ken 2009/3/29 isabel dias isabeldi...@yahoo.com: Are you able to provide historical information on the incident/outgae you have experienced? Are you able to provide an egress and/or igress traffic coming in and out of your network to make sure your traffic was crossing that transmission path? I guess you must have visibility of planned work or outage notification if anything happen and you were directly affected- YES/NO? --- On Sun, 3/29/09, Ken Gilmour ken.gilm...@gmail.com wrote: From: Ken Gilmour ken.gilm...@gmail.com Subject: Re: Fiber cut on Irish Sea To: isabeldi...@yahoo.com Cc: nanog@nanog.org Date: Sunday, March 29, 2009, 5:04 PM We received the report from Packet Exchange, however they are not the owners of the cable. I assume they just rent spectrum. 2009/3/29 isabel dias isabeldi...@yahoo.com: affecting whom? and who's network? --- On Sun, 3/29/09, Ken Gilmour ken.gilm...@gmail.com wrote: From: Ken Gilmour ken.gilm...@gmail.com Subject: Fiber cut on Irish Sea To: nanog@nanog.org Date: Sunday, March 29, 2009, 4:55 PM Hi There, Since we use a vendor of the vendor of two Irish sea submarine cables I am wondering if anyone has first hand information on the fiber cut this morning? Does anyone have a status update on what is happening? I am getting some Chinese whispers going on here. Thanks! Ken
Re: Fiber cut on Irish Sea
2009/3/29 Justin M. Streiner strei...@cluebyfour.org: On Sun, 29 Mar 2009, Ken Gilmour wrote: This has been fixed now. I will follow up directly with PE for an RFO. If it was repaired that quickly it was probably not a cut or a 'wet' failure but maybe something like an electronics failure in a landing station or something similar. jms Hi Justin, It happened at 8:00AM Irish time (which is about 2:00 AM My time) I didn't get in to the office and notice the mail until 6 hours after it happened (In Central America) so it took about 7 hours and 30 minutes to fix. PE also reported that the problem started at 8:00 AM on the 29th and was repaired at 9:05 (no AM or PM) on the 26th (yes, three days in the past). I don't think their timing procedure is functioning correctly. Regards, Ken
RE: Fiber cut on Irish Sea
PE also reported that the problem started at 8:00 AM on the 29th and was repaired at 9:05 (no AM or PM) on the 26th (yes, three days in the past) Hey!?!?!? Where'd they get a time machine! lol, j/k You mean 26th at 8am to the 29th 9:05 M-less? regards -Original Message- From: Ken Gilmour [mailto:ken.gilm...@gmail.com] Sent: Sunday, March 29, 2009 1:11 PM To: Justin M. Streiner Cc: nanog@nanog.org Subject: Re: Fiber cut on Irish Sea 2009/3/29 Justin M. Streiner strei...@cluebyfour.org: On Sun, 29 Mar 2009, Ken Gilmour wrote: This has been fixed now. I will follow up directly with PE for an RFO. If it was repaired that quickly it was probably not a cut or a 'wet' failure but maybe something like an electronics failure in a landing station or something similar.
Re: Fiber cut on Irish Sea
2009/3/29 Joe Blanchard jbfixu...@gmail.com: Hey!?!?!? Where'd they get a time machine! lol, j/k You mean 26th at 8am to the 29th 9:05 M-less? I just received the corrected time: 02:58 BST to 09:03 BST. Regards, Ken
cnn.com - Vast Spy System Loots Computers in 103 Countries
I hope that today's cnn.com article cited below meets the criteria of sufficient Internet operational and technical issues pursuant to NANOG AUP criteria #1 http://www.nytimes.com/2009/03/29/technology/29spy.html?_r=2hp Tony Patti CIO S. Walter Packaging Corp. t...@swalter.com March 29, 2009 Vast Spy System Loots Computers in 103 Countries By JOHN MARKOFF TORONTO - A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded. In a report to be issued this weekend, the researchers said that the system was being controlled from computers based almost exclusively in China, but that they could not say conclusively that the Chinese government was involved. The researchers, who are based at the Munk Center for International Studies at the University of Toronto, had been asked by the office of the Dalai Lama, the exiled Tibetan leader whom China regularly denounces, to examine its computers for signs of malicious software, or malware. Their sleuthing opened a window into a broader operation that, in less than two years, has infiltrated at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama's Tibetan exile centers in India, Brussels, London and New York. The researchers, who have a record of detecting computer espionage, said they believed that in addition to the spying on the Dalai Lama, the system, which they called GhostNet, was focused on the governments of South Asian and Southeast Asian countries. Intelligence analysts say many governments, including those of China, Russia and the United States, and other parties use sophisticated computer programs to covertly gather information. The newly reported spying operation is by far the largest to come to light in terms of countries affected. This is also believed to be the first time researchers have been able to expose the workings of a computer system used in an intrusion of this magnitude. Still going strong, the operation continues to invade and monitor more than a dozen new computers a week, the researchers said in their report, Tracking 'GhostNet': Investigating a Cyber Espionage Network. They said they had found no evidence that United States government offices had been infiltrated, although a NATO computer was monitored by the spies for half a day and computers of the Indian Embassy in Washington were infiltrated. The malware is remarkable both for its sweep - in computer jargon, it has not been merely phishing for random consumers' information, but whaling for particular important targets - and for its Big Brother-style capacities. It can, for example, turn on the camera and audio-recording functions of an infected computer, enabling monitors to see and hear what goes on in a room. The investigators say they do not know if this facet has been employed. The researchers were able to monitor the commands given to infected computers and to see the names of documents retrieved by the spies, but in most cases the contents of the stolen files have not been determined. Working with the Tibetans, however, the researchers found that specific correspondence had been stolen and that the intruders had gained control of the electronic mail server computers of the Dalai Lama's organization. The electronic spy game has had at least some real-world impact, they said. For example, they said, after an e-mail invitation was sent by the Dalai Lama's office to a foreign diplomat, the Chinese government made a call to the diplomat discouraging a visit. And a woman working for a group making Internet contacts between Tibetan exiles and Chinese citizens was stopped by Chinese intelligence officers on her way back to Tibet, shown transcripts of her online conversations and warned to stop her political activities. The Toronto researchers said they had notified international law enforcement agencies of the spying operation, which in their view exposed basic shortcomings in the legal structure of cyberspace. The F.B.I. declined to comment on the operation. Although the Canadian researchers said that most of the computers behind the spying were in China, they cautioned against concluding that China's government was involved. The spying could be a nonstate, for-profit operation, for example, or one run by private citizens in China known as patriotic hackers. We're a bit more careful about it, knowing the nuance of what happens in the subterranean realms, said Ronald J. Deibert, a member of the research group and an associate professor of political science at Munk. This could well be the C.I.A. or the Russians. It's a murky realm that we're lifting the lid on. A spokesman for the Chinese Consulate in New York dismissed the idea that China was involved. These are old stories and they are nonsense, the
Re: Fiber cut on Irish Sea
ken, who#39;s fiber on the ground was it after all? Roderick Beck wrote: Probably Global Crossing. A very strong wager. -R. --Original Message-- From: Ken Gilmour To: isabeldi...@yahoo.com Cc: nanog@nanog.org Subject: Re: Fiber cut on Irish Sea Sent: 29 Mar 2009 16:04 We received the report from Packet Exchange, however they are not the owners of the cable. I assume they just rent spectrum. 2009/3/29 isabel dias isabeldi...@yahoo.com: affecting whom? and who's network? --- On Sun, 3/29/09, Ken Gilmour ken.gilm...@gmail.com wrote: From: Ken Gilmour ken.gilm...@gmail.com Subject: Fiber cut on Irish Sea To: nanog@nanog.org Date: Sunday, March 29, 2009, 4:55 PM Hi There, Since we use a vendor of the vendor of two Irish sea submarine cables I am wondering if anyone has first hand information on the fiber cut this morning? Does anyone have a status update on what is happening? I am getting some Chinese whispers going on here. Thanks! Ken Sent wirelessly via BlackBerry from T-Mobile.
Re: Fiber cut on Irish Sea
Hi Isabel, It hasn't been confirmed to me yet but some people have mentioned that it is most likely to belong to Global Crossing. Regards, Ken 2009/3/29 isabel dias isabeldi...@yahoo.com: ken, who's fiber on the ground was it after all? Roderick Beck wrote: Probably Global Crossing. A very strong wager. -R. --Original Message-- From: Ken Gilmour To: isabeldi...@yahoo.com Cc: nanog@nanog.org Subject: Re: Fiber cut on Irish Sea Sent: 29 Mar 2009 16:04 We received the report from Packet Exchange, however they are not the owners of the cable. I assume they just rent spectrum. 2009/3/29 isabel dias isabeldi...@yahoo.com: affecting whom? and who's network? --- On Sun, 3/29/09, Ken Gilmour ken.gilm...@gmail.com wrote: From: Ken Gilmour ken.gilm...@gmail.com Subject: Fiber cut on Irish Sea To: nanog@nanog.org Date: Sunday, March 29, 2009, 4:55 PM Hi There, Since we use a vendor of the vendor of two Irish sea submarine cables I am wondering if anyone has first hand information on the fiber cut this morning? Does anyone have a status update on what is happening? I am getting some Chinese whispers going on here. Thanks! Ken Sent wirelessly via BlackBerry from T-Mobile.
The Confiker Virus.
Anyone have a copy of this? Would like to analyze it and understand its propagation. Thanks -Joe
RE: The Confiker Virus.
Visit the authority: http://www.confickerworkinggroup.org/wiki/ -Original Message- From: Joe Blanchard [mailto:jbfixu...@gmail.com] Sent: Sunday, March 29, 2009 4:43 PM To: nanog@nanog.org Subject: The Confiker Virus. Anyone have a copy of this? Would like to analyze it and understand its propagation. Thanks -Joe
RE: The Confiker Virus.
SRI has a detailed analysis of conflicker at http://mtc.sri.com/Conficker/ Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 -Original Message- From: Joe Blanchard [mailto:jbfixu...@gmail.com] Sent: Sunday, March 29, 2009 7:43 PM To: nanog@nanog.org Subject: The Confiker Virus. Anyone have a copy of this? Would like to analyze it and understand its propagation. Thanks -Joe
RE: The Confiker Virus.
Thanks, the only thing is that these, like most, websites are very vague about the mechanics behind the infiltration. Thus the reason why I asked about finding some source code/example code. Its pretty nice that these folks (symantics/trend) offer free help regarding these items, but the facts (TCP/UDP ports, DNS poisioning methods) are buried doesn't help much. Perhaps I am missing something though. Regards -Original Message- From: Barry Raveendran Greene [mailto:bgre...@senki.org] Sent: Sunday, March 29, 2009 7:48 PM To: 'Joe Blanchard'; nanog@nanog.org Subject: RE: The Confiker Virus.
Re: The Confiker Virus.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Mar 29, 2009 at 4:54 PM, Matthew Huff mh...@ox.com wrote: SRI has a detailed analysis of conflicker at http://mtc.sri.com/Conficker/ The most relevant section the Conficker.C addendum -- this has been driving the April 1st hype. http://mtc.sri.com/Conficker/addendumC/index.html FYI, - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFJ0A4Uq1pz9mNUZTMRAlJbAJ9g8PgK+ttTz193mUTRzxhdN47QgQCdEASn hKy+B8H9BHprgaVpFKGIv0I= =RSKj -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
RE: The Confiker Virus.
Joe said earlier today: Thanks, the only thing is that these, like most, websites are very vague about the mechanics behind the infiltration Joe, the SRI report would be right up your alley as it is the most technical in its analysis of the variants A and B as well as an explanation of the algorithm it uses to determine domain names for future use of some kind. http://mtc.sri.com/Conficker/ Sincerely, Richard Golodner
Oddly, this has been a complaint
Not that I care one way or another, but since I've gotten 20+ complaints. going to www.whitehouse.org yields something else. I know I know, perhaps old news. Should I just redirect or is our DNS corrupt? Darn it Thanks in advance
Re: Oddly, this has been a complaint
On Sun, 29 Mar 2009 23:43:47 -0400 Joe Blanchard jbfixu...@gmail.com wrote: Not that I care one way or another, but since I've gotten 20+ complaints. going to www.whitehouse.org yields something else. I know I know, perhaps old news. Should I just redirect or is our DNS corrupt? Should your users perhaps be going to whitehouse.gov? --Steve Bellovin, http://www.cs.columbia.edu/~smb
RE: Oddly, this has been a complaint
Opps my bad sorry for the static. gov/org I should have seen that. Sorry again.
Re: Oddly, this has been a complaint
On Sun, 29 Mar 2009, Jay Hennigan wrote: And some of us who have been around for a while can attest with some certainty that whitehouse.gov DEFINITELY doesn't equal whitehouse.com . :-) Oh I don't know...what about during the Clinton years? -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_