Re: Level 3 voice outage

2016-10-04 Thread Kevin Kadow 
Level 3 has issues nationwide today.  We have voice outages at our offices
in multiple cities, Chicago and out west.

On Tue, Oct 4, 2016 at 11:01 AM, Mark Stevens  wrote:

> Is anyone noticing issue with Level 3 voice? I can't even call their 800
> number using one of my other carriers.
>
> Mark
>

Re: Comcast New England dropped for 5-15 min? Anyone

2015-02-10 Thread Kevin Kadow 
On Tue, Feb 10, 2015 at 7:27 PM, Andrey Khomyakov 
khomyakov.and...@gmail.com wrote:

 Hey, anyone had problems just now? My team and I at homes lost internet
 access for about 10 min. I also had many sites drop off. Still digging, but
 maybe trouble upstream? I'm in 50.133.128.0/17 at home.


You were only out for 10-15 minutes?  More like an hour in New Hampshire.

traceroutes would die out in Needham, Woburn, or  whatever 4.68.127.229 is.

Re: NAT IP and Google

2014-05-20 Thread Kevin Kadow 
If at all possible, consider using a NAT pool instead of translating
all outbound web traffic to a single IP address.   When I ran
Tribune's network (with about 15K internal client IPs), we were
blacklisted by Google several times due to high query volumes.  In the
end I built a pair of /24 NAT pools, so for example all internal
10.x.y.124 addresses are translated to kevin.nat.trb.com.

In my experience, Google does temporary blacklisting based both on
rate and also for certain types of queries; you can reduce your chance
of a ban by using a smart proxy to rate-limit or deny certain types of
query, or to choose the source address based on the URL requested,
basically have a low risk and a high risk source address.

Re: events

2011-09-30 Thread Kevin Kadow 
On Fri, Sep 30, 2011 at 2:44 PM, Ukpong Ukpong ukpong.ukp...@gmail.com wrote:
 Have you tried qradar? It's rather good

I've used  Splunk and QRadar;  both are available as free VMware
appliances with limitations on log volume, sufficient for testing.  Or
if you're mostly looking at webserver/proxy/firewall logs, Sawmill is
worth checking out.

I've also been looking into using Lancope's replicator to take in
syslog UDP and send copies to multiple loggers, since some appliances
only support a single syslog destination.

Kevin

Re: Techniques for passive traffic capturing

2008-06-23 Thread Kevin Kadow 
We started out with SPAN ports, then moved on to Netoptics taps.

Lately we've been using a combination of Cisco Netflow (from remote routers),
and native Argus flows (from local taps) where we need more details.

Flows are useful to answer What happened X minutes/hours/days ago?,
and where you do not need/want to capture full packet bodies
(though with Argus you can choose whether to include payload data).

http://qosient.com/argus/