Re: Level 3 voice outage
Level 3 has issues nationwide today. We have voice outages at our offices in multiple cities, Chicago and out west. On Tue, Oct 4, 2016 at 11:01 AM, Mark Stevenswrote: > Is anyone noticing issue with Level 3 voice? I can't even call their 800 > number using one of my other carriers. > > Mark >
Re: Comcast New England dropped for 5-15 min? Anyone
On Tue, Feb 10, 2015 at 7:27 PM, Andrey Khomyakov khomyakov.and...@gmail.com wrote: Hey, anyone had problems just now? My team and I at homes lost internet access for about 10 min. I also had many sites drop off. Still digging, but maybe trouble upstream? I'm in 50.133.128.0/17 at home. You were only out for 10-15 minutes? More like an hour in New Hampshire. traceroutes would die out in Needham, Woburn, or whatever 4.68.127.229 is.
Re: NAT IP and Google
If at all possible, consider using a NAT pool instead of translating all outbound web traffic to a single IP address. When I ran Tribune's network (with about 15K internal client IPs), we were blacklisted by Google several times due to high query volumes. In the end I built a pair of /24 NAT pools, so for example all internal 10.x.y.124 addresses are translated to kevin.nat.trb.com. In my experience, Google does temporary blacklisting based both on rate and also for certain types of queries; you can reduce your chance of a ban by using a smart proxy to rate-limit or deny certain types of query, or to choose the source address based on the URL requested, basically have a low risk and a high risk source address.
Re: events
On Fri, Sep 30, 2011 at 2:44 PM, Ukpong Ukpong ukpong.ukp...@gmail.com wrote: Have you tried qradar? It's rather good I've used Splunk and QRadar; both are available as free VMware appliances with limitations on log volume, sufficient for testing. Or if you're mostly looking at webserver/proxy/firewall logs, Sawmill is worth checking out. I've also been looking into using Lancope's replicator to take in syslog UDP and send copies to multiple loggers, since some appliances only support a single syslog destination. Kevin
Re: Techniques for passive traffic capturing
We started out with SPAN ports, then moved on to Netoptics taps. Lately we've been using a combination of Cisco Netflow (from remote routers), and native Argus flows (from local taps) where we need more details. Flows are useful to answer What happened X minutes/hours/days ago?, and where you do not need/want to capture full packet bodies (though with Argus you can choose whether to include payload data). http://qosient.com/argus/