date:20161022

Re: [AFMUG] 48v or 24v cat-5 injector to 12v

2016-10-22 Thread Rory Conaway

I need to put watchdog from the switches on cable modems and the AC units were 
too large or couldn’t handle the heat.

Rory

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Chuck McCown
Sent: Saturday, October 22, 2016 10:14 PM
To: af@afmug.com
Subject: Re: [AFMUG] 48v or 24v cat-5 injector to 12v

I was doing something similar but the regulator chip that I used has been made 
EOL by the manufacturer.  They have a lower voltage version but the one that 
will go to 60 VDC in is no longer available.  I was powering Calix 844E routers 
from POE that originated outside the house.

From: Rory Conaway
Sent: Saturday, October 22, 2016 11:07 PM
To: af@afmug.com
Subject: Re: [AFMUG] 48v or 24v cat-5 injector to 12v

That is awesome.  Thanks.

Rory

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Faisal Imtiaz
Sent: Saturday, October 22, 2016 8:33 PM
To: af@afmug.com
Subject: Re: [AFMUG] 48v or 24v cat-5 injector to 12v

I believe this is what you are looking for.

https://www.shireeninc.com/osc/cat5-power-extractor-module

Regards

Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232

Help-desk: (305)663-5518 Option 2 or Email: 
supp...@snappytelecom.net

From: "Rory Conaway" >
To: af@afmug.com
Sent: Saturday, October 22, 2016 9:38:54 PM
Subject: [AFMUG] 48v or 24v cat-5 injector to 12v
I know I can make them, just didn’t know if anything existed like this.  I want 
to go from a Cat-5 to a barrel connection with an output of 12v.  I’m got some 
PoE injectors but then I still have to step them down from 24 to 12v.  Just 
wondered if there was something like his already made.

Rory Conaway • Triad Wireless • CEO
4226 S. 37th Street • Phoenix • AZ 85040
602-426-0542
r...@triadwireless.net
www.triadwireless.net

“The other teams could make trouble for us if they win.” — Yogi Berra

Re: [AFMUG] 48v or 24v cat-5 injector to 12v

2016-10-22 Thread Chuck McCown

I was doing something similar but the regulator chip that I used has been made 
EOL by the manufacturer.  They have a lower voltage version but the one that 
will go to 60 VDC in is no longer available.  I was powering Calix 844E routers 
from POE that originated outside the house.  

From: Rory Conaway 
Sent: Saturday, October 22, 2016 11:07 PM
To: af@afmug.com 
Subject: Re: [AFMUG] 48v or 24v cat-5 injector to 12v

That is awesome.  Thanks.

Rory

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Faisal Imtiaz
Sent: Saturday, October 22, 2016 8:33 PM
To: af@afmug.com
Subject: Re: [AFMUG] 48v or 24v cat-5 injector to 12v

I believe this is what you are looking for.

https://www.shireeninc.com/osc/cat5-power-extractor-module

Regards

Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net

  From: "Rory Conaway" 
  To: af@afmug.com
  Sent: Saturday, October 22, 2016 9:38:54 PM
  Subject: [AFMUG] 48v or 24v cat-5 injector to 12v

  I know I can make them, just didn’t know if anything existed like this.  I 
want to go from a Cat-5 to a barrel connection with an output of 12v.  I’m got 
some PoE injectors but then I still have to step them down from 24 to 12v.  
Just wondered if there was something like his already made.

  Rory Conaway • Triad Wireless • CEO

  4226 S. 37th Street • Phoenix • AZ 85040

  602-426-0542

  r...@triadwireless.net

  www.triadwireless.net

  “The other teams could make trouble for us if they win.” — Yogi Berra

Re: [AFMUG] 48v or 24v cat-5 injector to 12v

2016-10-22 Thread Rory Conaway

That is awesome.  Thanks.

Rory

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Faisal Imtiaz
Sent: Saturday, October 22, 2016 8:33 PM
To: af@afmug.com
Subject: Re: [AFMUG] 48v or 24v cat-5 injector to 12v

I believe this is what you are looking for.

https://www.shireeninc.com/osc/cat5-power-extractor-module

Regards

Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232

Help-desk: (305)663-5518 Option 2 or Email: 
supp...@snappytelecom.net

From: "Rory Conaway" >
To: af@afmug.com
Sent: Saturday, October 22, 2016 9:38:54 PM
Subject: [AFMUG] 48v or 24v cat-5 injector to 12v
I know I can make them, just didn’t know if anything existed like this.  I want 
to go from a Cat-5 to a barrel connection with an output of 12v.  I’m got some 
PoE injectors but then I still have to step them down from 24 to 12v.  Just 
wondered if there was something like his already made.

Rory Conaway • Triad Wireless • CEO
4226 S. 37th Street • Phoenix • AZ 85040
602-426-0542
r...@triadwireless.net
www.triadwireless.net

“The other teams could make trouble for us if they win.” — Yogi Berra

Re: [AFMUG] Iptv

2016-10-22 Thread Chuck McCown

I am starting to think the business case is slowly evaporating for IPTV.  

I have Sling TV and Sony Playstation Vue at home along with my TIVO.  There is 
little doubt the OTT providers have the best value but the interface and 
remotes still leave something to be desired.  

My IPTV solution requires VPN, preferably VLAN to the headend and it uses 
plenty of bandwidth.  There is little margin in it and it is losing its ability 
to compete with OTT.  Plus, if it has problems you get the black eye.  
From: Josh Reynolds 
Sent: Saturday, October 22, 2016 3:08 PM
To: af@afmug.com 
Subject: Re: [AFMUG] Iptv

You're not likely to run a full IPTV stack as a wisp. There's not enough 
bandwidth. For a fiber co, its great.

Chuck has/had a thing he was looking at that works like Netflix as far as how 
it streams that MIGHT work for SOME WISPs.


On Oct 22, 2016 3:44 PM, "CBB - Jay Fuller"  wrote:


  On a quick vacation to the beach.condo has centurylink prismwhich I 
assume is pretty similar to att uversewhich is iptv all over again.

  I like how quick the channel changespretty good picture (in hd if you 
select hd from the sd channel number)

  Box is wifi...with an hdmi output

  Is this the type iptv product us wisps should be selling?  Especially if we 
move into fiber?

  Without googling itis this multicast or unicast?

  I may go Google it next Alabama football commercial breaklol 








  Sent from my Verizon 4G LTE Smartphone

Re: [AFMUG] 48v or 24v cat-5 injector to 12v

2016-10-22 Thread Faisal Imtiaz

I believe this is what you are looking for. 

https://www.shireeninc.com/osc/cat5-power-extractor-module 

Regards 

Faisal Imtiaz 
Snappy Internet & Telecom 
7266 SW 48 Street 
Miami, FL 33155 
Tel: 305 663 5518 x 232 

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net 

> From: "Rory Conaway" 
> To: af@afmug.com
> Sent: Saturday, October 22, 2016 9:38:54 PM
> Subject: [AFMUG] 48v or 24v cat-5 injector to 12v

> I know I can make them, just didn’t know if anything existed like this. I want
> to go from a Cat-5 to a barrel connection with an output of 12v. I’m got some
> PoE injectors but then I still have to step them down from 24 to 12v. Just
> wondered if there was something like his already made.

> Rory Conaway • Triad Wireless • CEO

> 4226 S. 37 th Street • Phoenix • AZ 85040

> 602-426-0542

> r...@triadwireless.net

> www.triadwireless.net

> “The other teams could make trouble for us if they win.” — Yogi Berra

Re: [AFMUG] Iptv

2016-10-22 Thread CBB - Jay Fuller

does anyone record the home shopping network?  lol

  - Original Message - 
  From: Ken Hohhof 
  To: af@afmug.com 
  Sent: Saturday, October 22, 2016 9:33 PM
  Subject: Re: [AFMUG] Iptv

  And my wife records the rest.

  From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mike Hammett
  Sent: Saturday, October 22, 2016 9:08 PM
  To: af@afmug.com
  Subject: Re: [AFMUG] Iptv

  Right, that's where I was going. There's only so much content that people 
record.

  -
  Mike Hammett
  Intelligent Computing Solutions

  Midwest Internet Exchange

  The Brothers WISP

--

  From: "Josh Reynolds" 
  To: af@afmug.com
  Sent: Saturday, October 22, 2016 9:00:10 PM
  Subject: Re: [AFMUG] Iptv

  Most users are recording the same stuff as others. Yes, this one used dedupe.

  Single download is nice.

  On Oct 22, 2016 6:14 PM, "Mike Hammett"  wrote:

Without deduplication?

-
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP

From: "Paul Stewart" 
To: af@afmug.com
Sent: Saturday, October 22, 2016 6:13:18 PM
Subject: Re: [AFMUG] Iptv

That’s pretty small for cloud DVR depending on what you are offering 
(storage per sub) and other features…

Typical systems I have seen are in PB levels …. 1-2 to start, 4-5PB of 
storage to grow

  On Oct 22, 2016, at 6:16 PM, Josh Reynolds  wrote:

  Yes. I think the one we were about to put in when I left NDF was around 
120TB

  On Oct 22, 2016 4:15 PM, "CBB - Jay Fuller"  
wrote:

cloud dvr stored somewhere in the central office here or something?  i 
guess?

  - Original Message - 

  From: Josh Reynolds 

  To: af@afmug.com 

  Sent: Saturday, October 22, 2016 4:06 PM

  Subject: Re: [AFMUG] Iptv

  Multicast bulk channels, unicast for on-demand or cloud DVR.

  On Oct 22, 2016 3:44 PM, "CBB - Jay Fuller" 
 wrote:

On a quick vacation to the beach.condo has centurylink 
prismwhich I assume is pretty similar to att uversewhich is iptv all 
over again.

I like how quick the channel changespretty good picture (in hd 
if you select hd from the sd channel number)

Box is wifi...with an hdmi output

Is this the type iptv product us wisps should be selling?  
Especially if we move into fiber?

Without googling itis this multicast or unicast?

I may go Google it next Alabama football commercial breaklol 

Sent from my Verizon 4G LTE Smartphone

Re: [AFMUG] Iptv

2016-10-22 Thread Ken Hohhof

And my wife records the rest.

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mike Hammett
Sent: Saturday, October 22, 2016 9:08 PM
To: af@afmug.com
Subject: Re: [AFMUG] Iptv

Right, that's where I was going. There's only so much content that people 
record.

-
Mike Hammett
  Intelligent Computing Solutions

  Midwest Internet Exchange

  The Brothers WISP

  _  

From: "Josh Reynolds"  >
To: af@afmug.com  
Sent: Saturday, October 22, 2016 9:00:10 PM
Subject: Re: [AFMUG] Iptv

Most users are recording the same stuff as others. Yes, this one used dedupe.

Single download is nice.

On Oct 22, 2016 6:14 PM, "Mike Hammett"  > wrote:

Without deduplication?

-
Mike Hammett
  Intelligent Computing Solutions

  Midwest Internet Exchange

  The Brothers WISP

  _  

From: "Paul Stewart"  >
To: af@afmug.com  
Sent: Saturday, October 22, 2016 6:13:18 PM
Subject: Re: [AFMUG] Iptv

That’s pretty small for cloud DVR depending on what you are offering (storage 
per sub) and other features…

Typical systems I have seen are in PB levels …. 1-2 to start, 4-5PB of storage 
to grow

On Oct 22, 2016, at 6:16 PM, Josh Reynolds  > wrote:

Yes. I think the one we were about to put in when I left NDF was around 120TB

On Oct 22, 2016 4:15 PM, "CBB - Jay Fuller"  > wrote:

cloud dvr stored somewhere in the central office here or something?  i guess?

- Original Message - 

From: Josh Reynolds   

To: af@afmug.com   

Sent: Saturday, October 22, 2016 4:06 PM

Subject: Re: [AFMUG] Iptv

Multicast bulk channels, unicast for on-demand or cloud DVR.

On Oct 22, 2016 3:44 PM, "CBB - Jay Fuller"  > wrote:

On a quick vacation to the beach.condo has centurylink prismwhich I 
assume is pretty similar to att uversewhich is iptv all over again.

I like how quick the channel changespretty good picture (in hd if you 
select hd from the sd channel number)

Box is wifi...with an hdmi output

Is this the type iptv product us wisps should be selling?  Especially if we 
move into fiber?

Without googling itis this multicast or unicast?

I may go Google it next Alabama football commercial breaklol 

Sent from my Verizon 4G LTE Smartphone

Re: [AFMUG] Iptv

2016-10-22 Thread Mike Hammett

Right, that's where I was going. There's only so much content that people 
record. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Josh Reynolds"  
To: af@afmug.com 
Sent: Saturday, October 22, 2016 9:00:10 PM 
Subject: Re: [AFMUG] Iptv 


Most users are recording the same stuff as others. Yes, this one used dedupe. 
Single download is nice. 


On Oct 22, 2016 6:14 PM, "Mike Hammett" < af...@ics-il.net > wrote: 




Without deduplication? 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 






From: "Paul Stewart" < p...@paulstewart.org > 
To: af@afmug.com 
Sent: Saturday, October 22, 2016 6:13:18 PM 
Subject: Re: [AFMUG] Iptv 

That’s pretty small for cloud DVR depending on what you are offering (storage 
per sub) and other features… 


Typical systems I have seen are in PB levels …. 1-2 to start, 4-5PB of storage 
to grow 





On Oct 22, 2016, at 6:16 PM, Josh Reynolds < j...@kyneticwifi.com > wrote: 


Yes. I think the one we were about to put in when I left NDF was around 120TB 


On Oct 22, 2016 4:15 PM, "CBB - Jay Fuller" < par...@cyberbroadband.net > 
wrote: 





cloud dvr stored somewhere in the central office here or something? i guess? 



- Original Message - 
From: Josh Reynolds 
To: af@afmug.com 
Sent: Saturday, October 22, 2016 4:06 PM 
Subject: Re: [AFMUG] Iptv 


Multicast bulk channels, unicast for on-demand or cloud DVR. 


On Oct 22, 2016 3:44 PM, "CBB - Jay Fuller" < par...@cyberbroadband.net > 
wrote: 







On a quick vacation to the beach.condo has centurylink prismwhich I 
assume is pretty similar to att uversewhich is iptv all over again. 


I like how quick the channel changespretty good picture (in hd if you 
select hd from the sd channel number) 


Box is wifi...with an hdmi output 


Is this the type iptv product us wisps should be selling? Especially if we move 
into fiber? 


Without googling itis this multicast or unicast? 


I may go Google it next Alabama football commercial breaklol 
















Sent from my Verizon 4G LTE Smartphone

Re: [AFMUG] Iptv

2016-10-22 Thread Josh Reynolds

Most users are recording the same stuff as others. Yes, this one used
dedupe.

Single download is nice.

On Oct 22, 2016 6:14 PM, "Mike Hammett"  wrote:

> Without deduplication?
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions 
> 
> 
> 
> 
> Midwest Internet Exchange 
> 
> 
> 
> The Brothers WISP 
> 
>
>
> 
> --
> *From: *"Paul Stewart" 
> *To: *af@afmug.com
> *Sent: *Saturday, October 22, 2016 6:13:18 PM
> *Subject: *Re: [AFMUG] Iptv
>
> That’s pretty small for cloud DVR depending on what you are offering
> (storage per sub) and other features…
>
> Typical systems I have seen are in PB levels …. 1-2 to start, 4-5PB of
> storage to grow
>
> On Oct 22, 2016, at 6:16 PM, Josh Reynolds  wrote:
>
> Yes. I think the one we were about to put in when I left NDF was around
> 120TB
>
> On Oct 22, 2016 4:15 PM, "CBB - Jay Fuller" 
> wrote:
>
>>
>> cloud dvr stored somewhere in the central office here or something?  i
>> guess?
>>
>>
>> - Original Message -
>> *From:* Josh Reynolds 
>> *To:* af@afmug.com
>> *Sent:* Saturday, October 22, 2016 4:06 PM
>> *Subject:* Re: [AFMUG] Iptv
>>
>> Multicast bulk channels, unicast for on-demand or cloud DVR.
>>
>> On Oct 22, 2016 3:44 PM, "CBB - Jay Fuller" 
>> wrote:
>>
>>>
>>> On a quick vacation to the beach.condo has centurylink
>>> prismwhich I assume is pretty similar to att uversewhich is iptv
>>> all over again.
>>>
>>> I like how quick the channel changespretty good picture (in hd if
>>> you select hd from the sd channel number)
>>>
>>> Box is wifi...with an hdmi output
>>>
>>> Is this the type iptv product us wisps should be selling?  Especially if
>>> we move into fiber?
>>>
>>> Without googling itis this multicast or unicast?
>>>
>>> I may go Google it next Alabama football commercial breaklol
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Sent from my Verizon 4G LTE Smartphone
>>>
>>>
>
>

[AFMUG] bad WiFi joke

2016-10-22 Thread Rory Conaway

THE CONFESSION
Hi Bob, This is Alan next door.
I have a confession to make. I've been riddled with guilt these past few months 
and have been trying to pluck up the courage to tell you to your face, but I am 
at least now telling you in text as I can't live with myself a moment longer 
without you knowing.

The truth is I have been sharing your wife, day and night when you're not 
around. In fact, probably more than you. I haven't been getting it at home 
recently, but that's no excuse, I know.  The temptation was just too much. I 
can no longer live with the guilt and I hope you will accept my sincerest 
apologies and forgive me. It won't happen again.
Please suggest a fee for usage, and I'll pay you.
Regards, Alan.

THE ACTIONS
Bob, feeling insulted and betrayed, grabbed his gun, and shot his neighbor 
dead. He returned home where he poured himself a stiff drink and sat down on 
the sofa. He took out his phone where he saw he has a subsequent message from 
his neighbor:
THE SECOND MESSAGE
Hi Bob, This is Alan next door again. Sorry about the typo on my last text.  I 
expect you figured it out anyway, & that you noticed that darned Autocorrect 
changed 'Wi-Fi' To 'Wife'. Technology hey?
Regards, Alan.

Rory

[AFMUG] 48v or 24v cat-5 injector to 12v

2016-10-22 Thread Rory Conaway

I know I can make them, just didn't know if anything existed like this.  I want 
to go from a Cat-5 to a barrel connection with an output of 12v.  I'm got some 
PoE injectors but then I still have to step them down from 24 to 12v.  Just 
wondered if there was something like his already made.

Rory Conaway * Triad Wireless * CEO
4226 S. 37th Street * Phoenix * AZ 85040
602-426-0542
r...@triadwireless.net
www.triadwireless.net

"The other teams could make trouble for us if they win." - Yogi Berra

Re: [AFMUG] Iptv

2016-10-22 Thread Christopher Gray

It always seemed to me that a combination of cloud and on-site DVR would be
ideal for a WISP. Data would be stored in the cloud DVR at the initial
request, and then it would sync with the on-site DVR during off-peak hours
or as low priority traffic.


On Sat, Oct 22, 2016 at 7:13 PM, Paul Stewart  wrote:

> That’s pretty small for cloud DVR depending on what you are offering
> (storage per sub) and other features…
>
> Typical systems I have seen are in PB levels …. 1-2 to start, 4-5PB of
> storage to grow
>
> On Oct 22, 2016, at 6:16 PM, Josh Reynolds  wrote:
>
> Yes. I think the one we were about to put in when I left NDF was around
> 120TB
>
> On Oct 22, 2016 4:15 PM, "CBB - Jay Fuller" 
> wrote:
>
>>
>> cloud dvr stored somewhere in the central office here or something?  i
>> guess?
>>
>>
>> - Original Message -
>> *From:* Josh Reynolds 
>> *To:* af@afmug.com
>> *Sent:* Saturday, October 22, 2016 4:06 PM
>> *Subject:* Re: [AFMUG] Iptv
>>
>> Multicast bulk channels, unicast for on-demand or cloud DVR.
>>
>> On Oct 22, 2016 3:44 PM, "CBB - Jay Fuller" 
>> wrote:
>>
>>>
>>> On a quick vacation to the beach.condo has centurylink
>>> prismwhich I assume is pretty similar to att uversewhich is iptv
>>> all over again.
>>>
>>> I like how quick the channel changespretty good picture (in hd if
>>> you select hd from the sd channel number)
>>>
>>> Box is wifi...with an hdmi output
>>>
>>> Is this the type iptv product us wisps should be selling?  Especially if
>>> we move into fiber?
>>>
>>> Without googling itis this multicast or unicast?
>>>
>>> I may go Google it next Alabama football commercial breaklol
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Sent from my Verizon 4G LTE Smartphone
>>>
>>>
>

Re: [AFMUG] Baicells 3.65 versus 900 450i

2016-10-22 Thread That One Guy /sarcasm

uh oh

On Sat, Oct 22, 2016 at 7:21 PM, Josh Corson 
wrote:

> All,
>
> Reviewing info on Baicells it seems like a good argument to compare
> the two platforms. Before we invest in more 450i equipment I wanted to
> get the take on Baicells LTE 3.65 gear.
>
> The LTE is higher in capacity versus the 900 and
> in some instances it seems like 3.65 is doing well in NLOS
> environments - can someone confirm this is indeed the 3.65 and not
> just the 2.5 doing well in nLOS or NLOS.
>
>
> Would love anyone who is using Baicells to express their input.
> Doesn't seem like I've found a whole lot on the list about real world
> results.
>
> Thanks
>
> Josh Corson
>
> BlueBit Networks
>
> Sent from my iPhone
>



-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

[AFMUG] Baicells 3.65 versus 900 450i

2016-10-22 Thread Josh Corson

All,

Reviewing info on Baicells it seems like a good argument to compare
the two platforms. Before we invest in more 450i equipment I wanted to
get the take on Baicells LTE 3.65 gear.

The LTE is higher in capacity versus the 900 and
in some instances it seems like 3.65 is doing well in NLOS
environments - can someone confirm this is indeed the 3.65 and not
just the 2.5 doing well in nLOS or NLOS.


Would love anyone who is using Baicells to express their input.
Doesn't seem like I've found a whole lot on the list about real world
results.

Thanks

Josh Corson

BlueBit Networks

Sent from my iPhone

Re: [AFMUG] now we know why manufacturers are having delays

2016-10-22 Thread Jaime Solorza

Will this be liked failed SBInet

On Oct 22, 2016 5:11 PM, "Rory Conaway"  wrote:

> Lockheed is buying all amplifiers.
>
>
>
> http://www.microwavejournal.com/articles/26872-space-
> fence-radar-leverages-power-of-gan
>
>
>
> *Rory Conaway **• Triad Wireless •** CEO*
>
> *4226 S. 37th Street • Phoenix • AZ 85040*
>
> *602-426-0542 <602-426-0542>*
>
> *r...@triadwireless.net *
>
> *www.triadwireless.net *
>
>
>
> *“Enginering is about changing the imagination into the practical.”*
>
>
>

Re: [AFMUG] Iptv

2016-10-22 Thread Mike Hammett

Without deduplication? 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Paul Stewart"  
To: af@afmug.com 
Sent: Saturday, October 22, 2016 6:13:18 PM 
Subject: Re: [AFMUG] Iptv 

That’s pretty small for cloud DVR depending on what you are offering (storage 
per sub) and other features… 


Typical systems I have seen are in PB levels …. 1-2 to start, 4-5PB of storage 
to grow 





On Oct 22, 2016, at 6:16 PM, Josh Reynolds < j...@kyneticwifi.com > wrote: 


Yes. I think the one we were about to put in when I left NDF was around 120TB 


On Oct 22, 2016 4:15 PM, "CBB - Jay Fuller" < par...@cyberbroadband.net > 
wrote: 





cloud dvr stored somewhere in the central office here or something? i guess? 



- Original Message - 
From: Josh Reynolds 
To: af@afmug.com 
Sent: Saturday, October 22, 2016 4:06 PM 
Subject: Re: [AFMUG] Iptv 


Multicast bulk channels, unicast for on-demand or cloud DVR. 


On Oct 22, 2016 3:44 PM, "CBB - Jay Fuller" < par...@cyberbroadband.net > 
wrote: 







On a quick vacation to the beach.condo has centurylink prismwhich I 
assume is pretty similar to att uversewhich is iptv all over again. 


I like how quick the channel changespretty good picture (in hd if you 
select hd from the sd channel number) 


Box is wifi...with an hdmi output 


Is this the type iptv product us wisps should be selling? Especially if we move 
into fiber? 


Without googling itis this multicast or unicast? 


I may go Google it next Alabama football commercial breaklol 
















Sent from my Verizon 4G LTE Smartphone

Re: [AFMUG] Iptv

2016-10-22 Thread Paul Stewart

That’s pretty small for cloud DVR depending on what you are offering (storage 
per sub) and other features…

Typical systems I have seen are in PB levels …. 1-2 to start, 4-5PB of storage 
to grow

> On Oct 22, 2016, at 6:16 PM, Josh Reynolds  wrote:
> 
> Yes. I think the one we were about to put in when I left NDF was around 120TB
> 
> 
> On Oct 22, 2016 4:15 PM, "CBB - Jay Fuller"  > wrote:
>  
> cloud dvr stored somewhere in the central office here or something?  i guess?
>  
> - Original Message -
> From: Josh Reynolds 
> To: af@afmug.com 
> Sent: Saturday, October 22, 2016 4:06 PM
> Subject: Re: [AFMUG] Iptv
> 
> Multicast bulk channels, unicast for on-demand or cloud DVR.
> 
> 
> On Oct 22, 2016 3:44 PM, "CBB - Jay Fuller"  > wrote:
> 
> On a quick vacation to the beach.condo has centurylink prismwhich I 
> assume is pretty similar to att uversewhich is iptv all over again.
> 
> I like how quick the channel changespretty good picture (in hd if you 
> select hd from the sd channel number)
> 
> Box is wifi...with an hdmi output
> 
> Is this the type iptv product us wisps should be selling?  Especially if we 
> move into fiber?
> 
> Without googling itis this multicast or unicast?
> 
> I may go Google it next Alabama football commercial breaklol 
> 
> 
> 
> 
> 
> 
> 
> 
> Sent from my Verizon 4G LTE Smartphone
>

[AFMUG] now we know why manufacturers are having delays

2016-10-22 Thread Rory Conaway

Lockheed is buying all amplifiers.

http://www.microwavejournal.com/articles/26872-space-fence-radar-leverages-power-of-gan

Rory Conaway * Triad Wireless * CEO
4226 S. 37th Street * Phoenix * AZ 85040
602-426-0542
r...@triadwireless.net
www.triadwireless.net

"Enginering is about changing the imagination into the practical."

Re: [AFMUG] Iptv

2016-10-22 Thread Josh Reynolds

Yes. I think the one we were about to put in when I left NDF was around
120TB

On Oct 22, 2016 4:15 PM, "CBB - Jay Fuller" 
wrote:

>
> cloud dvr stored somewhere in the central office here or something?  i
> guess?
>
>
> - Original Message -
> *From:* Josh Reynolds 
> *To:* af@afmug.com
> *Sent:* Saturday, October 22, 2016 4:06 PM
> *Subject:* Re: [AFMUG] Iptv
>
> Multicast bulk channels, unicast for on-demand or cloud DVR.
>
> On Oct 22, 2016 3:44 PM, "CBB - Jay Fuller" 
> wrote:
>
>>
>> On a quick vacation to the beach.condo has centurylink prismwhich
>> I assume is pretty similar to att uversewhich is iptv all over again.
>>
>> I like how quick the channel changespretty good picture (in hd if you
>> select hd from the sd channel number)
>>
>> Box is wifi...with an hdmi output
>>
>> Is this the type iptv product us wisps should be selling?  Especially if
>> we move into fiber?
>>
>> Without googling itis this multicast or unicast?
>>
>> I may go Google it next Alabama football commercial breaklol
>>
>>
>>
>>
>>
>>
>>
>>
>> Sent from my Verizon 4G LTE Smartphone
>>
>>

Re: [AFMUG] Iptv

2016-10-22 Thread Ken Hohhof

That looks identical to the AT UVerse remote.  Their STB is Cisco.

From: Af [mailto:af-boun...@afmug.com] On Behalf Of CBB - Jay Fuller
Sent: Saturday, October 22, 2016 3:59 PM
To: af@afmug.com
Subject: Re: [AFMUG] Iptv

Sent from my Verizon 4G LTE Smartphone

- Reply message -
From: "That One Guy /sarcasm"  >
To: "af@afmug.com  "  >
Subject: [AFMUG] Iptv
Date: Sat, Oct 22, 2016 3:51 PM

worth looking at the gear theyre using if a multitenant location is delivering 
iptv via wifi in hd and its working well its a curiousity

On Sat, Oct 22, 2016 at 3:44 PM, CBB - Jay Fuller  > wrote:

On a quick vacation to the beach.condo has centurylink prism.which I 
assume is pretty similar to att uversewhich is iptv all over again.

I like how quick the channel changespretty good picture (in hd if you 
select hd from the sd channel number)

Box is wifi...with an hdmi output

Is this the type iptv product us wisps should be selling?  Especially if we 
move into fiber?

Without googling it.is this multicast or unicast?

I may go Google it next Alabama football commercial breaklol 

Sent from my Verizon 4G LTE Smartphone

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] [BULK] Re: [BULK] Re: AT Reaches Deal to Buy Time Warner for More Than $80 Billion

2016-10-22 Thread Ken Hohhof

I thought DJT was going to break them up, too.

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Bill Prince
Sent: Saturday, October 22, 2016 4:21 PM
To: af@afmug.com
Subject: [BULK] Re: [AFMUG] [BULK] Re: AT Reaches Deal to Buy Time Warner for 
More Than $80 Billion

Seems like a bit of a knee-jerk reaction at this point. The regulators have yet 
to speak. Likewise the details of the deal. First question on my mind is why 
Comcast can own NBC/Universal, but ATT can't own Time Warner?

bp


On 10/22/2016 1:32 PM, Ken Hohhof wrote:
> And DJT was quoted as saying today that his administration will block the 
> merger, he pointed out that TW owns CNN.
>
>
>
> -Original Message-
> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Bill Prince
> Sent: Saturday, October 22, 2016 2:32 PM
> To: af@afmug.com
> Subject: [BULK] Re: [AFMUG] AT Reaches Deal to Buy Time Warner for 
> More Than $80 Billion
>
> The better for them to compete with Comcast/NBC.
>
> As someone else said recently, the shackles are off.
>
>
> bp
> 
>
> On 10/22/2016 12:18 PM, Jason Wilson wrote:
>> Here is something from WSJ.com that might interest you:
>>
>> AT Reaches Deal to Buy Time Warner for More Than $80 Billion
>> http://www.wsj.com/articles/at-t-reaches-deal-to-buy-time-warner-for-
>> more-than-80-billion-1477157084
>>
>
>

Re: [AFMUG] Iptv

2016-10-22 Thread CBB - Jay Fuller

No sir.  Auburn as well :)

Sent from my Verizon 4G LTE Smartphone

- Reply message -
From: "Bill Prince" 
To: 
Subject: [AFMUG] Iptv
Date: Sat, Oct 22, 2016 4:25 PM

Jay, is 'bama the only football you watch?

bp

On 10/22/2016 1:58 PM, CBB - Jay Fuller
wrote:

Sent from my Verizon 4G LTE Smartphone

- Reply message -

From: "That One Guy /sarcasm"

To: "af@afmug.com" 

Subject: [AFMUG] Iptv

Date: Sat, Oct 22, 2016 3:51 PM

worth looking at the gear theyre using if a
multitenant location is delivering iptv via wifi in hd and its
working well its a curiousity

On Sat, Oct 22, 2016 at 3:44 PM, CBB -
Jay Fuller 
wrote:

On a quick vacation to the beach.condo has
centurylink prism.which I assume is pretty similar
to att uversewhich is iptv all over again.

I like how quick the channel changespretty good
picture (in hd if you select hd from the sd channel
number)

Box is wifi...with an hdmi output

Is this the type iptv product us wisps should be
selling?  Especially if we move into fiber?

Without googling it.is this multicast or
unicast?

I may go Google it next Alabama football commercial
breaklol 

Sent from my Verizon 4G LTE Smartphone

-- 

If you only see yourself as
part of the team but you don't see your team as
part of yourself you have already failed as part
of the team.

Re: [AFMUG] Iptv

2016-10-22 Thread Bill Prince


Jay, is 'bama the only football you watch?


bp


On 10/22/2016 1:58 PM, CBB - Jay Fuller wrote:




Sent from my Verizon 4G LTE Smartphone

- Reply message -
From: "That One Guy /sarcasm" 
To: "af@afmug.com" 
Subject: [AFMUG] Iptv
Date: Sat, Oct 22, 2016 3:51 PM

worth looking at the gear theyre using if a multitenant location is 
delivering iptv via wifi in hd and its working well its a curiousity


On Sat, Oct 22, 2016 at 3:44 PM, CBB - Jay Fuller 
> wrote:



On a quick vacation to the beach.condo has centurylink
prism.which I assume is pretty similar to att uversewhich
is iptv all over again.

I like how quick the channel changespretty good picture (in hd
if you select hd from the sd channel number)

Box is wifi...with an hdmi output

Is this the type iptv product us wisps should be selling? 
Especially if we move into fiber?


Without googling it.is this multicast or unicast?

I may go Google it next Alabama football commercial breaklol








Sent from my Verizon 4G LTE Smartphone




--
If you only see yourself as part of the team but you don't see your 
team as part of yourself you have already failed as part of the team.

Re: [AFMUG] [BULK] Re: AT Reaches Deal to Buy Time Warner for More Than $80 Billion

2016-10-22 Thread Bill Prince

Seems like a bit of a knee-jerk reaction at this point. The regulators 
have yet to speak. Likewise the details of the deal. First question on 
my mind is why Comcast can own NBC/Universal, but ATT can't own Time Warner?


bp


On 10/22/2016 1:32 PM, Ken Hohhof wrote:

And DJT was quoted as saying today that his administration will block the 
merger, he pointed out that TW owns CNN.



-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Bill Prince
Sent: Saturday, October 22, 2016 2:32 PM
To: af@afmug.com
Subject: [BULK] Re: [AFMUG] AT Reaches Deal to Buy Time Warner for More Than 
$80 Billion

The better for them to compete with Comcast/NBC.

As someone else said recently, the shackles are off.


bp


On 10/22/2016 12:18 PM, Jason Wilson wrote:

Here is something from WSJ.com that might interest you:

AT Reaches Deal to Buy Time Warner for More Than $80 Billion
http://www.wsj.com/articles/at-t-reaches-deal-to-buy-time-warner-for-more-than-80-billion-1477157084

Re: [AFMUG] Iptv

2016-10-22 Thread CBB - Jay Fuller

have been thinking fiber

  - Original Message - 
  From: Josh Reynolds 
  To: af@afmug.com 
  Sent: Saturday, October 22, 2016 4:08 PM
  Subject: Re: [AFMUG] Iptv

  You're not likely to run a full IPTV stack as a wisp. There's not enough 
bandwidth. For a fiber co, its great.

  Chuck has/had a thing he was looking at that works like Netflix as far as how 
it streams that MIGHT work for SOME WISPs.

  On Oct 22, 2016 3:44 PM, "CBB - Jay Fuller"  wrote:

On a quick vacation to the beach.condo has centurylink prismwhich I 
assume is pretty similar to att uversewhich is iptv all over again.

I like how quick the channel changespretty good picture (in hd if you 
select hd from the sd channel number)

Box is wifi...with an hdmi output

Is this the type iptv product us wisps should be selling?  Especially if we 
move into fiber?

Without googling itis this multicast or unicast?

I may go Google it next Alabama football commercial breaklol 

Sent from my Verizon 4G LTE Smartphone

Re: [AFMUG] Iptv

2016-10-22 Thread CBB - Jay Fuller

cloud dvr stored somewhere in the central office here or something?  i guess?

  - Original Message - 
  From: Josh Reynolds 
  To: af@afmug.com 
  Sent: Saturday, October 22, 2016 4:06 PM
  Subject: Re: [AFMUG] Iptv

  Multicast bulk channels, unicast for on-demand or cloud DVR.

  On Oct 22, 2016 3:44 PM, "CBB - Jay Fuller"  wrote:

On a quick vacation to the beach.condo has centurylink prismwhich I 
assume is pretty similar to att uversewhich is iptv all over again.

I like how quick the channel changespretty good picture (in hd if you 
select hd from the sd channel number)

Box is wifi...with an hdmi output

Is this the type iptv product us wisps should be selling?  Especially if we 
move into fiber?

Without googling itis this multicast or unicast?

I may go Google it next Alabama football commercial breaklol 

Sent from my Verizon 4G LTE Smartphone

Re: [AFMUG] Iptv

2016-10-22 Thread Josh Reynolds

You're not likely to run a full IPTV stack as a wisp. There's not enough
bandwidth. For a fiber co, its great.

Chuck has/had a thing he was looking at that works like Netflix as far as
how it streams that MIGHT work for SOME WISPs.

On Oct 22, 2016 3:44 PM, "CBB - Jay Fuller" 
wrote:

>
> On a quick vacation to the beach.condo has centurylink prismwhich
> I assume is pretty similar to att uversewhich is iptv all over again.
>
> I like how quick the channel changespretty good picture (in hd if you
> select hd from the sd channel number)
>
> Box is wifi...with an hdmi output
>
> Is this the type iptv product us wisps should be selling?  Especially if
> we move into fiber?
>
> Without googling itis this multicast or unicast?
>
> I may go Google it next Alabama football commercial breaklol
>
>
>
>
>
>
>
>
> Sent from my Verizon 4G LTE Smartphone
>
>

Re: [AFMUG] Iptv

2016-10-22 Thread Josh Reynolds

Multicast bulk channels, unicast for on-demand or cloud DVR.

On Oct 22, 2016 3:44 PM, "CBB - Jay Fuller" 
wrote:

>
> On a quick vacation to the beach.condo has centurylink prismwhich
> I assume is pretty similar to att uversewhich is iptv all over again.
>
> I like how quick the channel changespretty good picture (in hd if you
> select hd from the sd channel number)
>
> Box is wifi...with an hdmi output
>
> Is this the type iptv product us wisps should be selling?  Especially if
> we move into fiber?
>
> Without googling itis this multicast or unicast?
>
> I may go Google it next Alabama football commercial breaklol
>
>
>
>
>
>
>
>
> Sent from my Verizon 4G LTE Smartphone
>
>

Re: [AFMUG] Iptv

2016-10-22 Thread CBB - Jay Fuller

it looks like wifi supports 2 gig or 5 gig

  - Original Message - 
  From: That One Guy /sarcasm 
  To: af@afmug.com 
  Sent: Saturday, October 22, 2016 3:51 PM
  Subject: Re: [AFMUG] Iptv

  worth looking at the gear theyre using if a multitenant location is 
delivering iptv via wifi in hd and its working well its a curiousity

  On Sat, Oct 22, 2016 at 3:44 PM, CBB - Jay Fuller  
wrote:

On a quick vacation to the beach.condo has centurylink prismwhich I 
assume is pretty similar to att uversewhich is iptv all over again.

I like how quick the channel changespretty good picture (in hd if you 
select hd from the sd channel number)

Box is wifi...with an hdmi output

Is this the type iptv product us wisps should be selling?  Especially if we 
move into fiber?

Without googling itis this multicast or unicast?

I may go Google it next Alabama football commercial breaklol 

Sent from my Verizon 4G LTE Smartphone

  -- 

  If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] Iptv

2016-10-22 Thread That One Guy /sarcasm

worth looking at the gear theyre using if a multitenant location is
delivering iptv via wifi in hd and its working well its a curiousity

On Sat, Oct 22, 2016 at 3:44 PM, CBB - Jay Fuller  wrote:

>
> On a quick vacation to the beach.condo has centurylink prismwhich
> I assume is pretty similar to att uversewhich is iptv all over again.
>
> I like how quick the channel changespretty good picture (in hd if you
> select hd from the sd channel number)
>
> Box is wifi...with an hdmi output
>
> Is this the type iptv product us wisps should be selling?  Especially if
> we move into fiber?
>
> Without googling itis this multicast or unicast?
>
> I may go Google it next Alabama football commercial breaklol
>
>
>
>
>
>
>
>
> Sent from my Verizon 4G LTE Smartphone
>
>


-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

[AFMUG] Iptv

2016-10-22 Thread CBB - Jay Fuller

On a quick vacation to the beach.condo has centurylink prismwhich I 
assume is pretty similar to att uversewhich is iptv all over again.

I like how quick the channel changespretty good picture (in hd if you 
select hd from the sd channel number)

Box is wifi...with an hdmi output

Is this the type iptv product us wisps should be selling?  Especially if we 
move into fiber?

Without googling itis this multicast or unicast?

I may go Google it next Alabama football commercial breaklol 








Sent from my Verizon 4G LTE Smartphone

Re: [AFMUG] [BULK] Re: AT Reaches Deal to Buy Time Warner for More Than $80 Billion

2016-10-22 Thread Ken Hohhof

And DJT was quoted as saying today that his administration will block the 
merger, he pointed out that TW owns CNN.



-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Bill Prince
Sent: Saturday, October 22, 2016 2:32 PM
To: af@afmug.com
Subject: [BULK] Re: [AFMUG] AT Reaches Deal to Buy Time Warner for More Than 
$80 Billion

The better for them to compete with Comcast/NBC.

As someone else said recently, the shackles are off.


bp


On 10/22/2016 12:18 PM, Jason Wilson wrote:
>
> Here is something from WSJ.com that might interest you:
>
> AT Reaches Deal to Buy Time Warner for More Than $80 Billion
> http://www.wsj.com/articles/at-t-reaches-deal-to-buy-time-warner-for-more-than-80-billion-1477157084
>

Re: [AFMUG] AT Reaches Deal to Buy Time Warner for More Than $80 Billion

2016-10-22 Thread Bill Prince


The better for them to compete with Comcast/NBC.

As someone else said recently, the shackles are off.


bp


On 10/22/2016 12:18 PM, Jason Wilson wrote:


Here is something from WSJ.com that might interest you:

AT Reaches Deal to Buy Time Warner for More Than $80 Billion
http://www.wsj.com/articles/at-t-reaches-deal-to-buy-time-warner-for-more-than-80-billion-1477157084

[AFMUG] AT Reaches Deal to Buy Time Warner for More Than $80 Billion

2016-10-22 Thread Jason Wilson

Here is something from WSJ.com that might interest you:

AT Reaches Deal to Buy Time Warner for More Than $80 Billion
http://www.wsj.com/articles/at-t-reaches-deal-to-buy-time-warner-for-more-than-80-billion-1477157084

Re: [AFMUG] OT. I voted!!! Twice!!

2016-10-22 Thread Jaime Solorza

My bad hombre head aches... Too much Tecate

On Oct 21, 2016 9:19 PM, "Bill Prince"  wrote:

> Vote early and often.
>
>
> bp
> 
>
> On 10/21/2016 5:33 PM, Jaime Solorza wrote:
>
>>
>> Salud amigos
>>
>>
>

Re: [AFMUG] Another large DDoS, Stop Being a Dick

2016-10-22 Thread Jaime Solorza

I actually worked with ATT tech support to open up some ports for NVR...
They were pretty good and client has app on phone with alerts on door
sensors connected to cameras.   Different subnet from his network... Hope
it doesn't get hacked...

On Oct 22, 2016 10:33 AM, "Mike Hammett"  wrote:

> The IP address on your upstream interface needs to be able to respond to
> respond to ICMP and other requests.
>
>
> 10.0.0.0/30 Network
> 10.0.0.1/30 Their Router
> 10.0.0.2/30 Your Router
> 10.0.0.3/30 Broadcast
>
>
> 10.0.0.2 needs to be able to respond to things and the firewall should be
> blocking it if not otherwise allowed.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions 
> 
> 
> 
> 
> Midwest Internet Exchange 
> 
> 
> 
> The Brothers WISP 
> 
>
>
> 
> --
> *From: *"Kurt Fankhauser" 
> *To: *af@afmug.com
> *Sent: *Saturday, October 22, 2016 11:24:40 AM
> *Subject: *Re: [AFMUG] Another large DDoS, Stop Being a Dick
>
> Mike,
>
> Thank you for sharing this Mikrotik Firewall rule! I was at the WISPPlooza
> session on internet security and first heard of this spoofing problem and
> about how you should drop this traffic. I implemented the rule and logged
> it before I flat out dropped it and just in 60 seconds I was seeing
> thousands of packets showing up in my Mikrotik Log. Apparently I was being
> used as a spoof relay. I also noticed a slight decrease in overall traffic
> going out to my upstream provider. I can not believe how easy it was to
> implement this rule with Mikrotik. One thing I did not do was add my
> upstreams /30 BGP address to the allow list. Why should I do that? My BGP
> is still working without it.
>
> On Sat, Oct 22, 2016 at 10:14 AM, Mike Hammett  wrote:
>
>> Here's a tested config that works with standard IP Firewall. Once I get a
>> chance, I'll make and test a version that uses raw.
>>
>> /ip firewall address-list
>> add address=x.x.x.x/yy comment="My IPs" list=Public_Networks
>> add address=x.x.x.x/yy comment="Upstream /30" list=Public_Networks
>> add address=x.x.x.x/yy comment="Customer ABC's ARIN allocation"
>> list=Public_Networks
>>
>> /ip firewall filter
>> add action=drop chain=forward comment="Block Spoofed Traffic"
>> out-interface=[upstream interface] src-address-list=!Public_Networks
>>
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions 
>> 
>> 
>> 
>> 
>> Midwest Internet Exchange 
>> 
>> 
>> 
>> The Brothers WISP 
>> 
>>
>>
>> 
>> --
>> *From: *"Mike Hammett" 
>> *To: *af@afmug.com
>> *Sent: *Friday, October 21, 2016 12:17:13 PM
>> *Subject: *Re: [AFMUG] Another large DDoS, Stop Being a Dick
>>
>> /ip firewall address-list
>> add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="My IPs"
>> add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="Downstream
>> customer X IPs"
>>
>> /ip firewall filter
>> add action=drop chain=forward comment="Drop spoofed traffic" disabled=no
>> out-interface="To-Upstream" dst-address-list=!"Public-IPs"
>>
>> That was largely composed off of the top of my head and typed on my
>> phone, so it may not be completely accurate.
>>
>>
>> You should also do it on customer-facing ports not allowing anything to
>> come in, but that would be best approached once Mikrotik and the per
>> interface setting for unicast reverse path filtering. You would then said
>> customer facing interfaces to strict and all other interfaces to loose.
>> They accepted the feature request, just haven't implemented it yet.
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions 
>> 
>> 
>> 
>> 
>> Midwest Internet Exchange 
>> 
>>

[AFMUG] root signing ceremony Oct. 27

2016-10-22 Thread Ken Hohhof

http://www.msn.com/en-us/money/technology/the-internet-is-still-actually-con
trolled-by-14-people-who-hold-7-secret-keys/ar-AAjeZM0

 

https://www.cloudflare.com/dns/dnssec/root-signing-ceremony/

Re: [AFMUG] Another large DDoS, Stop Being a Dick

2016-10-22 Thread Kurt Fankhauser

ok I added the /30 on my upstream to the allow list

On Sat, Oct 22, 2016 at 12:33 PM, Mike Hammett  wrote:

> The IP address on your upstream interface needs to be able to respond to
> respond to ICMP and other requests.
>
>
> 10.0.0.0/30 Network
> 10.0.0.1/30 Their Router
> 10.0.0.2/30 Your Router
> 10.0.0.3/30 Broadcast
>
>
> 10.0.0.2 needs to be able to respond to things and the firewall should be
> blocking it if not otherwise allowed.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions 
> 
> 
> 
> 
> Midwest Internet Exchange 
> 
> 
> 
> The Brothers WISP 
> 
>
>
> 
> --
> *From: *"Kurt Fankhauser" 
> *To: *af@afmug.com
> *Sent: *Saturday, October 22, 2016 11:24:40 AM
> *Subject: *Re: [AFMUG] Another large DDoS, Stop Being a Dick
>
> Mike,
>
> Thank you for sharing this Mikrotik Firewall rule! I was at the WISPPlooza
> session on internet security and first heard of this spoofing problem and
> about how you should drop this traffic. I implemented the rule and logged
> it before I flat out dropped it and just in 60 seconds I was seeing
> thousands of packets showing up in my Mikrotik Log. Apparently I was being
> used as a spoof relay. I also noticed a slight decrease in overall traffic
> going out to my upstream provider. I can not believe how easy it was to
> implement this rule with Mikrotik. One thing I did not do was add my
> upstreams /30 BGP address to the allow list. Why should I do that? My BGP
> is still working without it.
>
> On Sat, Oct 22, 2016 at 10:14 AM, Mike Hammett  wrote:
>
>> Here's a tested config that works with standard IP Firewall. Once I get a
>> chance, I'll make and test a version that uses raw.
>>
>> /ip firewall address-list
>> add address=x.x.x.x/yy comment="My IPs" list=Public_Networks
>> add address=x.x.x.x/yy comment="Upstream /30" list=Public_Networks
>> add address=x.x.x.x/yy comment="Customer ABC's ARIN allocation"
>> list=Public_Networks
>>
>> /ip firewall filter
>> add action=drop chain=forward comment="Block Spoofed Traffic"
>> out-interface=[upstream interface] src-address-list=!Public_Networks
>>
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions 
>> 
>> 
>> 
>> 
>> Midwest Internet Exchange 
>> 
>> 
>> 
>> The Brothers WISP 
>> 
>>
>>
>> 
>> --
>> *From: *"Mike Hammett" 
>> *To: *af@afmug.com
>> *Sent: *Friday, October 21, 2016 12:17:13 PM
>> *Subject: *Re: [AFMUG] Another large DDoS, Stop Being a Dick
>>
>> /ip firewall address-list
>> add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="My IPs"
>> add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="Downstream
>> customer X IPs"
>>
>> /ip firewall filter
>> add action=drop chain=forward comment="Drop spoofed traffic" disabled=no
>> out-interface="To-Upstream" dst-address-list=!"Public-IPs"
>>
>> That was largely composed off of the top of my head and typed on my
>> phone, so it may not be completely accurate.
>>
>>
>> You should also do it on customer-facing ports not allowing anything to
>> come in, but that would be best approached once Mikrotik and the per
>> interface setting for unicast reverse path filtering. You would then said
>> customer facing interfaces to strict and all other interfaces to loose.
>> They accepted the feature request, just haven't implemented it yet.
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions 
>> 
>> 
>> 
>> 
>> Midwest Internet Exchange 
>> 
>> 
>> 
>> The Brothers WISP 
>>

Re: [AFMUG] Another large DDoS, Stop Being a Dick

2016-10-22 Thread Mike Hammett

The IP address on your upstream interface needs to be able to respond to 
respond to ICMP and other requests. 


10.0.0.0/30 Network 
10.0.0.1/30 Their Router 
10.0.0.2/30 Your Router 
10.0.0.3/30 Broadcast 


10.0.0.2 needs to be able to respond to things and the firewall should be 
blocking it if not otherwise allowed. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Kurt Fankhauser"  
To: af@afmug.com 
Sent: Saturday, October 22, 2016 11:24:40 AM 
Subject: Re: [AFMUG] Another large DDoS, Stop Being a Dick 



Mike, 


Thank you for sharing this Mikrotik Firewall rule! I was at the WISPPlooza 
session on internet security and first heard of this spoofing problem and about 
how you should drop this traffic. I implemented the rule and logged it before I 
flat out dropped it and just in 60 seconds I was seeing thousands of packets 
showing up in my Mikrotik Log. Apparently I was being used as a spoof relay. I 
also noticed a slight decrease in overall traffic going out to my upstream 
provider. I can not believe how easy it was to implement this rule with 
Mikrotik. One thing I did not do was add my upstreams /30 BGP address to the 
allow list. Why should I do that? My BGP is still working without it. 


On Sat, Oct 22, 2016 at 10:14 AM, Mike Hammett < af...@ics-il.net > wrote: 




Here's a tested config that works with standard IP Firewall. Once I get a 
chance, I'll make and test a version that uses raw. 

/ip firewall address-list 
add address=x.x.x.x/yy comment="My IPs" list=Public_Networks 
add address=x.x.x.x/yy comment="Upstream /30" list=Public_Networks 
add address=x.x.x.x/yy comment="Customer ABC's ARIN allocation" 
list=Public_Networks 

/ip firewall filter 
add action=drop chain=forward comment="Block Spoofed Traffic" 
out-interface=[upstream interface] src-address-list=!Public_Networks 





- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 






From: "Mike Hammett" < af...@ics-il.net > 
To: af@afmug.com 
Sent: Friday, October 21, 2016 12:17:13 PM 
Subject: Re: [AFMUG] Another large DDoS, Stop Being a Dick 




/ip firewall address-list 
add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="My IPs" 
add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="Downstream 
customer X IPs" 

/ip firewall filter 
add action=drop chain=forward comment="Drop spoofed traffic" disabled=no 
out-interface="To-Upstream" dst-address-list=!"Public-IPs" 

That was largely composed off of the top of my head and typed on my phone, so 
it may not be completely accurate. 


You should also do it on customer-facing ports not allowing anything to come 
in, but that would be best approached once Mikrotik and the per interface 
setting for unicast reverse path filtering. You would then said customer facing 
interfaces to strict and all other interfaces to loose. They accepted the 
feature request, just haven't implemented it yet. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 






From: "Mike Hammett" < af...@ics-il.net > 
To: af@afmug.com 
Sent: Friday, October 21, 2016 11:21:35 AM 
Subject: [AFMUG] Another large DDoS, Stop Being a Dick 


There's another large DDoS going on now. Go to this page to see if you can be 
used for UDP amplification (or other spoofing) attacks: 

https://www.caida.org/projects/spoofer/ 

Go to these pages for more longer term bad behavior monitoring: 

https://www.shadowserver.org/wiki/ 
https://radar.qrator.net/ 


Maybe we need to start a database of ASNs WISPs are using and start naming and 
shaming them when they have bad actors on their network. This is serious, 
people. Take it seriously. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP

Re: [AFMUG] Another large DDoS, Stop Being a Dick

2016-10-22 Thread Ken Hohhof

Wonderful.  So people can buy cheap insecure Chinese crap, and then give it 
full control over their router.  It’s like a doggie door for your toaster, so 
it can go roam the neighborhood at night looking for skunks.  And invite its 
friends in.

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Reynolds
Sent: Saturday, October 22, 2016 11:14 AM
To: af@afmug.com
Subject: Re: [AFMUG] Another large DDoS, Stop Being a Dick

 

Routers have firewalls... 

But UPNP works on ipv6 :(

 

On Oct 22, 2016 10:39 AM, "Ken Hohhof"  > wrote:

Takeaway quote:  the Internet is “vulnerable to toasters”.

 

I’ve got to suspect most of these cheap Chinese webcams (i.e. 90% of them) and 
other devices are only accessible via a public IP address because of UPnP.  And 
apparently they are forwarding not just HTTP and HTTPS through the router but 
also telnet and SSH.  Death to  UPnP!  We don’t enable it when customers lease 
routers from us.  These cams should be using some sort of proxy in the cloud to 
relay the video, not port forwarding on the customer’s router.

 

I also suspect a lot of these are outside the US.  At the risk of opening up 
the dreaded “NAT is not a firewall” and “IPv6 is great/terrible” debates, how 
does IPv6 not increase the IoT threat?  What is the typical setup for an IPv6 
enabled customer with toasters and webcams that get public IPs?  Does the 
router from the ISP or supplied by the customer still implement a stateful 
firewall so that inbound traffic is blocked unless a connection has been 
established by outbound traffic or a port forwarding rule?  Or are there IPv6 
toasters with web and CLI access wide open?  Does UPnP still exist with IPv6?  
Maybe it’s no more of a problem with IPv6, but then I still wonder, why are so 
many IoT devices accessible via telnet to exploit the hardcoded default 
passwords?  Maybe it’s not our customers buying cheap webcams at Costco, maybe 
it’s really businesses putting their security cameras directly on public IP 
addresses?

 

 

From: Af [mailto:af-boun...@afmug.com  ] On Behalf 
Of Jaime Solorza
Sent: Saturday, October 22, 2016 9:57 AM
To: Animal Farm  >
Subject: Re: [AFMUG] Another large DDoS, Stop Being a Dick

 

'Smart' home devices used as weapons in website attack
http://www.bbc.com/news/technology-37738823

 

On Oct 22, 2016 8:14 AM, "Mike Hammett"  > wrote:

Here's a tested config that works with standard IP Firewall. Once I get a 
chance, I'll make and test a version that uses raw.

/ip firewall address-list
add address=x.x.x.x/yy comment="My IPs" list=Public_Networks
add address=x.x.x.x/yy comment="Upstream /30" list=Public_Networks
add address=x.x.x.x/yy comment="Customer ABC's ARIN allocation" 
list=Public_Networks

/ip firewall filter
add action=drop chain=forward comment="Block Spoofed Traffic" 
out-interface=[upstream interface] src-address-list=!Public_Networks



-
Mike Hammett
  Intelligent Computing Solutions
   
  
  
 
  Midwest Internet Exchange
   
  
 
  The Brothers WISP
   
 





  _  


From: "Mike Hammett"  >
To: af@afmug.com  
Sent: Friday, October 21, 2016 12:17:13 PM
Subject: Re: [AFMUG] Another large DDoS, Stop Being a Dick

/ip firewall address-list
add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="My IPs"
add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="Downstream 
customer X IPs"

/ip firewall filter
add action=drop chain=forward comment="Drop spoofed traffic" disabled=no 
out-interface="To-Upstream" dst-address-list=!"Public-IPs"

That was largely composed off of the top of my head and typed on my phone, so 
it may not be completely accurate.


You should also do it on customer-facing ports not allowing anything to come 
in, but that would be best approached once Mikrotik and the per interface 
setting for unicast reverse path filtering. You would then said customer facing 
interfaces to strict and all other interfaces to loose. They accepted the 
feature request, just haven't implemented it yet.



-
Mike Hammett
  Intelligent Computing Solutions

Re: [AFMUG] Another large DDoS, Stop Being a Dick

2016-10-22 Thread Cassidy B. Larson

IPv6 has “Temporary” outbound IPs for different outbound sessions. These temp 
IPv6 IPs expire over time and change.
I had four or five at one time on my mac for existing TCP sessions that were 
still open, but new traffic wouldn’t be allowed to talk to them.
There's also a fixed inbound IPv6 address, but the possibility of guessing the 
single IPv6 IP on a /64 subnet of 18 quintillion IPv6 IPs is a bit harder.
Well, a lot harder than script kiddies just scanning each port on each public 
IPv4 IP. 
So I guess it’s more like security through obscurity, but still nothing beats a 
properly configured firewall. 



> On Oct 22, 2016, at 9:39 AM, Ken Hohhof  wrote:
> 
> Takeaway quote:  the Internet is “vulnerable to toasters”.
>  
> I’ve got to suspect most of these cheap Chinese webcams (i.e. 90% of them) 
> and other devices are only accessible via a public IP address because of 
> UPnP.  And apparently they are forwarding not just HTTP and HTTPS through the 
> router but also telnet and SSH.  Death to  UPnP!  We don’t enable it when 
> customers lease routers from us.  These cams should be using some sort of 
> proxy in the cloud to relay the video, not port forwarding on the customer’s 
> router.
>  
> I also suspect a lot of these are outside the US.  At the risk of opening up 
> the dreaded “NAT is not a firewall” and “IPv6 is great/terrible” debates, how 
> does IPv6 not increase the IoT threat?  What is the typical setup for an IPv6 
> enabled customer with toasters and webcams that get public IPs?  Does the 
> router from the ISP or supplied by the customer still implement a stateful 
> firewall so that inbound traffic is blocked unless a connection has been 
> established by outbound traffic or a port forwarding rule?  Or are there IPv6 
> toasters with web and CLI access wide open?  Does UPnP still exist with IPv6? 
>  Maybe it’s no more of a problem with IPv6, but then I still wonder, why are 
> so many IoT devices accessible via telnet to exploit the hardcoded default 
> passwords?  Maybe it’s not our customers buying cheap webcams at Costco, 
> maybe it’s really businesses putting their security cameras directly on 
> public IP addresses?
>  
>   <>
> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Jaime Solorza
> Sent: Saturday, October 22, 2016 9:57 AM
> To: Animal Farm 
> Subject: Re: [AFMUG] Another large DDoS, Stop Being a Dick
>  
> 'Smart' home devices used as weapons in website attack
> http://www.bbc.com/news/technology-37738823 
> 
>  
> On Oct 22, 2016 8:14 AM, "Mike Hammett"  > wrote:
>> Here's a tested config that works with standard IP Firewall. Once I get a 
>> chance, I'll make and test a version that uses raw.
>> 
>> /ip firewall address-list
>> add address=x.x.x.x/yy comment="My IPs" list=Public_Networks
>> add address=x.x.x.x/yy comment="Upstream /30" list=Public_Networks
>> add address=x.x.x.x/yy comment="Customer ABC's ARIN allocation" 
>> list=Public_Networks
>> 
>> /ip firewall filter
>> add action=drop chain=forward comment="Block Spoofed Traffic" 
>> out-interface=[upstream interface] src-address-list=!Public_Networks
>> 
>> 
>> 
>> 
>> -
>> Mike Hammett
>> Intelligent Computing Solutions 
>>   
>>  
>>  
>> 
>> Midwest Internet Exchange 
>>   
>>  
>> 
>> The Brothers WISP 
>>  
>> 
>> 
>>  
>> From: "Mike Hammett" >
>> To: af@afmug.com 
>> Sent: Friday, October 21, 2016 12:17:13 PM
>> Subject: Re: [AFMUG] Another large DDoS, Stop Being a Dick
>> 
>> /ip firewall address-list
>> add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="My IPs"
>> add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="Downstream 
>> customer X IPs"
>> 
>> /ip firewall filter
>> add action=drop chain=forward comment="Drop spoofed traffic" disabled=no 
>> out-interface="To-Upstream" dst-address-list=!"Public-IPs"
>> 
>> That was largely composed off of the top of my head and typed on my phone, 
>> so it may not be completely accurate.
>> 
>> 
>> You should also do it on customer-facing ports not allowing anything to come 
>> in, but that would be best approached once Mikrotik and the per interface 
>> setting for unicast reverse path filtering. You would then said customer 
>> facing interfaces to strict and all other interfaces to loose. They accepted 
>> the feature request, just haven't implemented

Re: [AFMUG] Another large DDoS, Stop Being a Dick

2016-10-22 Thread Josh Reynolds

Routers have firewalls...

But UPNP works on ipv6 :(

On Oct 22, 2016 10:39 AM, "Ken Hohhof"  wrote:

> Takeaway quote:  the Internet is “vulnerable to toasters”.
>
>
>
> I’ve got to suspect most of these cheap Chinese webcams (i.e. 90% of them)
> and other devices are only accessible via a public IP address because of
> UPnP.  And apparently they are forwarding not just HTTP and HTTPS through
> the router but also telnet and SSH.  Death to  UPnP!  We don’t enable it
> when customers lease routers from us.  These cams should be using some sort
> of proxy in the cloud to relay the video, not port forwarding on the
> customer’s router.
>
>
>
> I also suspect a lot of these are outside the US.  At the risk of opening
> up the dreaded “NAT is not a firewall” and “IPv6 is great/terrible”
> debates, how does IPv6 not increase the IoT threat?  What is the typical
> setup for an IPv6 enabled customer with toasters and webcams that get
> public IPs?  Does the router from the ISP or supplied by the customer still
> implement a stateful firewall so that inbound traffic is blocked unless a
> connection has been established by outbound traffic or a port forwarding
> rule?  Or are there IPv6 toasters with web and CLI access wide open?  Does
> UPnP still exist with IPv6?  Maybe it’s no more of a problem with IPv6, but
> then I still wonder, why are so many IoT devices accessible via telnet to
> exploit the hardcoded default passwords?  Maybe it’s not our customers
> buying cheap webcams at Costco, maybe it’s really businesses putting their
> security cameras directly on public IP addresses?
>
>
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Jaime Solorza
> *Sent:* Saturday, October 22, 2016 9:57 AM
> *To:* Animal Farm 
> *Subject:* Re: [AFMUG] Another large DDoS, Stop Being a Dick
>
>
>
> 'Smart' home devices used as weapons in website attack
> http://www.bbc.com/news/technology-37738823
>
>
>
> On Oct 22, 2016 8:14 AM, "Mike Hammett"  wrote:
>
> Here's a tested config that works with standard IP Firewall. Once I get a
> chance, I'll make and test a version that uses raw.
>
> /ip firewall address-list
> add address=x.x.x.x/yy comment="My IPs" list=Public_Networks
> add address=x.x.x.x/yy comment="Upstream /30" list=Public_Networks
> add address=x.x.x.x/yy comment="Customer ABC's ARIN allocation"
> list=Public_Networks
>
> /ip firewall filter
> add action=drop chain=forward comment="Block Spoofed Traffic"
> out-interface=[upstream interface] src-address-list=!Public_Networks
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions 
> 
> 
> 
> 
> Midwest Internet Exchange 
> 
> 
> 
> The Brothers WISP 
> 
>
>
> 
> --
>
> *From: *"Mike Hammett" 
> *To: *af@afmug.com
> *Sent: *Friday, October 21, 2016 12:17:13 PM
> *Subject: *Re: [AFMUG] Another large DDoS, Stop Being a Dick
>
> /ip firewall address-list
> add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="My IPs"
> add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="Downstream
> customer X IPs"
>
> /ip firewall filter
> add action=drop chain=forward comment="Drop spoofed traffic" disabled=no
> out-interface="To-Upstream" dst-address-list=!"Public-IPs"
>
> That was largely composed off of the top of my head and typed on my phone,
> so it may not be completely accurate.
>
>
> You should also do it on customer-facing ports not allowing anything to
> come in, but that would be best approached once Mikrotik and the per
> interface setting for unicast reverse path filtering. You would then said
> customer facing interfaces to strict and all other interfaces to loose.
> They accepted the feature request, just haven't implemented it yet.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions 
> 
> 
> 
> 
> Midwest Internet Exchange 
> 
> 
> 
> The Brothers WISP 
> 
>
>
> 
> --
>
> *From: *"Mike Hammett" 
> *To:

Re: [AFMUG] Another large DDoS, Stop Being a Dick

2016-10-22 Thread Ken Hohhof

Takeaway quote:  the Internet is “vulnerable to toasters”.

 

I’ve got to suspect most of these cheap Chinese webcams (i.e. 90% of them) and 
other devices are only accessible via a public IP address because of UPnP.  And 
apparently they are forwarding not just HTTP and HTTPS through the router but 
also telnet and SSH.  Death to  UPnP!  We don’t enable it when customers lease 
routers from us.  These cams should be using some sort of proxy in the cloud to 
relay the video, not port forwarding on the customer’s router.

 

I also suspect a lot of these are outside the US.  At the risk of opening up 
the dreaded “NAT is not a firewall” and “IPv6 is great/terrible” debates, how 
does IPv6 not increase the IoT threat?  What is the typical setup for an IPv6 
enabled customer with toasters and webcams that get public IPs?  Does the 
router from the ISP or supplied by the customer still implement a stateful 
firewall so that inbound traffic is blocked unless a connection has been 
established by outbound traffic or a port forwarding rule?  Or are there IPv6 
toasters with web and CLI access wide open?  Does UPnP still exist with IPv6?  
Maybe it’s no more of a problem with IPv6, but then I still wonder, why are so 
many IoT devices accessible via telnet to exploit the hardcoded default 
passwords?  Maybe it’s not our customers buying cheap webcams at Costco, maybe 
it’s really businesses putting their security cameras directly on public IP 
addresses?

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Jaime Solorza
Sent: Saturday, October 22, 2016 9:57 AM
To: Animal Farm 
Subject: Re: [AFMUG] Another large DDoS, Stop Being a Dick

 

'Smart' home devices used as weapons in website attack
http://www.bbc.com/news/technology-37738823

 

On Oct 22, 2016 8:14 AM, "Mike Hammett"  > wrote:

Here's a tested config that works with standard IP Firewall. Once I get a 
chance, I'll make and test a version that uses raw.

/ip firewall address-list
add address=x.x.x.x/yy comment="My IPs" list=Public_Networks
add address=x.x.x.x/yy comment="Upstream /30" list=Public_Networks
add address=x.x.x.x/yy comment="Customer ABC's ARIN allocation" 
list=Public_Networks

/ip firewall filter
add action=drop chain=forward comment="Block Spoofed Traffic" 
out-interface=[upstream interface] src-address-list=!Public_Networks





-
Mike Hammett
  Intelligent Computing Solutions
   
  
  
 
  Midwest Internet Exchange
   
  
 
  The Brothers WISP
   
 





  _  


From: "Mike Hammett"  >
To: af@afmug.com  
Sent: Friday, October 21, 2016 12:17:13 PM
Subject: Re: [AFMUG] Another large DDoS, Stop Being a Dick

/ip firewall address-list
add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="My IPs"
add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="Downstream 
customer X IPs"

/ip firewall filter
add action=drop chain=forward comment="Drop spoofed traffic" disabled=no 
out-interface="To-Upstream" dst-address-list=!"Public-IPs"

That was largely composed off of the top of my head and typed on my phone, so 
it may not be completely accurate.


You should also do it on customer-facing ports not allowing anything to come 
in, but that would be best approached once Mikrotik and the per interface 
setting for unicast reverse path filtering. You would then said customer facing 
interfaces to strict and all other interfaces to loose. They accepted the 
feature request, just haven't implemented it yet.



-
Mike Hammett
  Intelligent Computing Solutions
   
  
  
 
  Midwest Internet Exchange
   
  
 
  The Brothers WISP
   
 





  _  


From: "Mike Hammett"  >
To: af@afmug.com  
Sent: Friday, October 21, 2016 11:21:35 AM
Subject: [AFMUG] Another large DDoS, Stop Being a Dick

There's another large DDoS going on now. Go to this page to see if you can

Re: [AFMUG] Another large DDoS, Stop Being a Dick

2016-10-22 Thread Jaime Solorza

'Smart' home devices used as weapons in website attack
http://www.bbc.com/news/technology-37738823

On Oct 22, 2016 8:14 AM, "Mike Hammett"  wrote:

> Here's a tested config that works with standard IP Firewall. Once I get a
> chance, I'll make and test a version that uses raw.
>
> /ip firewall address-list
> add address=x.x.x.x/yy comment="My IPs" list=Public_Networks
> add address=x.x.x.x/yy comment="Upstream /30" list=Public_Networks
> add address=x.x.x.x/yy comment="Customer ABC's ARIN allocation"
> list=Public_Networks
>
> /ip firewall filter
> add action=drop chain=forward comment="Block Spoofed Traffic"
> out-interface=[upstream interface] src-address-list=!Public_Networks
>
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions 
> 
> 
> 
> 
> Midwest Internet Exchange 
> 
> 
> 
> The Brothers WISP 
> 
>
>
> 
> --
> *From: *"Mike Hammett" 
> *To: *af@afmug.com
> *Sent: *Friday, October 21, 2016 12:17:13 PM
> *Subject: *Re: [AFMUG] Another large DDoS, Stop Being a Dick
>
> /ip firewall address-list
> add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="My IPs"
> add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="Downstream
> customer X IPs"
>
> /ip firewall filter
> add action=drop chain=forward comment="Drop spoofed traffic" disabled=no
> out-interface="To-Upstream" dst-address-list=!"Public-IPs"
>
> That was largely composed off of the top of my head and typed on my phone,
> so it may not be completely accurate.
>
>
> You should also do it on customer-facing ports not allowing anything to
> come in, but that would be best approached once Mikrotik and the per
> interface setting for unicast reverse path filtering. You would then said
> customer facing interfaces to strict and all other interfaces to loose.
> They accepted the feature request, just haven't implemented it yet.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions 
> 
> 
> 
> 
> Midwest Internet Exchange 
> 
> 
> 
> The Brothers WISP 
> 
>
>
> 
> --
> *From: *"Mike Hammett" 
> *To: *af@afmug.com
> *Sent: *Friday, October 21, 2016 11:21:35 AM
> *Subject: *[AFMUG] Another large DDoS, Stop Being a Dick
>
> There's another large DDoS going on now. Go to this page to see if you can
> be used for UDP amplification (or other spoofing) attacks:
>
> https://www.caida.org/projects/spoofer/
>
> Go to these pages for more longer term bad behavior monitoring:
>
> https://www.shadowserver.org/wiki/
> https://radar.qrator.net/
>
>
> Maybe we need to start a database of ASNs WISPs are using and start naming
> and shaming them when they have bad actors on their network. This is
> serious, people. Take it seriously.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions 
> 
> 
> 
> 
> Midwest Internet Exchange 
> 
> 
> 
> The Brothers WISP 
> 
>
>
> 
>
>
>
>

Re: [AFMUG] Highest capacity 6 GHz system

2016-10-22 Thread Jaime Solorza

Icky

On Oct 22, 2016 8:01 AM, "Daniel White"  wrote:

> Exalt became a Cisco partner or something like that, so they were part of
> the ecosystem.
>
>
>
> Cisco didn’t buy Exalt.
>
>
>
> Daniel White
>
> Managing Director – Hardware Distribution Sales
>
> ConVergence Technologies
>
> Cell: +1 (303) 746-3590
>
> dwh...@converge-tech.com
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Jaime Solorza
> *Sent:* Friday, October 21, 2016 7:10 PM
> *To:* Animal Farm 
> *Subject:* Re: [AFMUG] Highest capacity 6 GHz system
>
>
>
> I thought Crisco bought out Exalt
>
>
>
> On Oct 21, 2016 5:10 PM, "Ken Hohhof"  wrote:
>
> I thought I got an ad recently from Exalt about a big sale through the end
> of the year on Extreme Air 6Hz.  Oops, I just found the email, and it’s
> everything but 6 GHz.  Not sure I’d buy Exalt anyway.  Maybe someone else
> was having an overstock sale on 6 GHz?
>
>
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *ch...@wbmfg.com
> *Sent:* Friday, October 21, 2016 5:50 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Highest capacity 6 GHz system
>
>
>
> First I have to find out if there are channels in this area.
>
> Then I have a passive repeater to deal with...
>
>
>
> Not a simple path to engineer.
>
>
>
> *From:* Daniel White
>
> *Sent:* Friday, October 21, 2016 4:33 PM
>
> *To:* af@afmug.com
>
> *Subject:* Re: [AFMUG] Highest capacity 6 GHz system
>
>
>
> Well you can only use 60MHz channels max.  That helps make it more
> competitive.
>
>
>
> 6GHz most likely precludes higher modulations… you just won’t have the
> link budget.  Also depends if you’re going all outdoor or
> split-mount/all-indoor.
>
>
>
> I’d be shocked if there is a winner here – I’d go with the solution your
> most comfortable with.
>
>
>
> My guess is you will end up with Ceragon/Cambium or SIAE.  DragonWave
> Harmony Advanced is certainly worth a look, although I’m not sure about
> 6GHz availability since it just started shipping.
>
>
>
> Chuck feel free to contact me offlist and we could look at some things.
>
>
>
> Daniel White
>
> Managing Director – Hardware Distribution Sales
>
> ConVergence Technologies
>
> Cell: +1 (303) 746-3590
>
> dwh...@converge-tech.com
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com ] *On
> Behalf Of *ch...@wbmfg.com
> *Sent:* Friday, October 21, 2016 2:04 PM
> *To:* af@afmug.com
> *Subject:* [AFMUG] Highest capacity 6 GHz system
>
>
>
> Who has the highest capacity 6 GHz systems these days?
>
>
>
>
> 
>
> Virus-free. www.avast.com
> 
>
>
>
>
>
> 
>  Virus-free.
> www.avast.com
> 
>

Re: [AFMUG] Another large DDoS, Stop Being a Dick

2016-10-22 Thread Mike Hammett

Here's a tested config that works with standard IP Firewall. Once I get a 
chance, I'll make and test a version that uses raw. 

/ip firewall address-list 
add address=x.x.x.x/yy comment="My IPs" list=Public_Networks 
add address=x.x.x.x/yy comment="Upstream /30" list=Public_Networks 
add address=x.x.x.x/yy comment="Customer ABC's ARIN allocation" 
list=Public_Networks 

/ip firewall filter 
add action=drop chain=forward comment="Block Spoofed Traffic" 
out-interface=[upstream interface] src-address-list=!Public_Networks 





- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Mike Hammett"  
To: af@afmug.com 
Sent: Friday, October 21, 2016 12:17:13 PM 
Subject: Re: [AFMUG] Another large DDoS, Stop Being a Dick 


/ip firewall address-list 
add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="My IPs" 
add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="Downstream 
customer X IPs" 

/ip firewall filter 
add action=drop chain=forward comment="Drop spoofed traffic" disabled=no 
out-interface="To-Upstream" dst-address-list=!"Public-IPs" 

That was largely composed off of the top of my head and typed on my phone, so 
it may not be completely accurate. 


You should also do it on customer-facing ports not allowing anything to come 
in, but that would be best approached once Mikrotik and the per interface 
setting for unicast reverse path filtering. You would then said customer facing 
interfaces to strict and all other interfaces to loose. They accepted the 
feature request, just haven't implemented it yet. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Mike Hammett"  
To: af@afmug.com 
Sent: Friday, October 21, 2016 11:21:35 AM 
Subject: [AFMUG] Another large DDoS, Stop Being a Dick 


There's another large DDoS going on now. Go to this page to see if you can be 
used for UDP amplification (or other spoofing) attacks: 

https://www.caida.org/projects/spoofer/ 

Go to these pages for more longer term bad behavior monitoring: 

https://www.shadowserver.org/wiki/ 
https://radar.qrator.net/ 


Maybe we need to start a database of ASNs WISPs are using and start naming and 
shaming them when they have bad actors on their network. This is serious, 
people. Take it seriously. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP

Re: [AFMUG] Highest capacity 6 GHz system

2016-10-22 Thread Daniel White

Exalt became a Cisco partner or something like that, so they were part of the 
ecosystem.



Cisco didn’t buy Exalt.



Daniel White

Managing Director – Hardware Distribution Sales

ConVergence Technologies

Cell: +1 (303) 746-3590

  dwh...@converge-tech.com



From: Af [mailto:af-boun...@afmug.com] On Behalf Of Jaime Solorza
Sent: Friday, October 21, 2016 7:10 PM
To: Animal Farm 
Subject: Re: [AFMUG] Highest capacity 6 GHz system



I thought Crisco bought out Exalt



On Oct 21, 2016 5:10 PM, "Ken Hohhof"  
> wrote:

I thought I got an ad recently from Exalt about a big sale through the end of 
the year on Extreme Air 6Hz.  Oops, I just found the email, and it’s everything 
but 6 GHz.  Not sure I’d buy Exalt anyway.  Maybe someone else was having an 
overstock sale on 6 GHz?





From: Af [mailto:af-boun...@afmug.com  ] On Behalf 
Of ch...@wbmfg.com 
Sent: Friday, October 21, 2016 5:50 PM
To: af@afmug.com 
Subject: Re: [AFMUG] Highest capacity 6 GHz system



First I have to find out if there are channels in this area.

Then I have a passive repeater to deal with...



Not a simple path to engineer.



From: Daniel White

Sent: Friday, October 21, 2016 4:33 PM

To: af@afmug.com 

Subject: Re: [AFMUG] Highest capacity 6 GHz system



Well you can only use 60MHz channels max.  That helps make it more competitive.



6GHz most likely precludes higher modulations… you just won’t have the link 
budget.  Also depends if you’re going all outdoor or split-mount/all-indoor.



I’d be shocked if there is a winner here – I’d go with the solution your most 
comfortable with.



My guess is you will end up with Ceragon/Cambium or SIAE.  DragonWave Harmony 
Advanced is certainly worth a look, although I’m not sure about 6GHz 
availability since it just started shipping.



Chuck feel free to contact me offlist and we could look at some things.



Daniel White

Managing Director – Hardware Distribution Sales

ConVergence Technologies

Cell: +1 (303) 746-3590 

dwh...@converge-tech.com 



From: Af [mailto:af-boun...@afmug.com] On Behalf Of ch...@wbmfg.com 

Sent: Friday, October 21, 2016 2:04 PM
To: af@afmug.com 
Subject: [AFMUG] Highest capacity 6 GHz system



Who has the highest capacity 6 GHz systems these days?




 


Virus-free.  

 www.avast.com





---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

47 matches

Mail list logo