It's OK to see any garbage in SNMP; I never got surprised (as I was not
surprised when I killed firewall by snmpwalk).
No one (in reality) makes good QA on SNMP functions (on routers or
switches).
I already have a few sanity checks in 'snmpstat', may be I should add one
more (ignore answers with
Cisco drops SNMP requests but not return '0', I saw it (dropped requests
because of _busy_) many times.
- Original Message -
From: Petri Helenius [EMAIL PROTECTED]
To: Jim Popovitch [EMAIL PROTECTED]
Cc: Alexei Roudnev [EMAIL PROTECTED]; [EMAIL PROTECTED];
nanog@merit.edu
Sent: Sunday,
Hi,
you aren't distinguishing between 'dos attack' and
'scan' or 'probe' or
'welcome to the Internet!' traffic. The Arbor
systems may see 'scan'
traffic (depending upon sample rates and traffic
loads) and they may
not... They aren't designed to see that, they are
designed to:
and your phone number has to be local to your location.
^^
Thanks for proving my point.
And who says that a location needs to have only a single
phone number. Many VoIP providers will sell you extra
vanity numbers anywhere in the USA or
On Sat, 2005-03-05 at 14:43 -0800, william(at)elan.net wrote:
Global DNS cache poisoning attack?; Update...
It's a bit frustrating that problems this old and well-known can
actually be used to cause damage.
The easiest way to check if you are vulnerable to DNS poisoning is to
try to poison
On Mon, 07 Mar 2005 06:11:35 + (GMT), Christopher L. Morrow
[EMAIL PROTECTED] wrote:
Some of your cflowd gathering should also see these things, but they will
need data correlation, something Arbor already went to the trouble of
doing for you... So, define: attack and then see if your
If VOIP doesn't run on your network because you've oversold your capacity,
no amount of QoS is going to put the quality back into your service.
People will find better ISPs. If you deliberately set QoS to favor your
services over a competitor, whom your customers are also paying for
service,
Do you also offer premium 80 traffic? Or guaranteed delivery of UDP?
Unbundled services will give the best price, and good service. Maybe we
won't get the service anytime soon, but 2 out of the magical 3 isn't
bad.
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
Amidst all the hoopla w.r.t. port blocking their service,
this outage couldn't have come at a worse time, methinks.
The outage on Friday left about half of its 500,000
subscribers without phone service for about 45 minutes
and ... was caused by a glitch with a software upgrade
on Thursday
On Mon, 7 Mar 2005, Fergie (Paul Ferguson) wrote:
Amidst all the hoopla w.r.t. port blocking their service,
this outage couldn't have come at a worse time, methinks.
The outage on Friday left about half of its 500,000
subscribers without phone service for about 45 minutes
and ... was
Amidst all the hoopla w.r.t. port blocking their service,
this outage couldn't have come at a worse time, methinks.
The outage on Friday left about half of its 500,000
subscribers without phone service for about 45 minutes
and ... was caused by a glitch with a software upgrade
on Thursday
No, what makes this newsworthy is exactly what Om Malik
says: VoIP is being oversold.
http://www.gigaom.com/2005/03/06/voip-has-serious-problems/
- ferg
-- Randy Bush [EMAIL PROTECTED] wrote:
Amidst all the hoopla w.r.t. port blocking their service,
this outage couldn't have come at a
No, what makes this newsworthy is exactly what Om Malik
says: VoIP is being oversold.
Let's be clear here. Vonage is not a VoIP company.
They do not offer a VoIP service. They are a phone
company that offers a type of phone service which
leverages VoIP to handle the last mile connection
to
Companies like Vonage are signing up subscribers because they
provide real phone service connecting you to copperline
subscribers on the real phone network. That is their business
model. Verizon could sell exactly the same sort of service to
subscribers in California leveraging the
Petri Helenius wrote:
And lately, for reasons undetermined so far there has been instances of
both vendor C and J where counters suddenly go to zero either
temporarily (like 1,2,3,4,0,6,7,8,0,10,etc.) or reset altogether without
any reason.
Pete
I am unclear as to what Vendors C and J are.
On Mon, 7 Mar 2005, Adi Linden wrote:
If VOIP doesn't run on your network because you've oversold your capacity,
no amount of QoS is going to put the quality back into your service.
People will find better ISPs. If you deliberately set QoS to favor your
services over a competitor, whom your
On Mon, Mar 07, 2005 at 08:45:30AM -0600, Adi Linden said something to the
effect of:
If VOIP doesn't run on your network because you've oversold your capacity,
no amount of QoS is going to put the quality back into your service.
People will find better ISPs. If you deliberately set QoS
On Mon, Mar 07, 2005 at 11:38:53AM +, Ketil Froyn said something to the
effect of:
On Sat, 2005-03-05 at 14:43 -0800, william(at)elan.net wrote:
Global DNS cache poisoning attack?; Update...
It's a bit frustrating that problems this old and well-known can
actually be used to cause
On Mon, Mar 07, 2005 at 01:43:29PM +0200, Kim Onnel wrote:
On Mon, 07 Mar 2005 06:11:35 + (GMT), Christopher L. Morrow
[EMAIL PROTECTED] wrote:
Some of your cflowd gathering should also see these things, but they will
need data correlation, something Arbor already went to the trouble
* * * * * * * * * * * * * * * * *
CALL FOR PRESENTATIONS
NANOG 34
May 15-17, 2005
* * * * * * * * * * * * * * * * *
The North American Network
* Kim Onnel:
So I can safely say that Detecting DDoS attacks is mostly done using
Netflow data, now the only tool(known) on the market to analyze for
attacks is Arbor, now besides being expensive, which is a problem for
Mid-sizes ISPs,
Who qualifies as a mid-sized ISP? What equipment is
* Jared Mauch:
If you want some basic detection, I recommend doing something
like this:
sort by the top proto+dstip+dstport+tcpflags
combination. The more of these you see, the more it may
look weird.
You should also run a similar query for source IPs in your netblocks,
I just tried accessing http://www.nanog.org/, and am getting back a
403 Forbidden error:
Forbidden
You don't have permission to access / on this server.
Did somebody break the web server?
-Brent
--
Brent Chapman [EMAIL PROTECTED]
Great Circle Associates, Inc.
Hi all,
Plan to set up a 2 rack outpost in a colo in Europe. I am looking for
prior experience(s) -- Good or ugly.
My research leads me to believe that London and Amsterdam have the
most dense connectivity. Is this true ?
If so, then what colo's / ISPs in these 2 cities would you recommend.
On Mon, 2005-03-07 at 15:58 -0800, Brent Chapman wrote:
I just tried accessing http://www.nanog.org/, and am getting back a
403 Forbidden error:
Forbidden
You don't have permission to access / on this server.
Did somebody break the web server?
Works for me. Perhaps it was
At 10:43 PM -0500 3/7/05, Jim Popovitch wrote:
On Mon, 2005-03-07 at 15:58 -0800, Brent Chapman wrote:
I just tried accessing http://www.nanog.org/, and am getting back a
403 Forbidden error:
Forbidden
You don't have permission to access / on this server.
Did somebody break the
-Original Message-
From: Brent Chapman [mailto:[EMAIL PROTECTED]
Sent: Monday, March 7, 2005 11:58 PM
To: nanog@merit.edu
Subject: www.nanog.org returning 403 Forbidden error?
I just tried accessing http://www.nanog.org/, and am getting back a
403 Forbidden error:
Forbidden
Tuesday, March 8, 2005, 3:34:07 AM, Ashe Canvar wrote:
Plan to set up a 2 rack outpost in a colo in Europe. I am looking for
prior experience(s) -- Good or ugly.
Avoid Redbux Hex (London) like the plague, just ask about their
recent power outages. AFAIK their other facilities are ok.
--
Hi,
The two best colo folks in the UK are
Www.caladan.net good colo in london and manchester
Www.bogons.net good colo in london
Colin Johnston
Www.satsig.net hub network ops
29 matches
Mail list logo
