The thread made it to both NetworkWorld:
http://www.networkworld.com/news/2010/120910-wikileaks-ddos-attacks.html
and Slashdot:
http://tech.slashdot.org/story/10/12/12/2120254/Has-Progress-Been-Made-In-Fighting-DDoS-Attacks
with the usual set of comments :)
-Lorand Jakab
On 12/12/2010 08:58 AM,
verizon's ddos service was/is 3250/month flat... not extra if there
was some sort of incident, and completely self-service for the
customer(s). Is 3250/month a reasonable insurance against loss?
(40k/yr or there abouts)
-chris
That doesn't sound too unreasonable as long as you are in a market
I'm certain there are thresholds to that. Carrier grade mitigation
solutions will start low and ramp up to 5, 6, 7, etc. figures
depending on the attack and amount of bandwidth to be filtered among
other variables.
My point was, if you mitigate the attack vs. null routing the target you have
On Dec 12, 2010, at 12:05 AM, Christopher Morrow wrote:
verizon's ddos service was/is 3250/month flat... not extra if there
was some sort of incident, and completely self-service for the
customer(s). Is 3250/month a reasonable insurance against loss?
(40k/yr or there abouts)
Or just buy a
On Sat, Dec 11, 2010 at 11:59:07AM -0800, andrew.wallace wrote:
I was reading about this- yeah really anonymous.
http://praetorianprefect.com/archives/2010/12/anonymous-releases-very-unanonymous-press-release/
Also:
http://www.boingboing.net/2010/12/11/anonymous-isnt-loic.html
All we
On Mon, Dec 13, 2010 at 8:49 AM, Drew Weaver drew.wea...@thenap.com wrote:
verizon's ddos service was/is 3250/month flat... not extra if there
was some sort of incident, and completely self-service for the
customer(s). Is 3250/month a reasonable insurance against loss?
(40k/yr or there
We're looking at implementing a DSL private network in various provinces in
Canada. There seems to be two main ways to do this: build the network yourself
by creating relationships with the local DSL providers (Bell, Telus, MTS, etc)
; or build the network using a third-party that already has
On Mon, Dec 13, 2010 at 8:52 AM, Drew Weaver drew.wea...@thenap.com wrote:
I'm certain there are thresholds to that. Carrier grade mitigation
solutions will start low and ramp up to 5, 6, 7, etc. figures
depending on the attack and amount of bandwidth to be filtered among
other variables.
On Dec 13, 2010, at 10:10 AM, James Smith wrote:
We're looking at implementing a DSL private network in various provinces in
Canada. There seems to be two main ways to do this: build the network
yourself by creating relationships with the local DSL providers (Bell, Telus,
MTS, etc) ;
I'm using a third party for about 15 sites of Private DSL across Canada.
Others may have different issues, but mine so far have been:
- SaskTel apparently doesn't connect with anybody (or so I have been
told) so I'm stuck with VPN.
- My connections in Telus country have only been ADSL PVC (not
On 12/13/2010 10:10 AM, James Smith wrote:
We're looking at implementing a DSL private network in various provinces in
Canada. There seems to be two main ways to do this: build the network
yourself by creating relationships with the local DSL providers (Bell, Telus,
MTS, etc) ; or build
Hello...
I'm trying to get a handle on implementation of wake-on-lan in an
enterprise environment. Cisco gear, lots of subnets. I've made it
work with directed broadcasts, but I'd really rather not have 40 or
50 'ip helper-address x.x.x.bcastaddr' statements on the vlans with
the SMS
On 12/13/2010 8:32 AM, Jared Mauch wrote:
Or just buy a gig-e from cogent at 3$/meg/mo (or is it $4 this
month?) to burn for ddos.
*cough* 10G burstable with 1-2G commit. Still cheaper than anything else
I have or can get, and more likely to handle those large DDOS cases,
where you can just
Greetings Nanog,
Looking for some off-list reviews/insight on the FCP, We are looking into
the device for purchase over the next few months, We are in the 10G range of
products.
Thank you
WOL is unfortunately terribly deficient in that the spec. never envisioned the
possibility
of a need for wake on WAN.
Bottom line, it's a non-routeable layer 2 protocol. Your choices boil down to
the
helper address nightmare you describe or proxy servers on every subnet.
Owen
On Dec 13, 2010,
On 12/13/2010 10:20 AM, Owen DeLong wrote:
WOL is unfortunately terribly deficient in that the spec. never envisioned the
possibility
of a need for wake on WAN.
Bottom line, it's a non-routeable layer 2 protocol. Your choices boil down to
the
helper address nightmare you describe or proxy
On Monday, December 13, 2010 11:20:20 am Owen DeLong wrote:
WOL is unfortunately terribly deficient in that the spec. never envisioned
the possibility
of a need for wake on WAN.
Use case I can think of: 'green' data center running VMware VI3 or vSphere with
DRS and dynamically bringing
On Dec 13, 2010, at 11:15 AM, Jack Bates wrote:
On 12/13/2010 8:32 AM, Jared Mauch wrote:
Or just buy a gig-e from cogent at 3$/meg/mo (or is it $4 this
month?) to burn for ddos.
*cough* 10G burstable with 1-2G commit. Still cheaper than anything else
I have or can get, and more likely to
On 12/13/2010 11:08 AM, Berry Mobley wrote:
Hello...
I'm trying to get a handle on implementation of wake-on-lan in an
enterprise environment. Cisco gear, lots of subnets. I've made it work
with directed broadcasts, but I'd really rather not have 40 or 50 'ip
helper-address
On 12/13/2010 10:43 AM, christopher.mar...@usc-bt.com wrote:
Jack Bates:
I would suspect that proxy servers being the better deal, though
my experience with Cisco is that you may have to use ASR type gear
to get a nicer layout (similar to service providers) where you can
backend everything to a
Cc
On Monday 13 December 2010 17:02:59 Atticus wrote:
Cc
I presume this is some sort of spam-test?
--
The only thing worse than e-mail disclaimers...is people who send e-mail to
lists complaining about them
signature.asc
Description: This is a digitally signed message part.
On 12/13/2010 11:07 AM, Alexander Harrowell wrote:
On Monday 13 December 2010 17:02:59 Atticus wrote:
Cc
I presume this is some sort of spam-test?
I got 3 emails from Atticus. one quoting data only, one saying just Z,
and another carboned to x...@gamil.com with just
zzsxexz
On
On 12/13/10 10:12 AM, Jack Bates wrote:
On 12/13/2010 11:07 AM, Alexander Harrowell wrote:
On Monday 13 December 2010 17:02:59 Atticus wrote:
Cc
I presume this is some sort of spam-test?
I got 3 emails from Atticus. one quoting data only, one saying just Z,
and another carboned to
Appologies to all that got a quote email from me. My phone decided to
pocket-reply to you.
Owen DeLong o...@delong.com writes:
WOL is unfortunately terribly deficient in that the spec. never =
envisioned the possibility
of a need for wake on WAN.
Bottom line, it's a non-routeable layer 2 protocol. Your choices boil =
down to the
helper address nightmare you describe or proxy
http://tech.slashdot.org/submission/1416250/68-of-US-broadband-connections-arent-broadband
-Bill
PGP.sig
Description: This is a digitally signed message part
http://samec.org.ua/
FYI,
A single data point on current DDOS traffic levels.
An Akamai press release says they handled DDOS attacks peaking at
14Gbps in the Nov. 30 to Dec 2nd time frame.
http://finance.yahoo.com/news/Akamai-Shields-Leading-prnews-2768453391.html
The majority of attack traffic against the five
On Dec 14, 2010, at 2:04 AM, Bill Bogstad wrote:
A single data point on current DDOS traffic levels.
In the 2009 Arbor WWISR, the largest attack reported was 49gb/sec. We're
currently wrapping up the 2010 WWISR, and the largest attack report was
considerably larger.
Thanks, everyone, for the replies - looks like I need to get my
server team interested in knowing broadcast addresses for hosts, and
making SMS send to those addresses.
I do have the 'ip directed-broadcast acl' in place, but the servers
are currently sending the magic packets to the all-1's
The largest attacks we have solid proof on are 20+ Gbps. The only
larger ones that i've seen were in company's marketing collateral vs.
real life.
Jeff
On Mon, Dec 13, 2010 at 2:11 PM, Dobbins, Roland rdobb...@arbor.net wrote:
On Dec 14, 2010, at 2:04 AM, Bill Bogstad wrote:
A single data
On Sun, 2010-12-12 at 19:36 -0800, George Bonser wrote:
(...) The financial derivatives market isn't, in my opinion, a good analogy of
the peering market. A data packet is perishable and must be moved
quickly. The destination network wants the packet in order to keep
their customer happy and
The electricity spot market is close to your definition of
perishable:
http://en.wikipedia.org/wiki/Electricity_market
It has a derivative market, google for electricity derivatives will
give you some papers and models.
I'm pretty sure electricity and bandwidth share some patterns.
Date: Mon, 13 Dec 2010 10:09:16 -0500
From: Christopher Morrow morrowc.li...@gmail.com
On Mon, Dec 13, 2010 at 8:49 AM, Drew Weaver drew.wea...@thenap.com wrote:
verizon's ddos service was/is 3250/month flat... not extra if there
was some sort of incident, and completely self-service
On Mon, Dec 13, 2010 at 3:29 PM, Kevin Oberman ober...@es.net wrote:
Date: Mon, 13 Dec 2010 10:09:16 -0500
From: Christopher Morrow morrowc.li...@gmail.com
if you find that guy, maybe they'll also be the mythical unicorn of a
sales person who will sell you ipv6 transit too?
Unless VZB has
On Dec 14, 2010, at 2:40 AM, Jeffrey Lyon jeffrey.l...@blacklotus.net wrote:
The only larger ones that i've seen were in company's marketing collateral vs.
real life.
Here's a link to last year's Report (previous editions may be downloaded, as
well):
http://www.arbornetworks.com/report
The
Yeah, well, sorta. sorta not so much :)
On Mon, Dec 13, 2010 at 3:28 PM, George Bonser gbon...@seven.com wrote:
The electricity spot market is close to your definition of
perishable:
http://en.wikipedia.org/wiki/Electricity_market
It has a derivative market, google for electricity
-Original Message-
From: Atticus [mailto:grobe...@gmail.com]
Sent: 13 December 2010 17:24
To: nanog@nanog.org
Subject: Re: Wake on LAN in the enterprise
Appologies to all that got a quote email from me. My phone decided to
pocket-reply to you.
-Original Message-
From: Brielle
Ever wonder what Comcast's connections to the Internet look like? In the
tradition of WikiLeaks, someone stumbled upon these graphs of their TATA links.
For reference, TATA is the only other IP transit provider to Comcast after
Level (3). Comcast is a customer of TATA and pays them to provide
On 12/13/2010 11:07 PM, Backdoor Santa wrote:
Ever wonder what Comcast's connections to the Internet look like? In the
tradition of WikiLeaks, someone stumbled upon these graphs of their TATA links.
Forgive me for being the skeptic, but I presume there is at least a
traceroute with rDNS
On Tue, 14 Dec 2010, Jack Bates wrote:
On 12/13/2010 11:07 PM, Backdoor Santa wrote:
Ever wonder what Comcast's connections to the Internet look like? In the
tradition of WikiLeaks, someone stumbled upon these graphs of their TATA
links.
Forgive me for being the skeptic, but I presume
On Mon, 13 Dec 2010, Sam Stickland wrote:
Ironically though, wouldn't smaller buffers cost less thus making the CPEs
1 megabyte of buffer (regular RAM) isn't really expensive.
cheaper still? I believe the argument made in the blog post is that
cheaper RAM been causing the CPE manufacturers
On Mon, 13 Dec 2010, Backdoor Santa wrote:
Another thing to notice is the ratio of inbound versus outbound. Since
Comcast is primarily a broadband access network provider, they're going
to have millions of eyeballs (users) downloading content.
Actually, there are plenty of access providers
I don't see anything listed that indicates operation that is at all different
from any other service provider network.
The capacity issue listed is not an issue at all. It's simply inciting anger
and the same rhetoric that pollutes the legitimate discussion of backbone
network constraints.
gin-nto-icore1 is a Tata router at Equinix in NY. Whether or not that
port belongs to Comcast is anyone's guess.
Jeff
On Tue, Dec 14, 2010 at 1:39 AM, Justin M. Streiner
strei...@cluebyfour.org wrote:
On Tue, 14 Dec 2010, Jack Bates wrote:
On 12/13/2010 11:07 PM, Backdoor Santa wrote:
46 matches
Mail list logo