Re: Recent NTP pool traffic increase

2016-12-15 Thread Roland Dobbins
On 16 Dec 2016, at 10:17, Roland Dobbins wrote: Over on nznog, Cameron Bradley posited that this may be related to a TR-069/-064 Mirai variant, which makes use of a 'SetNTPServers' exploit. Perhaps one of them is actually setting

Re: Recent NTP pool traffic increase

2016-12-15 Thread Roland Dobbins
On 16 Dec 2016, at 10:16, Roland Dobbins wrote: > --- Roland Dobbins

Re: Recent NTP pool traffic increase

2016-12-15 Thread Roland Dobbins
On 16 Dec 2016, at 10:09, Dan Drown wrote: This seems more like "someone pushed out bad firmware" rather than something malicious. Everything old is new again . . . --- Roland Dobbins

Re: Recent NTP pool traffic increase

2016-12-15 Thread Dan Drown
Quoting Roland Dobbins : Do you have flow telemetry, which provides a lot more information than basic pps/bps stats? Sources are pretty widely spread out among cell networks/home internet, seem to be mostly US based. I'm not seeing a large amount of traffic per single

Re: Recent NTP pool traffic increase

2016-12-15 Thread Roland Dobbins
On 16 Dec 2016, at 5:45, Jose Gerardo Perales Soto wrote: We've recently experienced a traffic increase on the NTP queries to NTP pool project (pool.ntp.org) servers. Do you have flow telemetry, which provides a lot more information than basic pps/bps stats? Are you seeing normal timesync

Re: Recent NTP pool traffic increase

2016-12-15 Thread Kraig Beahn
How much of a traffic increase? On Dec 15, 2016 5:46 PM, "Jose Gerardo Perales Soto" < gerardo.pera...@axtel.com.mx> wrote: > Hi, > > We've recently experienced a traffic increase on the NTP queries to NTP > pool project (pool.ntp.org) servers. One theory is that some service > provider NTP

Re: ChangeIP.com has been down for 20+ hours

2016-12-15 Thread Javier J
Anyone have a contact there? They probably could have used a hot standby of their DB. On Wed, Dec 14, 2016 at 9:24 PM, Jay Farrell via NANOG wrote: > See their twitter: https://twitter.com/changeipcom > > ChangeIP.com ‏@ChangeIPcom Dec 13 > > DNS Service functions restored,

Re: Recent NTP pool traffic increase

2016-12-15 Thread joel jaeggli
On 12/15/16 3:07 PM, Dan Drown wrote: > Quoting Jose Gerardo Perales Soto : >> We've recently experienced a traffic increase on the NTP queries to >> NTP pool project (pool.ntp.org) servers. One theory is that some >> service provider NTP infraestructure failed

Re: Recent NTP pool traffic increase

2016-12-15 Thread Dan Drown
Quoting Jose Gerardo Perales Soto : We've recently experienced a traffic increase on the NTP queries to NTP pool project (pool.ntp.org) servers. One theory is that some service provider NTP infraestructure failed approximately 2 days ago and traffic is now

Re: Recent NTP pool traffic increase

2016-12-15 Thread Blake Hudson
I would think if a service provider failed, the stats would bear that out. For example, if one of the top ISPs in the world was forwarding requests, then you would likely see an increase in the number of queries generated from IP addresses registered to that organization. A similar effect

Recent NTP pool traffic increase

2016-12-15 Thread Jose Gerardo Perales Soto
Hi, We've recently experienced a traffic increase on the NTP queries to NTP pool project (pool.ntp.org) servers. One theory is that some service provider NTP infraestructure failed approximately 2 days ago and traffic is now being redirected to servers belonging to the NTP pool project. Does

Re: Rogers Peering Request

2016-12-15 Thread jim deleskie
Will reach out to some folks I know there. PM me Network, AS etc. On Thu, Dec 15, 2016 at 3:33 PM, Ryan Gard wrote: > Looking for a Rogers contact to get things moving on a peering request. > Been trying to shout into their ear for well over a month, and haven't > heard

Re: Cogent NOC

2016-12-15 Thread Randy
Hi All, Final update from Cogent -- glad they have finally acknowledged -- but no ETA, just great: After further investigation, we have identified an issue of congestion on our core device. At this time we are scheduling a maintenance to alleviate the congestion which in turn will fix the

Rogers Peering Request

2016-12-15 Thread Ryan Gard
Looking for a Rogers contact to get things moving on a peering request. Been trying to shout into their ear for well over a month, and haven't heard anything back. Further, PeeringDB information seems egregiously outdated as the URLs listed no longer are serviceable. Hoping this is the last ditch

Re: BCP38 and Red Hat

2016-12-15 Thread Christopher Morrow
On Thu, Dec 15, 2016 at 9:48 AM, Stephen Satchell wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1370963 > > Just a reminder that I have a feature request outstanding with Red Hat > to add support for BCP38, as well as measures for certain protocol-based > amplification

BCP38 and Red Hat

2016-12-15 Thread Stephen Satchell
https://bugzilla.redhat.com/show_bug.cgi?id=1370963 Just a reminder that I have a feature request outstanding with Red Hat to add support for BCP38, as well as measures for certain protocol-based amplification reflection attacks. My intent for making the suggestion is to stiffen firewalld(8) in