hey,
But why did the TLS Hello has a TTL lower that the TCP Syn ?
Do you have any information on that ?
Consumer CPEs are typically some BCM reference design where initial TCP
handshake is handled by linux kernel and everything following (including
NAT) is handled in SOC.
I've seen those
On Sun, Sep 2, 2018 at 6:49 AM, Bjørn Mork wrote:
> William Herrin writes:
>> On Sun, Sep 2, 2018 at 6:06 AM, Bjørn Mork wrote:
>>> William Herrin writes:
https://bill.herrin.us/network/anycasttcp.html
>>>
>>> I didn't see a security section in your document. Did you consider the
>>> sid
William Herrin writes:
> On Sun, Sep 2, 2018 at 6:06 AM, Bjørn Mork wrote:
>> William Herrin writes:
>>> https://bill.herrin.us/network/anycasttcp.html
>>
>> I didn't see a security section in your document. Did you consider the
>> side effects of this sequence number abuse?
>
> Hi Bjørn,
>
>
On Sun, Sep 2, 2018 at 6:06 AM, Bjørn Mork wrote:
> William Herrin writes:
>> https://bill.herrin.us/network/anycasttcp.html
>
> I didn't see a security section in your document. Did you consider the
> side effects of this sequence number abuse?
Hi Bjørn,
In the "issues and criticisms" sectio
On 09/02/2018 10:24 AM, James Bensley wrote:
> It is available via the NANOG list archives:
> https://mailman.nanog.org/pipermail/nanog/2018-September/096871.html
But why did the TLS Hello has a TTL lower that the TCP Syn ?
Do you have any information on that ?
William Herrin writes:
> BTW, for anyone concerned about an explosion in state management
> overhead, the TL;DR version is: the anycast node which first accepts
> the TCP connection encodes its identity in the TCP sequence number
> where all the other nodes can statelessly find it in the subseque
I would redirect the packet to a VRF with one global drop UDP ACL. That
scales perfectly. There is probably many ways to implement such a feature.
søn. 2. sep. 2018 11.07 skrev Ryan Hamel :
> Baldur,
>
>
>
> Modifying the routing table with a next-hop change from a community, is
> different than
Baldur,
Modifying the routing table with a next-hop change from a community, is
different than having a line card filtering packets at layer 4, of course most
if not all carriers will support it. Instead of doing normal TCAM route
lookups, you’re getting into packet inspection territory, which
This is not true. Some of our transits do RTBH for free. For example Cogent.
They will not do FlowSpec. Maybe their equipment can not do it or for some
other reason.
However RTBH is a simple routing hack that can be implemented on any
router. The traffic is dropped right at the edge and is never
On Sat, 1 Sep 2018 at 21:06, Garrett Skjelstad wrote:
>
> I would love this as a blog post to link folks that are not nanog members.
>
> -Garrett
Hi Garrett,
It is available via the NANOG list archives:
https://mailman.nanog.org/pipermail/nanog/2018-September/096871.html
I've shared this story
10 matches
Mail list logo