Re: DDoS attack with blackmail

I’m also curious if they did as promised. I read this today: https://beta.darkreading.com/threat-intelligence/-fancy-lazarus-criminal-group-launches-ddos-extortion-campaign Best. On Wed, Jun 9, 2021 at 8:35 AM Edvinas Kairys wrote: > Hey, > > Did you get the attack promised ? after 1 week

RE: AT Fiber Line / NOT MIS

Called Cascaded Router configuration on The POS router they gave .. their support and their support “Supervisor” could not make it work. I just did .. FUN. [LTI-Full_175px] Dennis Burgess, Mikrotik Certified Trainer MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE, MTCSE, HE IPv6 Sage, Cambium ePMP

Re: Technical resources for Open Access Fiber Networks?

On 6/9/21 8:16 PM, Mark Leonard wrote: Not so long ago I learned about Open Access Fiber Networks.  I'm quite curious about how these are actually implemented.  I'm able to find boatloads of marketing material and management-targeted boilerplate, but I've not yet been able to find any

RE: Technical resources for Open Access Fiber Networks?

In New Zealand we have a nationwide government sponsored FTTH open access network based on GPON and XGSPON. There are local access companies (LFC or Local Fibre Company) that handover double tagged layer2 that the various service providers (RSP or Retail Service Provider) can either pick up

Re: AT Fiber Line / NOT MIS

Yep; but even IP Passthrough, routed subnet, etc. all count as NAT sessions against the internal NAT table. BTW, that's the feature you're looking for - routed subnet. That will pass your /26 to another network device over an RFC1918 subnet. The steps depend on what particular gateway hardware

Re: AT Fiber Line / NOT MIS

Ya not wishing to do NAT... Sent from mobile device.. From: Alex Conner Sent: Thursday, June 10, 2021 1:49:27 PM To: TJ Trout Cc: Dennis Burgess ; nanog@nanog.org Subject: Re: AT Fiber Line / NOT MIS Bonus points, the small business fiber has extremely

Re: AT Fiber Line / NOT MIS

Bonus points, the small business fiber has extremely limited NAT session limits (depends on hardware, but not greater than 16,000 sessions) and *everything *counts. Cold loading CNN.com (an AT company) in a default config without an adblocker will use close to 3000, which will saturate and cause

Re: AT Fiber Line / NOT MIS

Yeah not going to happen on U-verse On Thu, Jun 10, 2021 at 11:32 AM Dennis Burgess wrote: > Guess their broadband stuff☹ > > > > > > *[image: LTI-Full_175px]* > > *Dennis Burgess* > > > Author of "Learn RouterOS- Second Edition” > > *Link Technologies, Inc* -- Mikrotik & WISP Support Services

RE: AT Fiber Line / NOT MIS

Guess their broadband stuff☹ [LTI-Full_175px] Dennis Burgess Author of "Learn RouterOS- Second Edition” Link Technologies, Inc -- Mikrotik & WISP Support Services Office: 314-735-0270 Website: http://www.linktechs.net Create Wireless Coverage’s with

Re: NAT devices not translating privileged ports

Hi, Jean, On Thu, 2021-06-10 at 08:23 -0400, Jean St-Laurent wrote: > Let's start with this example. When I click sync my clock in windows, > this happened. > > On the inside or Private side > 08:15:07.434344 IP 192.168.254.205.123 > 13.86.101.172.123: NTPv3, > Client, length 48 >

Re: AT Fiber Line / NOT MIS

call back, i dont think that's accurate. What is the specific product? On Thu, Jun 10, 2021 at 7:25 AM Dennis Burgess wrote: > I have a ATT fiber line for a customer that has a 300/300 circuit, but its > not a MIS they are telling me we cannot route a /26 (they have allocated) > to my device

Re: irrd 4.1.2 deployed at NTT

> this change means that NTT's IRR mirror service will now use RPKI > Validated ROAs to filter out invalid IRR objects! This filtering > strategy is similar to RIPE-731. > > Creation of RPKI ROAs will trigger deletion of conflicting IRR > objects, this helps clean up stale objects. Existing RPKI

Re: A survey on BGP MRAI timer values in practice

My question at this point is, what slow global convergence? When I (or any of my downstreams) adjusts a prefix, I nearly always see global propagation in well under 60 seconds. Among networks where I can check, at least. I understand it could be technically possible to see near-instantaneous

Re: NAT devices not translating privileged ports

On 6/10/2021 4:04 AM, Fernando Gont wrote: Hi, Blake, Thanks a lot for your comments! In-line On Fri, 2021-06-04 at 11:13 -0500, Blake Hudson wrote: Current gen Cisco ASA firewalls have logic so that if the connection from a private host originated from a privileged source port, the NAT

AT Fiber Line / NOT MIS

I have a ATT fiber line for a customer that has a 300/300 circuit, but its not a MIS they are telling me we cannot route a /26 (they have allocated) to my device behind it. ☹ Any options? [LTI-Full_175px] Dennis Burgess Mikrotik : Trainer, Network Associate, Routing Engineer, Wireless

Technical resources for Open Access Fiber Networks?

Hi NANOG, Not so long ago I learned about Open Access Fiber Networks. I'm quite curious about how these are actually implemented. I'm able to find boatloads of marketing material and management-targeted boilerplate, but I've not yet been able to find any technical resources. My first thoughts

RE: NAT devices not translating privileged ports

Let's start with this example. When I click sync my clock in windows, this happened. On the inside or Private side 08:15:07.434344 IP 192.168.254.205.123 > 13.86.101.172.123: NTPv3, Client, length 48 08:15:07.473681 IP 13.86.101.172.123 > 192.168.254.205.123: NTPv3, Server, length 48 You are

Re: Can't Port from a Particular Rate Center

Another trick I've used is to use a separate number and forward the old number to the new.  Set the caller ID to the original number, test 911.  You may want to run the 911 with the new number instead though.  With this setup, you can try porting again down the road, but at least you have a

Re: EXTERNAL: Re: Can't Port from a Particular Rate Center

If there's wireless you can always try porting to wireless. We do that in a few rate centers Ray Orsini Chief Executive Officer OIT, LLC 305.967.6756 x1009 | 305.571.6272 r...@oit.co | www.oit.co oit.co/ray Headed to ASCII: Ohio on June 16th - 17th? Come

Re: NAT devices not translating privileged ports

Hi, Jean, On Thu, 2021-06-10 at 06:54 -0400, Jean St-Laurent via NANOG wrote: > Hi Fernando, > > NTP sounds simple but it could be very complex when you dig deep down > and/or get lost in details. > Here are 2 things to consider: > > 1. NTP clients can query NTP servers by using SRC UDP ports

RE: NAT devices not translating privileged ports

Hi Fernando, NTP sounds simple but it could be very complex when you dig deep down and/or get lost in details. Here are 2 things to consider: 1. NTP clients can query NTP servers by using SRC UDP ports > 1024. 2. NTP servers cannot query/sync/communicate to another NTP server when using SRC

Re: NAT devices not translating privileged ports

Hi, Bjørn, On Thu, 2021-06-10 at 12:10 +0200, Bjørn Mork wrote: > Fernando Gont via NANOG writes: > > > What has been reported to us is that some boxes do not translate > > the > > src port if it's a privileged port. > > > > IN such scenarios, NTP implementations that always use src > >

Re: NAT devices not translating privileged ports

Fernando Gont via NANOG writes: > What has been reported to us is that some boxes do not translate the > src port if it's a privileged port. > > IN such scenarios, NTP implementations that always use src port=123, > dst port=123 might be in trouble if there are multiple NTP clients > behind the

Re: NAT devices not translating privileged ports

Hi, Jean, On Fri, 2021-06-04 at 08:36 -0400, Jean St-Laurent wrote: > I believe all devices will translate a privileged ports, but it won't > translate to the same number on the other side. It will translate to > an unprivileged port. Is it what you meant or really there are some > devices that

Re: NAT devices not translating privileged ports

Hi, Blake, Thanks a lot for your comments! In-line On Fri, 2021-06-04 at 11:13 -0500, Blake Hudson wrote: > Current gen Cisco ASA firewalls have logic so that if the connection > from a private host originated from a privileged source port, the > NAT > translation to public IP also uses

Re: A survey on BGP MRAI timer values in practice

On 6/10/21 08:26, Saku Ytti wrote: I don't understand the question, but the way I read the question it may be unanswerable even if I did understand it. As the reader would self-define negligible and well acceptable and answer yes/no based on the definition they used, which might be different

Re: A survey on BGP MRAI timer values in practice

On Wed, 9 Jun 2021 at 20:43, Randy Bush wrote: > are we confident that in the global context, not just within an isp, > there is negligible, well acceptable, oscillation? I don't understand the question, but the way I read the question it may be unanswerable even if I did understand it. As the