Re: BGP prefix filter list

On Wed, May 15, 2019 at 7:27 AM Dan White wrote: > On 05/15/19 13:58 +, Phil Lavin wrote: > >> We're an eyeball network. We accept default routes from our transit > >> providers so in theory there should be no impact on reachability. > >> > >> I'm pretty concerned about things that I don't

Re: Gi Firewall for mobile subscribers

of > random traffic (mainly 22 and 3389). > I believe he was talking about ipv6. Does this backscatter happen in ipv6 given how impractical scanning ipv6 is ? > On Wed, Apr 10, 2019 at 9:49 AM Ca By wrote: > >> >> >> On Wed, Apr 10, 2019 at 6:23 AM Amos Rosenboim

Re: Gi Firewall for mobile subscribers

On Wed, Apr 10, 2019 at 6:23 AM Amos Rosenboim wrote: > Hello NANOG, > > > > We are discussing internally and wanted to get more opinions and > especially more data on what are people actually doing. > > We are running an ISP network with about 150K fixed broadband users, > running dual stack

Re: Frontier rural FIOS & IPv6

On Sun, Mar 31, 2019 at 4:20 PM Matt Hoppes < mattli...@rivervalleyinternet.net> wrote: > Going to play devils advocate. > > If frontier has a ton of ipv4 addresses, what benefit is there to them in > rolling out ipv6? > > What benefit is there to you? > I love xbox and xbox works better on

Re: Incoming SSDP UDP 1900 filtering

lot about anticipated traffic volume. > > On Mar 25, 2019, at 07:13, Ca By wrote: > > Blocked ssdp and move on > > Ssdp is a horrible ddos vector > > Comcast and many others already block it, because is the smart and best > thing to do > > https://www.xfinity.com/s

Re: Incoming SSDP UDP 1900 filtering

Blocked ssdp and move on Ssdp is a horrible ddos vector Comcast and many others already block it, because is the smart and best thing to do https://www.xfinity.com/support/articles/list-of-blocked-ports On Mon, Mar 25, 2019 at 1:30 AM marcel.duregards--- via NANOG < nanog@nanog.org> wrote: >

Re: A Deep Dive on the Recent Widespread DNS Hijacking

On Tue, Feb 26, 2019 at 6:25 AM David Conrad wrote: > On Feb 26, 2019, at 2:35 PM, Ca By wrote: > > On Tue, Feb 26, 2019 at 1:58 AM Bill Woodcock wrote: > >> > On Feb 24, 2019, at 10:03 PM, Hank Nussbacher >> wrote: >> > Did you have a CAA record def

Re: A Deep Dive on the Recent Widespread DNS Hijacking

of switching to Let’s Encrypt, and they were one of the two CAs > whose process vulnerabilities the attackers were exploiting. So, in this > particular case, it wouldn’t have helped. > > I guess the combination of CAA with a very expensive, or very manual, CA, > might be an improvem

Re: A Deep Dive on the Recent Widespread DNS Hijacking

io it is not > preventative. > > In the 3rd attack noted below, do we know if the CA that issued the DV > CERTS does DNSSEC validation on its DNS challenge queries? > > Hopefully folks who deploy DNSSEC signed zones test validation on their > domains on a regular basis, and I

Re: AT/as7018 now drops invalid prefixes from peers

On Mon, Feb 11, 2019 at 6:55 AM Jay Borkenhagen wrote: > > FYI: > > The AT/as7018 network is now dropping all RPKI-invalid route > announcements that we receive from our peers. > > We continue to accept invalid route announcements from our customers, > at least for now. We are communicating

Re: IPv6 and forensic requests

You want this to log the bindings through the nat64 https://www.jool.mx/en/usr-flags-global.html#logging-bib Then you cross reference that with the /64 that is assigned to the UE in the CDR When doing lookups of this data, only look at the first 64 bits. That is all that matters and is unique

Re: IPv6 NAT64

On Wed, Jan 23, 2019 at 1:08 PM Art Stephens wrote: > I know this might be off topic but hopefully not too far off. > I heard rumors that there are ISPs out there running IPv6 only > networks where the clients can still get to the IPv4 world without the > $30,000 plus dollar expense of buying a

Re: No IPv6 by design to increase reliability...

On Thu, Jan 17, 2019 at 11:46 AM John Von Essen wrote: > I was having a debate with someone on this. Take a critical web site, > say one where you want 100% global uptime, no potential issues with end > users having connectivity or routing issues getting to your IP. Would it > be advantageous to

Re: Dnssec still inoperable on the internet ?— was ARIN NS down?

On Fri, Jan 11, 2019 at 10:54 AM Mikael Abrahamsson wrote: > On Fri, 11 Jan 2019, Ca By wrote: > > > Thanks for the update that dnssec STILL causes more real world problems > > than it solves. > > Do you feel the same way about RPKI? > Misorgination is a real threat

Re: Dnssec still inoperable on the internet ?— was ARIN NS down?

On Fri, Jan 11, 2019 at 8:10 AM Stephane Bortzmeyer wrote: > On Fri, Jan 11, 2019 at 07:58:25AM -0800, > Ca By wrote > a message of 488 lines which said: > > > No your threats and deploy wisely > > Say no to the threats :-) > This is nanog, so i used the cisco no Its like , negate threats :) > >

Dnssec still inoperable on the internet ?— was ARIN NS down?

Thanks for the update that dnssec STILL causes more real world problems than it solves. . That said, arin is a pro outfit. If they can screw it up, like nasa, so can you. No your threats and deploy wisely -- Forwarded message - From: John Curran Date: Fri, Jan 11, 2019 at

Re: China ’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’ s BGP Hijacking

On Sat, Dec 1, 2018 at 4:28 PM Randy Bush wrote: > > They forgot to mention that it's technically possible to filter > > advertisements from their customer. Which apparently they were/are > > not really doing. > > luckily, CT is the only isp not doing good filtering, or we

Re: Anyone using AT's ECOMP/ONAP?

On Fri, Nov 30, 2018 at 5:54 AM wrote: > Hi gents, > > I'm looking for physical network services orchestration framework for > network service providers that could later be used/extended to orchestrate > other areas of the business (virtualized services in DC, etc..). > So far it appears to me

Re: Zayo vs Coent

Zayo will provide you all of the internet Cogent will provide you with something that is not all internet, it is missing HE and Google on ipv6. On Fri, Nov 9, 2018 at 10:53 AM William Herrin wrote: > Zayo is the former above.net. Worked well for me at previous $job. > Cogent is Cogent. Refer

Re: Whats going on at Cogent

On Tue, Oct 16, 2018 at 5:16 AM David Hubbard wrote: > Have had the same sales rep for several years now; unfortunately he has no > ability to fix their IPv6 peering issue so we’re slowly removing circuits, > but otherwise for a handful of 10gig DIA circuits it’s been stable. > > > Yep, this.

Re: new(ish) ipv6 transition tech status on CPE

On Wed, Oct 10, 2018 at 6:50 AM Philip Loenneker < philip.loenne...@tasmanet.com.au> wrote: > Hi Tom, > > > > This article is now 11 months old, but may be of interest to you: > > https://blog.apnic.net/2017/11/09/ce-vendors-share-thoughts-ipv6-support/ > > > > Some quotes: > >- The major

Re: OpenDNS CGNAT Issues

very meeting about how ipv6 is good not sure what you expect here. Definately not a shoulder to cry on, but i wm sure some v4 brokers and cgn box pushers see your customers blood in the water. CB > > On 9/11/18 9:28 AM, Ca By wrote: > > > > > > On Tue,

Re: OpenDNS CGNAT Issues

yet another service #realtalk > On Sep 11, 2018, at 08:54, Ca By wrote: > > > > On Mon, Sep 10, 2018 at 9:12 PM Darin Steffl > wrote: > >> Hello, >> >> I have a ticket open with OpenDNS about filtering happening on some of >> our CGNAT IP space

Re: OpenDNS CGNAT Issues

On Mon, Sep 10, 2018 at 9:12 PM Darin Steffl wrote: > Hello, > > I have a ticket open with OpenDNS about filtering happening on some of our > CGNAT IP space where a customer has "claimed" the IP as theirs so other > customers using that same IP and OpenDNS are being filtered and not able to >

Re: issues through CGNat (juniper ms-mpc-128g in mx960)

On Sun, Jul 22, 2018 at 6:23 AM Radu-Adrian Feurdean < na...@radu-adrian.feurdean.net> wrote: > On Thu, Jul 19, 2018, at 16:34, Aaron Gould wrote: > > I don't know if it's fixed on the endpoints, or in the cgnat config or > what. > > Not specific to Juniper, but it's NOT fixed. > You'll either

Re: Time to add 2002::/16 to bogon filters?

re you are relying on third parties. > > If one is going to filter 2002::/16 from BGP then install your own gateway > to preserve > the functionality. > > > On 19 Jun 2018, at 10:23 am, Ca By wrote: > > > > > > > > On Mon, Jun 18, 2018 at 4:37 PM Mark A

Re: Time to add 2002::/16 to bogon filters?

On Mon, Jun 18, 2018 at 4:37 PM Mark Andrews wrote: > If a ASN is announcing 2002::/16 then they are are happy to get the > traffic. It > they don’t want it all they have to do is withdraw the prefix. It is not > up to > the rest of us to second guess their decision to keep providing support.

Re: Fraud Dept. Contact at T-Mobile

On Wed, Jun 13, 2018 at 3:26 PM Dovid Bender wrote: > Does anyone have a contact and TMobiles Telco fraud department? > ab...@t-mobile.com

Re: IPv6 faster/better proof? was Re: Need /24 (arin) asap

On Mon, Jun 11, 2018 at 3:08 PM Job Snijders wrote: > On Mon, Jun 11, 2018 at 10:03 PM, Ca By wrote: > > A similar take, is that big eyeballs (tmobile, comcast, sprint, att, > verizon > > wireless) and big content (goog, fb, akamai, netflix) are ipv6. Whats > left > &g

Re: IPv6 faster/better proof? was Re: Need /24 (arin) asap

On Mon, Jun 11, 2018 at 2:29 PM Job Snijders wrote: > I suspect that this may not be an apples to apples comparison. > > Perhaps lack of IPv6 is more prevalent in rural areas with poorer > connectivity to the rest of the Internet? Perhaps both these CDNs > serve content for different types of

Re: Need /24 (arin) asap

dresses. > > > On 11 June 2018 at 09:21, Ca By wrote: > >> On Sun, Jun 10, 2018 at 8:43 AM Stan Ouchakov >> wrote: >> >> > Hi, >> > >> > Can anyone recommend transfer market brokers for ipv4 addresses? Need >> > clean /24 asap

Re: Need /24 (arin) asap

On Sun, Jun 10, 2018 at 8:43 AM Stan Ouchakov wrote: > Hi, > > Can anyone recommend transfer market brokers for ipv4 addresses? Need > clean /24 asap. ARIN's waiting list is too long... > > Thanks! > > > -Stan > > Meanwhile, FB reports that 75% of mobiles in the USA reach them via ipv6

Re: Segment Routing

On Tue, May 22, 2018 at 2:39 AM Mark Tinka wrote: > > > On 22/May/18 10:51, James Bensley wrote: > > > I'm also interested in the uses cases. > > > > As a "typical" service provider (whatever that means) who doesn't have > > any SR specific requirements such as service

Re: internet - sparkle

On Wed, May 16, 2018 at 9:14 AM Michael Crapse wrote: > Additionally, whilst not "technically" a tier 1 provider, Hurricane > electric should be high on that list. Especially as one of the best > providers of and proponents for IPv6. We'll see into the future, HE may > have

Re: Route Reflector Client Design Question

On Thu, May 3, 2018 at 11:03 PM Erik Sundberg wrote: > I have a RR Client design question.. > > > CORE1---2x10G---CORE2 > | > | > | > | > |10G Ring > | > | > | > | >

Re: Are any of you starting to get AI robocalls?

On Wed, Apr 4, 2018 at 4:19 PM Shawn L via NANOG wrote: > > Honestly, most carriers I've talked to are fed up as well, and just want > to find a way to make it stop. As some one said, it's exactly like BCP38 > --- the carriers that care keep their clients from spoofing caller

Re: Question about great firewall of China

> 3- > > In the case of the USA with ISPs slated to become AOL-like information > providers, is there an expectation of widespread deployment of DPI > equipment to "manage" the provision of information, or is the > expectation that the ISPs will focus more on using netflow to impact the > billing

Re: Peering with abusers...good or bad?

On Fri, Mar 2, 2018 at 2:13 PM Matthew Petach wrote: > On Tue, Feb 27, 2018 at 4:13 PM, Dan Hollis > wrote: > > OVH does not suprise me in the least. > > > > Maybe this is finally what it will take to get people to de-peer them. > > > > If I

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

On Wed, Feb 28, 2018 at 5:54 PM Job Snijders <j...@ntt.net> wrote: > On Tue, Feb 27, 2018 at 09:52:54PM +, Chip Marshall wrote: > > On 2018-02-27, Ca By <cb.li...@gmail.com> sent: > > > Please do take a look at the cloudflare blog specifically as they > &

Re: Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

with ovh because i need my upstream to rtbh their traffic. > Regards, > Filip Hruska > > On 28 Feb 2018 at 1:13 am, > wrote: > > OVH does not suprise me in the least. > > Maybe this is finally what it will take to get people to de-peer them. > > -Dan >

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

On Tue, Feb 27, 2018 at 1:54 PM Chip Marshall <c...@2bithacker.net> wrote: > On 2018-02-27, Ca By <cb.li...@gmail.com> sent: > > Please do take a look at the cloudflare blog specifically as they name > and > > shame OVH and Digital Ocean for being the primary so

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

Please do take a look at the cloudflare blog specifically as they name and shame OVH and Digital Ocean for being the primary sources of mega crap traffic https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/ Also, policer all UDP all the time... UDP is unsafe at any

Re: Leasing /22

carriers http://www.worldipv6launch.org/new-years-resolution-deploy-ipv6/ > On Fri, Jan 19, 2018 at 9:54 PM, Ca By <cb.li...@gmail.com> wrote: > > On Fri, Jan 19, 2018 at 5:48 PM Michael Crapse <mich...@wi-fiber.io> > wrote: > > > >> Has Hulu, or a thousand

Re: Leasing /22

On Fri, Jan 19, 2018 at 5:48 PM Michael Crapse wrote: > Has Hulu, or a thousand other content distributors considered IPv6? Because > you can't even tunnel to ipv4 without setting off VPN alarms with HULU. > Hulu? Really scraping the bottom of the barrel of content

Re: Companies using public IP space owned by others for internal routing

olks who refuse to deploy ipv6, those days are over Happy holidays! > > > On 21 Dec 2017, at 9:33 am, Jens Link <li...@quux.de> wrote: > > > > Ca By <cb.li...@gmail.com> writes: > > > >> http://jool.mx/en/index.html > >> > >> Free

Re: Companies using public IP space owned by others for internal routing

On Wed, Dec 20, 2017 at 1:01 PM Oliver O'Boyle wrote: > Agreed. There now. We need cheap, open source, options for widespread > adoption. > http://jool.mx/en/index.html Free open source nat64 > Oliver > > On Dec 20, 2017 12:51, "Michael Crapse"

Re: Companies using public IP space owned by others for internal routing

On Sun, Dec 17, 2017 at 5:31 PM Robert Webb wrote: > Will anyone comment on the practice of large enterprises using non RFC1918 > IP space that other entities are assigned by ARIN for internal routing? > > Just curious as to how wide spread this might be. I just heard of this

Re: media are reporting "major Internet outage"

On Mon, Nov 6, 2017 at 6:46 PM Miles Fidelman wrote: > Folks, > > It seems like various media outlets are reporting a "major Internet > outage" - some going so far as to call it an "attack." > > A few headlines that crossed Facebook today: > > "Major internet outage

Re: Application Layer Gateways

n running networks > On Thu, Sep 21, 2017 at 11:02 PM, Ca By <cb.li...@gmail.com> wrote: > >> >> On Thu, Sep 21, 2017 at 8:12 PM Colton Conor <colton.co...@gmail.com> >> wrote: >> >>> Working with an ISP, we recently deployed Comtrend VDSL routers,

Re: Application Layer Gateways

On Thu, Sep 21, 2017 at 8:12 PM Colton Conor wrote: > Working with an ISP, we recently deployed Comtrend VDSL routers, and > Alcatel-Lucent GPON ONTs. Both of these devices uses chipsets made by > Broadcom, and as such probably use the same underlying Broadcom operating >

Re: USA local SIM card

On Sun, Sep 17, 2017 at 10:09 AM Max Tulyev wrote: > Hi All, > > sorry for possible off-topic, I really did not know where to ask this. > > I'm going to visit USA for two weeks. I want to buy a local prepaid SIM > card mostly for IP access. > > Is it possible in USA to buy a

Re: AS202746 Hijacks: Is Telia (a) stupid, or (b) lazy, or (c) complicit?

On Sun, Aug 13, 2017 at 8:53 AM Dovid Bender wrote: > It seems that his emails are accomplishing something! > > http://bgp.he.net/AS202746 > Name and shame does work sometimes The tier 1s like Telia need to be the “grownups” and not let hijacks invade the DFZ CB > > >

Re: Carrier classification

On Mon, May 15, 2017 at 6:44 PM Bradley Huffaker wrote: > On Sun, May 14, 2017 at 09:24:18AM +0200, Mark Tinka wrote: > > > > Nowadays, I'm hearing this less and less, but it's not completely gone. > > Putting aside the question of their importance, there is a small number >

Re: Carrier classification

On Sat, May 13, 2017 at 9:01 AM Mike Hammett wrote: > This debate has spilled onto NANOG from Facebook now... > > My point is that while the term tier-1 (meaning no transit) isn't wrong, > that the whole system is now irrelevant. Look at the Wikipedia list of > "Tier 1"

Re: Carrier classification

On Sat, May 13, 2017 at 8:45 AM Matt Hoppes < mattli...@rivervalleyinternet.net> wrote: > Are the terms tier-1,2,3 dead terms or still valid ways to define carriers? > Yes, pretty much dead. There are networks that meet your price / performance, and those that don't.

Please run windows update now

This looks like a major worm that is going global Please run windows update as soon as possible and spread the word It may be worth also closing down ports 445 / 139 / 3389

Re: Purchased IPv4 Woes

Their first problem is that > they are trying to tow a boat with their bicycle. > Fair statement for anyone who has not deployed ipv6 and thinks emailing nanog to get them off a blacklist will help. > -- > Rob McEwen > > >

critical mass update on IPv6

Just update for those that care. As you may know, all the major cellular providers in the USA (VZ, AT, T-Mobile, Sprint) support IPv6 by default on many models of phones. Comcast and AT and other large broadband players also have IPv6 widely deployed by default

Re: Verizon wireless to stop issuing static IPv4

On Wed, Mar 8, 2017 at 7:10 PM Christopher Morrow wrote: > On Wed, Mar 8, 2017 at 9:27 PM, Miles Fidelman > > wrote: > > > Seems to me that the only people who get static, wireless, IP addresses > > are people who put sensors on vehicles and

Re: SHA1 collisions proven possisble

On Thu, Feb 23, 2017 at 10:27 AM Grant Ridder wrote: > Coworker passed this on to me. > > Looks like SHA1 hash collisions are now achievable in a reasonable time > period > https://shattered.io/ > > -Grant Good thing we "secure" our routing protocols with MD5 :) >

DOT FRA website broken on ipv6

Anyone have a contact at DOT or FRA that can solve this? It would be really nice if they remove the DNS record on www.fra.dot.gov until it works correctly, customers are complaining wget -6 -T 5 www.fra.dot.gov converted 'http://www.fra.dot.gov' (ANSI_X3.4-1968) -> '

Re: Questions on IPv6 deployment

Why do not you feel compelled to ask this question? Did you ask this question when you deployed ipv4? AFAIK, everyone deploys ipv4 in a unique way. Same for ipv6. IPv6 is not exotic or filled with unique pitfalls. A lot of networks have deployed production networks with ipv6, each one unique,

Re: Recent NTP pool traffic increase

My WAG is that the one plus updated firmeware on that day and they baked in the pool. Complete WAG, but time and distributed sources including wireless networks On Mon, Dec 19, 2016 at 10:30 AM Laurent Dumont wrote: > I also have a similar experience with an

Re: CGNAT - Seeking Real World Experience

On Thu, Nov 24, 2016 at 7:05 PM Adam wrote: > I'm crunching the numbers on the cost effectiveness of implementing CGN vs > IPv4 auctions. The determining factor is how many ephemeral ports are > reserved for each customer. This is for a residential broadband > environment. > >

Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24

On Friday, October 28, 2016, Nick Hilliard wrote: > Ronald F. Guilmette wrote: > > Will never happen. The RiRs have been crystal clear, and also utterly > > consistant... "Not our job man! We am not the Internetz Police." > > Ron, > > Maybe you could suggest some ideas about

Re: Spitballing IoT Security

On Thursday, October 27, 2016, Mark Andrews wrote: > > In message <16193.1477594...@segfault.tristatelogic.com >, > "Ronald F. Guilmette" writes: > > > > In message <20161027112940.gb17...@ussenterprise.ufp.org > >, > > Leo Bicknell

Re: Death of the Internet, Film at 11

On Mon, Oct 24, 2016 at 7:46 AM, Eliot Lear <l...@cisco.com> wrote: > > > On 10/24/16 4:03 PM, Ca By wrote: > > > Please elaborate on concrete evidence to support your claim the CPE market > is changing. > > > If you can't see that then you're not paying

Re: Death of the Internet, Film at 11

On Mon, Oct 24, 2016 at 6:22 AM, Eliot Lear <l...@cisco.com> wrote: > Hi, > > > On 10/24/16 3:06 PM, Ca By wrote: > > > > Assuming MUD is successful in the ietf, the cpe lifecycle is 10 years > > before the needle moves. At which point the target will have

Re: Death of the Internet, Film at 11

On Monday, October 24, 2016, Eliot Lear wrote: > Hi Leo and all, > > Well, here we are together again ;-) Please see below. > > > On 10/22/16 2:53 PM, Leo Bicknell wrote: > > In a message written on Sat, Oct 22, 2016 at 07:34:55AM -0500, Mike > Hammett wrote: > >> "taken all

Re: Legislative proposal sent to my Congressman

On Monday, October 3, 2016, Lyndon Nerenberg wrote: > In thinking over the last DDos involving IoT devices, I think we don't >> have a good technical solution to the problem. Cutting off people with >> defective devices they they don't understand, and have little control

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

.. congress yells at ceo... investors dump stock" Perhaps release the article to the brass first, with an alternate ate headline "xyz isp seriously commit to security partners to secure critical infrastructure " You have 2 weeks to pick the story > > On Sun, Sep 25, 2016 at 2:2

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sunday, September 25, 2016, John Levine wrote: > >> Yeh, bcp38 is not a viable solution. > > Krebs said this DDoS came from insecure IoT devices, of which there > are a kazillion, with the numbers growing every day. Why would they > need to spoof IPs? How would BCP38 help? >

Re: One Year On: IPv4 Exhaust

On Sunday, September 25, 2016, Paul Thornton <p...@prt.org> wrote: > > On 25/09/2016 17:29, Ca By wrote: > > For your use case , would ipv6 solve anything? >> >> Think it is fair to say big content and big eyeballs have moved to IPv6 >> (

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sunday, September 25, 2016, John Kristoff <j...@depaul.edu> wrote: > On Sun, 25 Sep 2016 14:36:18 + > Ca By <cb.li...@gmail.com <javascript:;>> wrote: > > > As long as their is one spoof capable network on the net, the problem > will > > no

Re: One Year On: IPv4 Exhaust

On Sunday, September 25, 2016, Paul Thornton wrote: > On 25/09/2016 01:54, Jay R. Ashworth wrote: > >> One year ago today, at 12:36pm EDT, Facebook On This Day reminds me, John >> Curran announced that the last IPv4 address block in ARIN's Free Pool had >> been assigned. >> >>

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sunday, September 25, 2016, Jay R. Ashworth <j...@baylink.com> wrote: > - Original Message - > > From: "Ca By" <cb.li...@gmail.com <javascript:;>> > > > On Sunday, September 25, 2016, Jay Farrell via NANOG <nanog@nanog.org > <javas

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sunday, September 25, 2016, Jay Farrell via NANOG wrote: > And of course Brian Krebs has a thing or two to say, not the least is which > to push for BCP38 (good luck with that, right?). > > https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/ > > Yeh, bcp38

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Saturday, September 24, 2016, Justin Paine via NANOG wrote: > > DNS Results for query A krebsonsecurity.comAnswer:krebsonsecurity.com 157 > IN A 130.211.45.45 > > On Google now. > > Next question. Will google use the information from the telemetry, rumored to be webcams, to

Re: PlayStationNetwork blocking of CGNAT public addresses

On Thursday, September 22, 2016, Alexander Maassen wrote: > Both gamers and content providers do not care. The gamers as they only > care about the game itself and don't care about the technical mumbo jumbo. > And the makers coz they only care about making money by

Re: PlayStationNetwork blocking of CGNAT public addresses

On Friday, September 16, 2016, Simon Lockhart wrote: > All, > > We operate an access network with several hundred thousand users. > Increasingly > we're putting the users behind CGNAT in order to continue to give them an > IPv4 > service (we're all dual-stack, so they all get

Re: "Defensive" BGP hijacking?

On Tuesday, September 13, 2016, Doug Montgomery wrote: > If only there were a global system, with consistent and verifiable security > properties, to permit address holders to declare the set of AS's authorized > to announce their prefixes, and routers anywhere on the

Re: "Defensive" BGP hijacking?

On Tuesday, September 13, 2016, Bryant Townsend <bry...@backconnect.com> wrote: > @ca & Matt - No, we do not plan to ever intentionally perform a > non-authorized BGP hijack in the future. > > Great answer. Thanks. Committing to pursuing a policy of weaponizing BG

Re: "Defensive" BGP hijacking?

On Tuesday, September 13, 2016, Bryant Townsend wrote: > Hello Everyone, > > > I would like to give as much insight as I can in regards to the BGP hijack > being discussed in this thread. I won’t be going into specific details of > the attack, but we do plan to release

Re: "Defensive" BGP hijacking?

On Sunday, September 11, 2016, Hugo Slabbert wrote: > Hopefully this is operational enough, though obviously leaning more > towards the policy side of things: > > What does nanog think about a DDoS scrubber hijacking a network "for > defensive purposes"? Not ok. Never. > >

Re: comcast and msoft ports

> >> >> Sent from my Verizon, Samsung Galaxy smartphone >> >> >> Original message ---- >> From: Randy Bush <ra...@psg.com> >> Date: 9/11/16 2:48 PM (GMT-05:00) >> To: Ca By <cb.li...@gmail.com> >> Cc: North American Network Op

Re: comcast and msoft ports

On Sunday, September 11, 2016, Randy Bush wrote: > anyone know if comcast residential filters 139/445? > > randy > https://customer.xfinity.com/help-and-support/internet/list-of-blocked-ports/

Re: Use of unique local IPv6 addressing rfc4193

On Thursday, September 8, 2016, Pshem Kowalczyk wrote: > With NAT I have a single entry/exit point to those infrastructure subnets > which can be easily policed. > If I give them public IPs then they're routable and potentially can reach > the internet via devices that don't

Re: IPv4 Broker

Check the archive, this issue has been covered Also, if you need a ddos scrubber that will fail when your uplink is saturated, that info is in the archives too On Tuesday, August 30, 2016, Lorenzo Mainardi < lorenzo.maina...@digitelitalia.com> wrote: > Do you know any good IPv4 broker? > I need

RIP ipv4 dominance

This not RIP ipv4, but RIP dominance, on mobile, in the USA , This is an epic milestone for ipv6 http://www.worldipv6launch.org/major-mobile-us-networks-pass-50-ipv6-threshold/

Re: Zayo Extortion

Nope, have not seen any of this bad stuff you speak of. I can say that over the last few years i have done a ton business with Zayo and they are top flight in every respect. On Saturday, August 13, 2016, HonorFirst Name Ethics via NANOG < nanog@nanog.org> wrote: > Question to the NANOG

Re: DNS Services for a registrar

On Friday, August 12, 2016, Damian Menscher via NANOG wrote: > On Fri, Aug 12, 2016 at 7:07 PM, Mehmet Akcin > wrote: > > > On a serious note, what are the providers out there that can do a decent > > secondary dns hosting service?. looks like a

Re: Host.us DDOS attack -and- related conversations

On Wednesday, August 3, 2016, Christopher Morrow wrote: > On Wed, Aug 3, 2016 at 10:40 AM, James Bensley > wrote: > > > How will > > BCP save you then? Can everyone stop praising it like it was a some > > magic bullet? > > > > aren't

Re: Host.us DDOS attack -and- related conversations

aheb...@pubnix.net > <javascript:;> > PubNIX Inc. > 50 boul. St-Charles > P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 > Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443 > > On 08/03/16 10:36, Ca By wrote: > > On Wedne

Re: Host.us DDOS attack -and- related conversations

On Wednesday, August 3, 2016, Alain Hebert wrote: > Well, > > > Could it be related to the last 2 days DDoS of PokemonGO (which > failed) and some other gaming sites (Blizzard and Steam)? > > > And on the subject of CloudFlare, I'm sorry for that CloudFlare >

Re: NFV Solution Evaluation Methodology

On Wednesday, August 3, 2016, Randy Bush wrote: > > but, NFV isn't necessarily 'cloud'... It CAN BE taking purpose built > > appliance garbage that can't scale in a cost effective manner and > > replacing it with some software solution on 'many' commodity > > unix-like-hosts that

Re: NFV Solution Evaluation Methodology

On Tuesday, August 2, 2016, Kasper Adel wrote: > Hi, > > I am interested in hearing the approach and thought-process that senior > people on NANOG are following when presented with an NFV solution. Assuming > that the exercise at hand is to consider NFV for future

Re: Cloudflare, dirty networks and politricks

On Thursday, July 28, 2016, Dovid Bender wrote: > The issue is that cloudfare in a way is generating their own market. If > the ddos sites weren't protected by cloudfare they would eat each other > alive. It's in their interest that their sites stay up so there is a need >

Re: Cloudflare, dirty networks and politricks

On Thursday, July 28, 2016, Donn Lasher via NANOG wrote: > On 7/28/16, 10:17 AM, "NANOG on behalf of J. Oquendo" < > nanog-boun...@nanog.org on behalf of joque...@e-fensive.net > > wrote: > > > >While many are chanting: #NetworkLivesMatter, I have

Re: IPv6 Deployment for Mobile Subscribers

On Friday, July 22, 2016, Ricardo Ferreira wrote: > Is there anyone here working in an ISP where IPv6 is deployed? > We are starting to plan the roll-out IPv6 to mobile subscribers (phones) I > am interesting in knowing the mask you use for the assignment; whether it

Re: Bitcoin mining reward halved

On Saturday, July 9, 2016, Christopher Morrow wrote: > On Sat, Jul 9, 2016 at 3:10 PM, Jimmy Hess > wrote: > > > On Sat, Jul 9, 2016 at 2:04 PM, > > wrote: > > > Hi, > > > > Blockchain-based

<    1   2   3   4   >