Peace,
On Thu, 8 Feb 2024, 6:39 am Mark Andrews, wrote:
> Given “MUST NOT” is not in RFC 4034, Appendix B, I’d take this with a grain
> of salt.
>
"Implementations MUST NOT assume that the key tag uniquely identifies a
DNSKEY RR."
--
Töma
>
Peace,
TWIMC: the .ru TLD has issued a post mortem. A tl;dr version:
After a new key was crafted during an ordinary key update process, its key
tag hash-collided with some other key, and due to a violation of the MUST
NOT clause in the RFC 4034, Appendix B, the wrong key was deployed to the
Peace,
On Mon, Jan 31, 2022, 11:01 PM Jay Hennigan wrote:
> On 1/30/22 17:06, Töma Gavrichenkov wrote:
> > IPv6 is now cheap as chips. It's very dirty therefore. All kinds of
> > bots, spammers, password brute force programs live in there, and it's
> > significantl
Peace,
On Thu, Jan 27, 2022, 4:38 PM Smahena Amakran
wrote:
> For my studies, I am researching IPv6 adoption.
>
For your consideration, there's one thing that's always overlooked.
E.g. I've been talking once to a big employee of a large content provider,
and that person told me they don't
Peace,
On Fri, Jan 7, 2022 at 8:42 PM Mike Hale wrote:
> The abuse email sends an auto-responder that tells you to use the web form.
> The web form is centered around their web hosting business; I figured
> I'd try general, but you can't submit it without punching in a URL
> that is hosted by
Peace,
On Mon, Oct 4, 2021, 10:17 PM Jean St-Laurent via NANOG
wrote:
> Maybe the key to solve this issue is in an email sent to
> some_very_important_t...@facebook.com
Yeah except MX records on facebook dot com aren't working either
--
Töma
Peace,
On Thu, Sep 9, 2021 at 7:57 PM Brandon Svec via NANOG wrote:
> Oof. I wonder if there is any connection to their DDNS service outage a
> couple days ago?
> https://forum.mikrotik.com/viewtopic.php?t=178256
No, hardly any. That one seems to be just a DNS abuse
reporting/delegation
Peace,
An undisclosed (or, even, yet undiscovered by the vendor)
vulnerability in SOHO Mikrotik routers seems to be exploited by
someone.
Approx. 328 thousand devices already joined the botnet, with each
having unrestricted access to the uplink (up to 1 Gbps). 42,6% of
exploited devices reside
Peace,
On Fri, May 28, 2021, 7:33 PM Jun Tanaka wrote:
> you can find a contact at this site.
> https://www.cloudflare.com/peering-policy/
Yeah, that was my initial point of contact... half a year ago...
--
Töma
Peace,
Is there anyone around from the Cloudflare peering team, or anyone who
knows the right people? We've got a peering request that seems to be
stalled.
--
Töma
Peace,
On Thu, Apr 1, 2021, 11:16 PM Tom Beecher wrote:
> Akamai, and other CDNs, do not **generate** traffic ; they serve the
> requests generated by users.
>
L3/4-wise, this is true. Application-wise, this is quite the other way
around.
--
Töma
>
Peace,
On Thu, Apr 1, 2021, 6:09 PM wrote:
> That was a lot of traffic coming out of akamai aanp clusters the last
> couple nights! What was it?
>
"Call of Duty" update again, obviously.
https://www.eurogamer.net/articles/2021-03-29-this-weeks-call-of-duty-warzone-update-is-over-50gb
--
Töma
Peace,
On Thu, Mar 11, 2021 at 1:10 AM Sabri Berisha wrote:
> And because, for once, the French were not on strike, I donated $10 to the
> American Red Cross.
I believe the American Red Cross has long given up even trying to
figure out who donates them how much and why.
--
Töma
Peace,
On Fri, Feb 26, 2021, 10:05 PM Matthew Petach wrote:
> Aren't they (LME) in Savvis, though?
>>
> That was certainly true in 2003, at least
>
Maybe it's still true today.
tax.select.prd.lmexgw.com.
*A*213.86.73.66
inetnum: 213.86.73.0 - 213.86.73.255
netname: NET-GB-LME
descr: LME
Peace
On Fri, Feb 26, 2021, 3:06 PM Rod Beck
wrote:
> My understanding is that there are three London Interxion data centers (I
> thought Equinix was the Borg and had assimilated pretty everything at this
> point).
>
> Trying to get the address where the facility where the London Metal
>
Peace,
On Mon, Feb 8, 2021 at 2:48 PM Mike Hammett wrote:
> I got an e-mail explaining why I was getting DDoSed. Is that aspect common?
Not quite. But it happens sometimes.
> Is it safe to assume that they completely anonymized the email they sent to
> me?
Likely, but not necessarily. Look
Peace,
On Fri, Jan 22, 2021, 3:24 PM Masataka Ohta <
mo...@necom830.hpcl.titech.ac.jp> wrote:
> JORDI PALET MARTINEZ via NANOG wrote:
> My proposal added the clarification that "majority" is understood as
> "over 50%".
>
> And the proposal is denied to be unreasonable by Toma and, more
>
Peace,
On Fri, Jan 22, 2021, 12:27 PM JORDI PALET MARTINEZ via NANOG:
> The numbering resources under the stewardship of LACNIC must be
> distributed among organizations legally constituted within its service
> region [COBERTURA] and mainly *serving networks and services operating in
> this
Peace,
On Thu, Jan 21, 2021, 10:20 PM Fredrik Holmqvist / I2B
wrote:
> Just a question "this one hosted a Web site for a terrorist
> organization", which terrorist organizations web site did they host ?
>
"Hamas", until November. That was discussed before on the mailing list.
--
Töma
>
Peace,
On Thu, Jan 21, 2021, 9:57 PM Tom Beecher wrote:
> fraudulent business records are used all over the world for things like
> this all the time. Calling for a complete audit of LACNIC feels quite
> extreme absent a pattern of issues, which doesn't seem to have been
> presented.
>
Listen,
Peace,
On Thu, Jan 21, 2021, 9:29 PM Tom Beecher wrote:
> am I the only one to believe that (given that LACNIC had allocated an IP
>> block to a company that doesn't conform to the LACNIC policies) what we
>> urgently need to see next is the complete audit of the LACNIC operations,
>> so that
Peace,
On Thu, Jan 21, 2021, 8:17 PM Jean St-Laurent via NANOG
wrote:
>
> https://krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occupied-by-parler/
>
A disclaimer:
- Standing for the sanity of the Internet routing;
- Assuming (quite reliably) actual policy violation;
-
Peace,
On Sun, Jan 10, 2021 at 9:22 PM William Herrin wrote:
> Are you sure about that? Consider your database. Suppose you want to
> run your primary database in AWS with a standby replica in Azure. As
> long as you install your own database software in both, you can do
> that. But if you want
Peace,
On Sun, Jan 10, 2021 at 9:18 PM Michael Thomas wrote:
> At my previous job, I built a tool which could spin up a server farm
> given a platform agnostic design spec from a list of vendors as well as
> pricing it out. It was really more of a prototype since it only
> supported Chef on the
Peace,
On Sun, Jan 10, 2021 at 9:09 PM Michael Thomas wrote:
> Yes, it's been obvious to anybody who's only paying even a little
> attention that AWS is trying to be build a walled garden.
In my experience, moving off Amazon services isn't that much of a
trouble, especially if compared to
Peace,
On Sun, Jan 10, 2021 at 8:38 PM William Herrin wrote:
> providers like Amazon tend to make it inconvenient approaching
> impossible to build cross-platform services. I kinda wonder what a
> cloud services product would look like that was actively trying to
> facilitate cross-platform
Peace,
On Fri, Jan 8, 2021 at 3:28 AM Yang Yu wrote:
> How often does your hosted CDN cache get DDoS'ed? I am curious how
> these get handled (especially when it would cause upstream/backbone
> congestion). Is this treated differently than DDoS to customers?
I'm assuming you're speaking about
Peace,
On Thu, Dec 17, 2020, 1:50 AM Matt Erculiani wrote:
> I'm sure when the automation is perfect and widespread to the point that
> it catches and alerts on every network event, the monitoring rooms will
> disappear.
>
Which is never, but:
With a proper RCA after each incident, not
Peace,
On Thu, Dec 17, 2020, 12:21 AM Lady Benjamin PD Cannon wrote:
> We are still operating ours - 27 1080P projectors - but with a skeleton
> crew of just 3. Given the air volume, it’s almost like outside.
>
A devil advocate here,
First of all, COVID-19 is really serious.
With that in
Peace,
On Wed, Dec 16, 2020, 11:50 PM Eric Kuhnke wrote:
> In the traditional sense, by "showpiece NOC" I mean a room designed for
> the purpose of having large situational awareness displays on a wall,
> network weathermaps and charts, alerting systems, composed of four or more
> big flat
Peace,
On Thu, Oct 22, 2020 at 4:11 AM Töma Gavrichenkov wrote:
> Following up on the today's massive partial network outage, here's the
> analysis of what actually happened with the AS203's hijack, which is
> the first one for the newly founded Lumen Technologies.
>
> https://blo
Peace,
Following up on the today's massive partial network outage, here's the
analysis of what actually happened with the AS203's hijack, which is
the first one for the newly founded Lumen Technologies.
https://blog.qrator.net/en/lumen-aka-centurylink-generating-routing-incidents_101/
--
Töma
Peacez
On Tue, Sep 15, 2020, 12:26 AM Andrey Khomyakov
wrote:
> TL;DR I suspect there are middle boxes that don't like IPs ending in .255.
> Anyone seen that?
>
Also .0 and .1.
Yes, there was some kind of a strange behavior with those addresses
before. We excluded those from rotation back in
Peace,
On Mon, Aug 31, 2020, 4:42 PM Mike Bolitho wrote:
> Maybe we should start an "Uptime mailing list" ha!
>
We already have outages@ which is a Boolean negation of what you're
proposing but works just the same :-)
--
Töma
>
Peace,
On Sun, Aug 30, 2020, 6:02 PM Ross Tajvar wrote:
> Other than lack of options, why would anyone use them?
>
Connectivity and latency (of Level3 which was acquired).
--
Töma
>
Peace,
On Tue, Aug 25, 2020, 3:43 PM Pim van Stam wrote:
> I think in general you can say that problems with UDP port 0 are in fact
> fragments. Ohter opinions on this?
>
Either that, or dumb DDoS packet generators.
--
Töma
>
Peace,
On Tue, Aug 25, 2020, 3:14 PM Jon Lewis wrote:
> When an application sends more data via UDP than can be fit in a single
> packet, only the first packet has a UDP header [where the port info is
> stored]. The rest of the fragments have no UDP header, which most things
> will report as
Peace,
On Tue, Aug 25, 2020, 2:14 PM Douglas Fischer
> I can think of a genuine use of it.
>
I'm curious which one.
With Berkeley sockets there's technically no way to bind(2) to this port
without some amount of kernel patching applied, and the system cannot
allocate it by itself, either.
--
Peace,
On Thu, Jul 30, 2020, 8:09 PM Patrick Schultz
wrote:
> so, bgp optimizers... again?
>
Looks so. Upstream filters are also to blame, though, but BGP optimization
is the root of all evil.
--
Töma
>
Peace,
On Thu, Jul 30, 2020, 5:48 AM Clinton Work wrote:
> We saw a bunch of our IP blocks hijacked by AS10990 from 19:15 MDT until
> 20:23 MDT. Anybody else have problems with that.
>
Here's what we discovered about the incident. Hope that brings some
clarity.
Thank you Roland for letting us know,
I have no words. I must say I honestly can't believe these news but I
should.
Throughout all those virtual meetings I was hoping one day we'll talk about
things important for both of us once again. He was a leader. An
inspiration.
Wish his family stays
Peace,
On Fri, May 15, 2020, 12:25 PM Terrence Koeman via NANOG
wrote:
> FYI, the voting results for the three positions on the RIPE exec board
> were just announced and Elad was NOT elected.
>
A funny moment: Raymond Jetten was elected to the board, and he's the RIPE
IPv6 working group chair.
Peace,
On Thu, May 14, 2020 at 2:14 AM Elad Cohen wrote:
> A degree in economics is not needed [..]
Which is the common thing to say by the ones who don't have it.
I think, dixi.
--
Töma
Peace,
On Thu, May 14, 2020 at 2:04 AM Elad Cohen wrote:
> [..] for example if spoofed DDoS amplification attacks are
> causing yearly damages of $100M per year in the world
> and these EOL equipment cost $50M in the world, it
> might be worth to replace them)
What's your degree in economics?
Peace,
On Thu, May 14, 2020 at 12:53 AM Elad Cohen wrote:
> Who you are voting?
Who me what?.. Alright,
At this point, given that I've reviewed all of your proposals — some
of those lengthy reviews were sent to members-discuss at ripe dot net
before (though it has never been the right place
Peace,
On Thu, May 14, 2020 at 12:48 AM Elad Cohen wrote:
> "forgive and forget."
> Thank you for your vote.
Well, when I forget anything that doesn't make sense about your
proposals, there's nothing left to think of!
Ergo, not at all, because I'm clearly not voting for you :-)
--
Töma
Peace,
> On Wed, May 13, 2020 at 11:01 PM Shane Ronan wrote:
>> On Wed, May 13, 2020, 3:48 PM Elad Cohen wrote:
>>> From: Töma Gavrichenkov
>>> No, Elad. It is *you* who needs to prove that your concept works.
>>
>> For you nothing will work.
>
&
Peace,
On Thu, May 14, 2020 at 12:18 AM Denys Fedoryshchenko
wrote:
> On 2020-05-13 22:53, Töma Gavrichenkov wrote:
> > On Wed, May 13, 2020 at 10:43 PM Elad Cohen wrote:
> > > For you nothing will work.
> >
> > IPv6 is working good for me so far ;-)
>
Peace,
On Wed, May 13, 2020 at 10:43 PM Elad Cohen wrote:
> For you nothing will work.
Is it a personal attack?
IPv6 is working good for me so far ;-)
--
Töma
Peace,
On Wed, May 13, 2020, 10:27 PM Elad Cohen wrote:
> So you didn't even test the implementation and didn't create it - so why
> you are writing "As a matter of fact". Which fact ? any evidence ?
>
No, Elad. It is *you* who needs to prove that your concept works. Unless
you do it, it is
Peace,
On Wed, May 13, 2020, 10:07 PM Elad Cohen wrote:
> "As a matter of fact" - if you created an implementation please send me
> the sourcecode.
>
Wait, so you're coming up publicly with a proposal you don't even have a
reference implementation for?!
Oh, my.
--
Töma
>
Peace,
On Wed, May 13, 2020, 8:33 PM Elad Cohen wrote:
> You clearly didn't understand how IPv4+ works.
>
That's because it doesn't work!
Just like the rest of your "solutions", as a matter of fact.
--
Töma
>
Peace,
On Wed, Apr 22, 2020, 12:45 AM Randy Bush wrote:
> sad. http://nanog.org used to be the brilliant example of a fully
> featured web site sans javascript, flash, ...
>
That was long ago now. It was using Cvent for everything meeting-related
for 3 years already, and Cvent doesn't feel
Peace,
On Tue, Apr 21, 2020 at 3:57 PM Hank Nussbacher wrote:
> Did anyone notice a huge jump in traffic today between 11:30-11:40 (GMT)
> directed at Google and Akamai caches coming from Amazon and Google?
> Gaming updates?
There's sort of a reason these days to subscribe to the Steam and
Peace,
On Thu, Sep 19, 2019 at 12:54 AM Ronald F. Guilmette
wrote:
> Those were all helpfully routed, until quite recently, to Mr. Cohen
The person with exactly the same name now runs for the RIPE NCC
Executive Board membership.
Peace,
On Fri, Feb 21, 2020, 1:57 AM Filip Hruska wrote:
> [..] OVH has been offering DDOS protection capable of soaking up hundreds
> of gigabits+ per second as a standard with all their services for a long
> time
>
They only do it for common trivial vectors like UDP-based amplification —
and
Help saving precious resources by unsubscribing from the NANOG mailing
list, or I will have to report the abuse.
On Fri, Feb 21, 2020, 1:39 AM Electric Forest Festival <
i...@electricforestfestival.com> wrote:
>
> *Electric Forest 2020 will take place on June 25-28, 2020.*
>
> Forest HQ has
Peace,
On Fri, Feb 21, 2020, 1:18 AM Octolus Development wrote:
> OVH are threatening to kick us off their network, because we are victims
> of this attack.
>
Most of the hosting companies will do that to you because you're causing
degradation of service quality for other customers.
Peace,
nanog-ow...@nanog.org
On Wed, Feb 19, 2020 at 12:51 PM Dave Bell wrote:
> Is anyone else receiving this spam?
Yes
> Is there a better way to report this?
nanog-ow...@nanog.org (CC'd) helped me in the past.
--
Töma
Peace,
On Wed, Feb 19, 2020 at 7:49 AM Daniel Sterling
wrote:
> May I naively ask if Google staff have considered scrapping using UDP
> and instead proposing a new, first-class transport protocol that OSes
> can implement on top of IP?
The IETF WG did, at some point. The opinion overall I
FYI
https://nvd.nist.gov/vuln/detail/CVE-2020-2100
A nice description: https://mobile.twitter.com/Foone/status/1223063275996213248
May you live in interesting times.
Do not postpone a software update if Jenkins is deployed somewhere in
your network.
--
Töma
Peace,
On Tue, Jan 28, 2020, 4:49 AM Damian Menscher wrote:
> They don't need to filter by destination. Once a problem customer has
> been identified, they can apply an ACL restricting them to only originate
> IPs they own.
>
> [..]
>
there are ways around that, including public shaming
Peace,
On Tue, Jan 28, 2020, 4:42 AM Töma Gavrichenkov wrote:
> As for the detection of the real source, everything is technically
> possible but you need certain bargaining power which a medium-sized (at
> best) VPN service probably doesn't have.
>
...because if they *di
Peace,
On Tue, Jan 28, 2020, 4:32 AM Damian Menscher wrote:
> On Mon, Jan 27, 2020 at 5:10 PM Töma Gavrichenkov
> wrote:
>
>> If this endpoint doesn't connect to anything outside of their network,
>> then yes.
>> If it does though, the design of the filter mi
Peace,
On Tue, Jan 28, 2020, 4:02 AM Damian Menscher via NANOG
wrote:
> The victim already posted the signature to this thread:
> - source IP: 51.81.119.7
> - protocol: 6 (tcp)
> - tcp_flags: 2 (syn)
>
> That alone is sufficient for Level3/CenturyLink/etc to identify the source
> of this
Peace,
On Tue, Jan 28, 2020, 3:43 AM Ben Cannon wrote:
> Transit carriers could work the flows backwards.
>
And if the stars align, some of them might even do that for you once even
though you are not their direct customer.
Next you're going to convince them to talk to the (probably abuse
On Fri, Jan 24, 2020, 1:45 PM Simon Leinen wrote:
> For your amusement, this latest e-bloodbath, erm -sports update, at 48GB
> ("PC" version), would take about 463 days (~15 months) to complete at
> 9600 bps (not counting overhead like packet headers etc.)
>
And now for our amusement Akamai can
Peace,
On Thu, Jan 23, 2020 at 8:58 PM Kevin McCormick wrote:
> Just found the size of the updates, 48 GB on PC, 13 GB on PS4, and 18 GB
> on Xbox One.
>
Whoa.
We used to rack our brains with P2P protocols in the past in order to
server just 1/20th of that. It's been a long decade indeed.
Peace,
On Wed, Jan 15, 2020, 2:35 AM Lumin Shi wrote:
> Thank you for the feedback (that is a good point)!
>
> In our study, we lump both cloud/anycast-based and customer-premise
> mitigation solutions together as solutions from DDoS mitigation service
> providers.
> And we believe if you are
Peace,
On Tue, Jan 14, 2020, 10:22 PM Lumin Shi wrote:
> With our preliminary survey so far, DDoS mitigation approaches in the real
> world include 1) DDoS mitigation service providers (e.g., Akamai,
> Cloudflare), 2) Remotely-Triggered Black Hole (RTBH), 3) BGP FlowSpec, and
> 4) direct
I'm attaching the original pic in case they will replace it.
The true knowledge would then be preserved!
On Thu, Jan 9, 2020, 11:05 PM Töma Gavrichenkov wrote:
> This is the deadliest IPv6 packet structure infographics I've ever seen in
> my life.
>
> https://noia.network/as
ere
>
> ^_^
>
>
> On Thu, Jan 9, 2020 at 12:07 PM Töma Gavrichenkov
> wrote:
>
>> This is the deadliest IPv6 packet structure infographics I've ever seen
>> in my life.
>>
>> https://noia.network/assets/concept-basics.jpg
>>
>> On Thu, J
This is the deadliest IPv6 packet structure infographics I've ever seen in
my life.
https://noia.network/assets/concept-basics.jpg
On Thu, Jan 9, 2020, 7:29 PM Aistis Zenkevičius wrote:
> So, a bit like this then: https://noia.network/technology
>
> -Aistis
>
>
> -Original Message-
>
Peace,
Hey, your website says you're the developer of OctoVPN which is a VPN
solution.
*This* might be effectively the reason of blocking, not a DDoS. Gaming and
streaming services typically discourage VPN traffic because a) VPNs help to
circumvent regional restrictions, b) miscreants use VPNs
Peace,
On Tue, Jan 7, 2020 at 9:10 PM Hugo Slabbert wrote:
> And you're sure that you are the reflection target not the reflection vector?
NB: I have just checked the IP addresses the OP has provided me with
(offlist) against our database of known reflection sources, and I
confirm that none of
Peace,
On Tue, Jan 7, 2020, 9:10 PM Hugo Slabbert wrote:
> And you're sure that you are the reflection target not the reflection
> vector?
>
Well, in almost any* case blacklisting reflection vectors by IP is an
insanely bad practice.
* — I can *think* of a use case when this could be an
Peace,
On Mon, Jan 6, 2020, 9:27 PM Octolus Development wrote:
> We're facing some reflected DDoS attacks, where the source address is
> spoofed to appear to be our IPs, and as a result getting blacklisted.
> Sony's support has told us to "change IPs"
>
Wait, are they blacklisting spoofed
Peace,
On Mon, Jan 6, 2020 at 7:17 PM David Hubbard
wrote:
> When they spam me I typically just ask if they have
> IPv6 to Google and never hear back…
Same here. Each time they reach out to me I quickly send them to
investigate if they are able to lift the stupid 100th percentile
requirement
Peace,
On Tue, Jan 7, 2020 at 6:36 AM Martin Hannigan wrote:
> Can you define exactly what services have been blocked?
> IRR/ROA/TLA registry updates, etc? Were they blocked
> ^174 or 174$? This is a precedent AFAIK. I’d like to
> understand consequences.
+1
--
Töma
Peace,
On Mon, Dec 9, 2019 at 11:35 PM Florian Brandstetter via NANOG
wrote:
> if that was to be amplification, the source addresses
> would not be within Google or CloudFlare ranges
> (especially not CloudFlare, as they are not running
> a vulnerable recursor
Well, vulnerable — arguably of
Peace,
On Tue, Dec 10, 2019, 12:08 AM Mike Lewinski
wrote:
> My working theory is that with the Dec 3rd release of Halo Reach for PC,
> there are gamers attempting to lag, but not knock off, their opponents.
> This would be one reason to target adjacent unused addresses.
>
+1
Either this, or
Peace,
On Fri, Dec 6, 2019 at 2:54 PM Nick Morrison wrote:
> > Please do not
>
> So does anyone still wonder why we have so few women in our field?
>
> Real nice, Töma.
Thank you for highlighting!
I totally admit that the language used would be deemed unacceptable
for many community members.
Peace,
On Fri, Dec 6, 2019, 12:44 AM Hugo Slabbert wrote:
> >FastNetMon is awesome, but its a detection tool with no mitigation
> >capacity whatsoever.
>
> Does is not, though, provide the ability to hook into RTBH or Flowspec
> setups?
>
Flowspec is enabled upstream, as previously prophecied.
Peace,
On Wed, Dec 4, 2019, 9:26 PM Ishmael Rufus wrote:
> You can start by taking a look at Openflow which embraces the SDN concept.
>
Please do not begin learning about love with a rape video.
--
Töma
>
Peace,
Though I agree that Gmail spam filtering is top grade, or close to be so,
it still sends to spam a statistically significant number of emails from
IETF and ICANN mailing lists I'm subscribed to. It depends as well on
which account I should receive those emails.
While I understand and
Peace,
On Mon, Nov 18, 2019, 4:51 PM Mike Hammett wrote:
> I would like the list to know that not all targets attract such large
> attacks.
>
It is not that easily predictable. E.g. in case of reflection DDoS
sometimes even the attacker has no good idea of how much of traffic s/he is
Peace,
On Mon, Nov 18, 2019, 5:25 AM Richard wrote:
> The OP is very knowledgeable and would not mince words or waste bandwidth.
>
Sure, I totally assume that. I just feel I might offer a better advice
once I see the big picture.
--
Töma
>
Peace,
On Mon, Nov 18, 2019, 1:49 AM Rabbi Rob Thomas wrote:
> > I am going to assume you want it to spit out 10G clean, what size
> > dirty traffic are you expecting it to handle?
>
> Great question! Let's say between 6Gbps and 8Gbps dirty.
>
As someone making a living as a DDoS mitigation
Peace,
On Tue, Nov 5, 2019, 4:55 PM David Conrad wrote:
> On Nov 4, 2019, at 10:56 PM, Grant Taylor via NANOG wrote:
>> This thread got me to wondering, is there any
>> legitimate reason to see 22/8 on the public
>> Internet? Or would it be okay to treat 22/8
>> like a Bogon and drop it at the
Peace,
On Sat, Nov 2, 2019 at 7:20 PM Mike Bolitho wrote:
>> I would imagine that the internet is a whole less resilient today in 2019
>> than it was back in the day before the cloud takeover.
> It's far more resilient now than it has ever been. More sub-sea cables.
> Multiple routes across
Peace,
On Sat, Nov 2, 2019 at 3:16 AM Constantine A. Murenin
wrote:
> If somehow all the transatlantic (and/or transpacific) cables are offline
...then probably a horrific global disaster has occurred, and a sudden
degradation of the Internet connectivity would be about the least of
your
Peace,
On Fri, Sep 27, 2019, 1:07 AM Michel Py wrote:
> A while ago, I tried to block China. The attack profile lowered a little
> bit, but I did not feel my network was safer. Looks kind of futile to me.
> The bots are everywhere, blocking entire countries does not reduce the
> risk much.
>
Peace,
On Thu, Sep 26, 2019, 7:19 PM Chris Phillips wrote:
> Greetings,
>
> Is anyone offering a service providing BGP routes by country? I'm not
> looking to buy transit, but rather build policies based on the routes
> received to allow traffic from certain countries, or disallow traffic from
Peace,
On Mon, Sep 16, 2019, 12:04 PM Owen DeLong wrote:
> For any router which receives both announcements, longest match always
> wins over all other BGP tie-breaking criteria.
>
> This is almost always summarized as “Longest Match always wins” because
> virtually any engineer recognizes that
Peace,
On Mon, Sep 16, 2019, 6:06 AM Mark Tinka wrote:
> Longest match always wins... so provided your /22's are in the global
> table, traffic will follow the path toward them before the /21 is
> preferred.
>
Not always.
E.g. imagine an ISP who has two connections to the outside world: one
Peace,
On Mon, Aug 26, 2019, 9:54 PM Jared Mauch wrote:
> We do our own internal monitoring of our announcements for now.
Good for you and your customers! That is already a clear signal of an
extraordinary service to your customers.
Not to underestimate your effort which I respect, but the
Peace,
On Mon, Aug 26, 2019, 8:05 PM Sean Donelan wrote:
> Do any major ISPs have SLA language about monitoring inter-provider
> agreements for route hijacking, route leaks, address spoofing, and so on?
>
> I'm looking for something more proactive than waiting for a customer to
> notice a
Peace,
On Thu, Aug 22, 2019 at 12:17 AM Damian Menscher wrote:
> Some additional questions, if you're able to answer them (off-list is fine if
> there are things that can't be shared broadly):
> - Was the attack referred to law enforcement?
It is being referred to now. This would most
Peace,
Here's to confirm that the pattern reported before in NANOG was indeed a
reflection DDoS attack. On Sunday, it also hit our customer, here's the
report:
https://www.prnewswire.com/news-releases/root-cause-analysis-and-incident-report-on-the-august-ddos-attack-300905405.html
tl;dr:
On Mon, Aug 19, 2019, 9:24 PM Florian Brandstetter
wrote:
> Load balancing is done on Layer 4 or Layer 3 when routing, so your
> ingress connection will have the same hash as the outgoing connection
> (unless the source port of the connection changes on the ACK - which it
> really should not).
1 - 100 of 162 matches
Mail list logo
