Some new article on this topic...
http://bdnews24.com/bangladesh/2015/12/01/minister-tarana-writes-to-facebook-proposing-discussion
http://bdnews24.com/bangladesh/2015/11/29/proxy-servers-to-access-facebook-will-soon-be-unavailable-state-minister-tarana
BR//Awal
On Monday, November 30, 2
Hi,
as around 40% of ASNs allow at least partial IPv4 address spoofing in
their network(http://spoofer.csail.mit.edu/summary.php) and there are
around 30 million open-resolvers(http://openresolverproject.org/) in
the Internet, then DNS amplification traffic is daily occasion for
ISPs. This in prob
On 1 Dec 2015, at 23:59, Martin T wrote:
What are the common practices to mitigate
DNS amplification attacks in ISP network?
Situationally-appropriate network access policies instantiated as ACLs
on hardware-based routers/layer-3 switches in IDCs, on customer
aggregation routers, in mitigati
On 2 Dec 2015, at 0:14, Roland Dobbins wrote:
Until the happy day when we've achieved universal source-address
validation arrives, various combinations of the above.
I forgot to mention RRL on authoritative servers, apologies.
---
Roland Dobbins
On Tue, Dec 1, 2015 at 11:59 AM, Martin T wrote:
> Am I wrong in some points? What are the common practices to mitigate
> DNS amplification attacks in ISP network?
Hi Martin,
You seem to be focused on DNS amplification from the perspective of
the attack's target. To the target, it's just another
--- nanog@nanog.org wrote:
From: ABDUL AWAL via NANOG
http://bdnews24.com/bangladesh/2015/11/29/proxy-servers-to-access-facebook-will-soon-be-unavailable-state-minister-tarana
-
Hahaha, gov't official - meet reality.
"State Minister for Posts and Telecommunica
* sur...@mauigateway.com (Scott Weeks) [Tue 01 Dec 2015, 19:40 CET]:
"Those who are using them are using a bandwidth with
a specific capacity. They won't be able to do that
much longer. Because this bandwidth's capacity is low."
"The second bandwidth's speed is far lower than normal.
Saboteurs c
If you've done one, please ping me off-list? Got a few clarifications that
the RFC doesn't go deep enough in the right places for.
Cheers,
-- jra
--
Jay R. Ashworth Baylink j...@baylink.com
Designer The Things I Think
I think that means they'd like to use deep packet inspection equipment
for the whole country. But they don't have the budget for equipment with
such capabilities so they want to limit bandwidth usage by cutting off
access to some popular services.
Maybe I got it all wrong; That article is very
Hi All,
we got an issue today that announces from Cogent don't reach Hurricane
Electric. HE support said that's a feature, not a bug.
So we have splitted Internet again?
I have to change at least one of my uplinks because of it, which one is
better to drop, HE or Cogent?
Martin-
I represent a statewide educational network running Juniper gear that is a
quasi-enterprise. I think efforts depend on size and type of network. We are
testing an approach that involves;
1) whitelisting known local resolvers, well behaved cloud DNS resolvers.
2) on ingress, policing
hasn't this been the case for ~10 yrs now?
On Tue, Dec 1, 2015 at 2:23 PM, Max Tulyev wrote:
> Hi All,
>
> we got an issue today that announces from Cogent don't reach Hurricane
> Electric. HE support said that's a feature, not a bug.
>
> So we have splitted Internet again?
>
> I have to change a
Just hit it for first time...
Is there any other similar splits in IPv6 world?
On 01.12.15 21:33, Christopher Morrow wrote:
> hasn't this been the case for ~10 yrs now?
>
> On Tue, Dec 1, 2015 at 2:23 PM, Max Tulyev wrote:
>> Hi All,
>>
>> we got an issue today that announces from Cogent don't
On Tue, Dec 01, 2015 at 09:23:08PM +0200, Max Tulyev wrote:
> we got an issue today that announces from Cogent don't reach Hurricane
> Electric. HE support said that's a feature, not a bug.
>
> So we have splitted Internet again?
Was there ever an adjacency between 6939 and 174 in the IPv6 DFZ?
M
Might I suggest cake pleas?
On Tuesday, December 1, 2015, Christopher Morrow
wrote:
> hasn't this been the case for ~10 yrs now?
>
> On Tue, Dec 1, 2015 at 2:23 PM, Max Tulyev > wrote:
> > Hi All,
> >
> > we got an issue today that announces from Cogent don't reach Hurricane
> > Electric. HE su
On Tue Dec 1 14:39:14 2015, Andrew Kirch wrote:
> Might I suggest cake pleas?
You mean
http://www.datacenterknowledge.com/wp-content/uploads/2009/10/Hurricane-Cake.jpg
?
--
Alarig
signature.asc
Description: Digital signature
Hello All,
We currently use TrippLite and over all have been very happy with their
metered PDU's. When we first started out we had some minor issues and their
support went above and beyond. Lately the their Java web interface has been
becoming a real pain. More and more browsers lock it by default
If I recall correctly, they have an HTML-based GUI. I rarely use it. I
mainly use SSH and SNMP which they support as well.
-A
On Tue, Dec 1, 2015 at 1:53 PM, Dovid Bender wrote:
> Hello All,
>
> We currently use TrippLite and over all have been very happy with their
> metered PDU's. When we f
+1 for APC, HTML based GUI, also supports major management protocols. Never had
a problem with it.
Ian Mock
-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Aaron C. de Bruyn
Sent: Tuesday, December 01, 2015 4:43 PM
To: Dovid Bender
Cc: NANOG
Subject: Re: APC
On Dec 1, 2015, at 1:53 PM, Dovid Bender wrote:
>
> Hello All,
>
> We currently use TrippLite and over all have been very happy with their
> metered PDU's. When we first started out we had some minor issues and their
> support went above and beyond. Lately the their Java web interface has been
>
Hopefully this should be a simple question ...
(Note: Akamai used as a generic CDN name in the context of this email
and could be any CDN provider)
Context: regulatory filings where wireless carriers states that zero
rating of certain selected streaming music is done based on the "from
IP" in p
Just to toss them into the mix as a suggestion to look at, we run
Server Technology PDUs here and really like them, especially the POPS+PIPS
line. As far as infrastructure device web interfaces go theirs is arguably
the best I've used and no Java is involved.
*[image: userimage]Scott Larson[
Raritan and apc pdus are great and do the job. We use snmp read and writes
mainly but the web interface is pretty good and no java out plugins needed.
Kind regards
James Greig
> On 1 Dec 2015, at 21:53, Dovid Bender wrote:
>
> Hello All,
>
> We currently use TrippLite and over all have bee
That cake will haunt NANOG until the end of time.
On Tue, Dec 1, 2015 at 12:01 PM, Alarig Le Lay wrote:
> On Tue Dec 1 14:39:14 2015, Andrew Kirch wrote:
> > Might I suggest cake pleas?
>
> You mean
>
> http://www.datacenterknowledge.com/wp-content/uploads/2009/10/Hurricane-Cake.jpg
> ?
>
> --
Deploy DNS COOKIES. This allows legitimate UDP traffic to be
identified and treated differently to spoofed traffic by providing
the equivalent to a TCP handshake but over UDP.
This is currently in IETF last call but the code points are assigned
and implementations are available. Ask your namese
The answer is: It depends.
:)
In the case of Akamai, for a standard streaming or HTTP service, the IP address
is not dedicated to a single customer. Also, Akamai is not going to give you a
list of IP addresses serving your content.
This is specific to Akamai, and for a general Akamai customer.
26 matches
Mail list logo
