Re: FCC workshop: Security vulnerabilities within our communications networks

looks like our best and brightest have the problem resolved, phew! we're all safe now. On Tue, Jun 25, 2019 at 5:26 PM Sean Donelan wrote: > > On Fri, 21 Jun 2019, Sean Donelan wrote: > > Federal Communications Commissioner Geoffrey Starks is holding a workshop > > next week, June 27, 2019, to

Re: Public Subnet re-assignments

Michel is right. This is a common configuration error: failing to have the mask agree on all interfaces. This is indeed what you would see. -mel On Jun 25, 2019, at 4:07 PM, Michel Py mailto:michel...@tsisemi.com>> wrote: > Scott wrote : > No nothing like that. I'm just removing the .0/30

Re: 80.67.75.0/24 (Akamai) announced by Kazakhtelecom

Yes. I saw this earlier today. It’s complex to unwind so many years of this config :-) Sent from my iCar > On Jun 25, 2019, at 5:42 PM, Eric Dugas wrote: > > Got alerts for 80.67.75.0/24 (Akamai) normally announced by Tier1 providers > routed by a long AS path from our of our peers: > >

RE: Public Subnet re-assignments

> Scott wrote : > No nothing like that. I'm just removing the .0/30 and 4/30 subnets and adding > .0/29. > To your previous question, yes .0 and .3 are unused. Once I change the > subnet .3 > becomes a usable IP and it's getting hammered with traffic, causing packet > loss. You change the

Re: Public Subnet re-assignments

If the sources are from many different IPs, it could be a DDoS attack that you simply didn’t notice before. You can black-hole individual IPs using a /32 null0 route. That will at least stop your border router from trying to ARP the destination, reducing broadcast traffic on the subnet. In

Re: Public Subnet re-assignments

--- sc...@viviotech.net wrote: From: Scott To your previous question, yes .0 and .3 are unused. Once I change the subnet .3 becomes a usable IP and it's getting hammered with traffic, causing packet loss. -- Is it legitimate traffic or DDoS stuff?

Re: Public Subnet re-assignments

No nothing like that. I'm just removing the .0/30 and 4/30 subnets and adding .0/29. To  your previous question, yes .0 and .3 are unused. Once I change the subnet .3 becomes a usable IP and it's getting hammered with traffic, causing packet loss. On 6/25/19 3:30 PM, Mel Beckman wrote: > Also,

Re: Public Subnet re-assignments

Also, what do you mean by “join to /30 public subnets to a /29”? You can’t overlap subnets, if that’s what you’re thinking. -mel > On Jun 25, 2019, at 3:27 PM, Mel Beckman wrote: > > You’re using just the two middle IPs in the four that make up the /30 set, > right? IOW, the subnet

Re: Public Subnet re-assignments

You’re using just the two middle IPs in the four that make up the /30 set, right? IOW, the subnet x.x.x.0/30 should have .0 and .3 unused (they’re broadcast), and you use .1 and .2. -mel > On Jun 25, 2019, at 9:41 AM, Scott wrote: > > First, sorry if this is a bit of a noob question. > >

80.67.75.0/24 (Akamai) announced by Kazakhtelecom

Got alerts for 80.67.75.0/24 (Akamai) normally announced by Tier1 providers routed by a long AS path from our of our peers: 80.67.75.0/24 AS path: 9002 9198 43727 6762 2914 23454 23454 I, validation-state: unknown 80.67.64.0/19 AS path: 1299 3257 34164 I just got home and it seems Akamai

Re: Are network operators morons? [was: CloudFlare issues?]

>> perhaps the good side of this saga is that it may be an inflection >> point > I doubt it. > The greyer my hair gets, the crankier I get. i suspect i am a bit ahead of you there but i used to think that the public would never become aware of privacy issues. snowen bumped that ball and tim

Re: FCC workshop: Security vulnerabilities within our communications networks

On Fri, 21 Jun 2019, Sean Donelan wrote: Federal Communications Commissioner Geoffrey Starks is holding a workshop next week, June 27, 2019, to hear from interested parties on how to address the national security threats posed by insecure equipment within our communications networks. The

Re: Are network operators morons? [was: CloudFlare issues?]

On Tue, 25 Jun 2019, Randy Bush wrote: perhaps the good side of this saga is that it may be an inflection point I doubt it. The greyer my hair gets, the crankier I get.

Re: Are network operators morons? [was: CloudFlare issues?]

perhaps the good side of this saga is that it may be an inflection point randy

Re: CloudFlare issues?

>> Respectfully, I believe Cloudflare’s public comments today have been >> a real disservice. This blog post, and your CEO on Twitter today, >> took every opportunity to say “DAMN THOSE MORONS AT 701!”. They’re >> not. > > I presume that seeing a CF blog post isn’t regular for you. :-). never

Public Subnet re-assignments

First, sorry if this is a bit of a noob question. I'm trying to find a way of preventing a slew of traffic to an IP, or IP's, when I join two /30 public subnets to a /29. It appears that while the ranges are /30 someone is trying to brute-force the network and/or broadcast addresses for the

Re: BGP filtering study resources (Was: CloudFlare issues?)

For further community-driven RPKI information there is: https://rpki.readthedocs.io/ Along with an FAQ: https://rpki.readthedocs.io/en/latest/about/faq.html Cheers, -Alex > On 25 Jun 2019, at 17:55, BATTLES, TIM wrote: > >

RE: BGP filtering study resources (Was: CloudFlare issues?)

https://www.nccoe.nist.gov/projects/building-blocks/secure-inter-domain-routing Timothy A Battles Chief Security Office 314-280-4578 tb2...@att.com 12976 Hollenberg Dr Bridgeton, MO 63044 The information contained in this e-mail, including any attachment(s), is intended

How Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Today

Cloudflare blog on the outage is out. https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today/ Martin On Mon, Jun 24, 2019 at 3:57 AM Dmitry Sherman wrote: > Hello are there any issues with CloudFlare services now? > > Dmitry Sherman >

Re: AWS 40/100G wholesale Express-Route ?

Hi, Some quick terminology to be clear, AWS uses the term "Direct Connect" whereas MS Azure uses "Express Route". Right now, max link bandwidths each: - AWS Direct Connect: 10G. - Azure Express Route: 100G (though I'm unsure this is available in every location) - GCP Dedicated Interconnect:

Re: BGP filtering study resources (Was: CloudFlare issues?)

Job also enjoys having his ID checked. Can we get a best practices link added to the list for that? On Tue, Jun 25, 2019 at 10:27 AM Job Snijders wrote: > Dear Stephen, > > On Tue, Jun 25, 2019 at 07:04:12AM -0700, Stephen Satchell wrote: > > On 6/25/19 2:25 AM, Katie Holly wrote: > > >

Re: Are network operators morons? [was: CloudFlare issues?]

(thanks, btw, again) On Tue, Jun 25, 2019 at 8:33 AM Patrick W. Gilmore wrote: > It is not like 701 is causing problems every week, or even ever year. If you > think this one incident proves they are ‘morons’, you are only showing you > are neither experienced nor mature enough to make that

BGP filtering study resources (Was: CloudFlare issues?)

Dear Stephen, On Tue, Jun 25, 2019 at 07:04:12AM -0700, Stephen Satchell wrote: > On 6/25/19 2:25 AM, Katie Holly wrote: > > Disclaimer: As much as I dislike Cloudflare (I used to complain > > about them a lot on Twitter), this is something I am absolutely > > agreeing with them. Verizon failed

Re: CloudFlare issues?

On Tue, Jun 25, 2019 at 7:06 AM Stephen Satchell wrote: > On 6/25/19 2:25 AM, Katie Holly wrote: > > Disclaimer: As much as I dislike Cloudflare (I used to complain about > > them a lot on Twitter), this is something I am absolutely agreeing with > > them. Verizon failed to do the most basic of

Re: Are network operators morons? [was: CloudFlare issues?]

On 25/Jun/19 14:59, Adam Kennedy via NANOG wrote: > > > I believe there probably is a happy medium we can all meet, sort of > our own ISP DMZ, where we can help one another in the simple mistakes > or cut each other some slack in those difficult times. I like to think > NANOG is that place.

Re: CloudFlare issues?

Hi Stephen, > I used to be a quality control engineer in my career, so I have a > question to ask from the perspective of a QC guy: what is the Best > Practice for minimizing, if not totally preventing, this sort of > problem? Is there a "cookbook" answer to this? > As suggested by Job in the

Re: CloudFlare issues?

On 6/25/19 2:25 AM, Katie Holly wrote: > Disclaimer: As much as I dislike Cloudflare (I used to complain about > them a lot on Twitter), this is something I am absolutely agreeing with > them. Verizon failed to do the most basic of network security, and it > will happen again, and again, and

Re: Are network operators morons? [was: CloudFlare issues?]

Now with that out of the way... The mentality of everyone working together for a Better Internet (tm) is sort of a mantra of WISPA and WISPs in general. It is a mantra that has puzzled me and perplexed my own feelings as a network engineer. Do I want a better overall experience for my users and

Re: Are network operators morons? [was: CloudFlare issues?]

On Tue, 25 Jun 2019, 14:31 Patrick W. Gilmore, wrote: > I must be old. All I can think is Kids These Days, and maybe Get Off My > BGP, er Lawn. > Maybe they ought to [puts on shades] mind their MANRS. M (scuttling away) >

Are network operators morons? [was: CloudFlare issues?]

[Removing the attribution, because many people have made statements like this over the last day - or year. Just selecting this one as a succinct and recent example to illustrate the point.] >> This blog post, and your CEO on Twitter today, took every opportunity to say >> “DAMN THOSE MORONS AT

Re: CloudFlare issues?

Verizon Business / Enterprise is the access network, aka 701/2/3. Verizon Media Group is the CDNs/Media side. Digital Media Services ( Edgecast ) , Yahoo, AOL. 15133 / 10310 / 1668. ( The entity formerly named Oath, created when Yahoo was acquired. ) On Tue, Jun 25, 2019 at 06:54 Hank Nussbacher

Re: CloudFlare issues?

On 25/06/2019 08:17, Christopher Morrow wrote: On Tue, Jun 25, 2019 at 12:49 AM Hank Nussbacher wrote: On 25/06/2019 03:03, Tom Beecher wrote: Disclaimer : I am a Verizon employee via the Yahoo acquisition. I do not work on 701. My comments are my own opinions only. Respectfully, I believe

Re: CloudFlare issues?

On Mon, Jun 24, 2019 at 09:39:13PM -0400, Ross Tajvar wrote: > A technical one - see below from CF's blog post: > "It is unfortunate that while we tried both e-mail and phone calls to reach > out to Verizon, at the time of writing this article (over 8 hours after the > incident), we have not heard

Re: CloudFlare issues?

Disclaimer : I am a Verizon employee via the Yahoo acquisition. I do not work on 701. My comments are my own opinions only. Disclaimer: As much as I dislike Cloudflare (I used to complain about them a lot on Twitter), this is something I am absolutely agreeing with them. Verizon failed to do