Re: QUIC traffic throttled on AT residential

On Thu, Feb 20, 2020 at 10:19 AM Blake Hudson wrote: > > > On 2/19/2020 3:21 PM, Daniel Sterling wrote: > > On Wed, Feb 19, 2020 at 3:34 PM Blake Hudson wrote: > >> Yeah, that was a nice surprise to find that my tethered LTE connection > >> was out performing my wired cable modem service. Of

Re: QUIC traffic throttled on AT residential

> Not indiscriminate. > Indiscriminate - done at random or without careful judgement. Considering that Daniel is complaining that QUIC is broken, it certainly seems like some network operators are subjecting all UDP traffic on their network to the same policers. This feels pretty indiscriminate

Re: QUIC traffic throttled on AT residential

On Thu, 20 Feb 2020 at 15:57, Dave Bell wrote: > > On Thu, 20 Feb 2020 at 15:31, Ca By wrote: > >> UDP is broken >> > > I would argue that UDP isn't broken. Networks which drop it > indiscriminately are broken. > Does this errant network behaviour not impact RTP applications like video

Re: QUIC traffic throttled on AT residential

On Thu, Feb 20, 2020 at 8:34 AM Tom Beecher wrote: > I only wish I were insane; but from where I'm sitting, QUIC has broken >> my internet, and the resolution is blocking QUIC. >> > > The QUIC protocol itself isn't breaking anything ; some middlebox is > breaking QUIC. It's likely collateral

RE: QUIC traffic throttled on AT residential

On Thursday, 20 February, 2020 08:31, Ca By wrote: >On Thu, Feb 20, 2020 at 8:34 AM Tom Beecher wrote: > I only wish I were insane; but from where I'm sitting, QUIC >has broken > my internet, and the resolution is blocking QUIC. > > The QUIC protocol itself

Re: QUIC traffic throttled on AT residential

> > I only wish I were insane; but from where I'm sitting, QUIC has broken > my internet, and the resolution is blocking QUIC. > The QUIC protocol itself isn't breaking anything ; some middlebox is breaking QUIC. It's likely collateral damage from honest attempts to mitigate bad stuff. Blocking

Re: QUIC traffic throttled on AT residential

On 2/19/2020 3:21 PM, Daniel Sterling wrote: On Wed, Feb 19, 2020 at 3:34 PM Blake Hudson wrote: Yeah, that was a nice surprise to find that my tethered LTE connection was out performing my wired cable modem service. Of course, I had already signed up for a year of service and there were

Re: QUIC traffic throttled on AT residential

On Thu, Feb 20, 2020 at 9:56 AM Dave Bell wrote: > > On Thu, 20 Feb 2020 at 15:31, Ca By wrote: > >> UDP is broken >> > > I would argue that UDP isn't broken. Networks which drop it > indiscriminately are broken. > Not indiscriminate. As Google was informed by network operators all along since

Re: QUIC traffic throttled on AT residential

On Thu, 20 Feb 2020 at 15:31, Ca By wrote: > UDP is broken > I would argue that UDP isn't broken. Networks which drop it indiscriminately are broken.

Re: Re: QUIC traffic throttled on AT residential {5403687}

I didn't contact you. Fuck off. On Thu, 20 Feb 2020 at 16:01, Dead.net Customer Service < d...@wmgcustomerservice.com> wrote: > Thank you for contacting Dead.net customer service. > > Our customer service team will reply to your email as soon as possible. > > Due to our current email volume,

Re: QUIC traffic throttled on AT residential

On 2/20/2020 10:41 AM, Dave Bell wrote: Not indiscriminate. Indiscriminate - done at random or without careful judgement. Considering that Daniel is complaining that QUIC is broken, it certainly seems like some network operators are subjecting all UDP traffic on their network to the

Re: QUIC traffic throttled on AT residential

and just to check one thing... On Thu, Feb 20, 2020 at 2:33 PM Daniel Sterling wrote: > I don't particularly *want* to block or advocate blocking QUIC, but if > I keep hitting the issue and can't help people troubleshoot, what > other sane option have I? > i don't think you've addressed the

Re: QUIC traffic throttled on AT residential

On Thu, Feb 20, 2020 at 2:11 PM Jared Mauch wrote: > As a network operator my goal was always to ensure customers receive > the traffic they expected, high rates of UDP were often not what they wanted. Well, I wouldn't say I *want* UDP traffic, but if everyone is bound and determined to

Re: QUIC traffic throttled on AT residential

> > i don't think you've addressed the "replace your broken ISP" action that > is clearly sane and would fix this, right? > The sanity presumes two things: A: That he could do so without having to change addresses as well. (Something that is still all too true for much of the US.) B: The other

Re: QUIC traffic throttled on AT residential

On 2/20/2020 10:34 AM, Ca By wrote: On Thu, Feb 20, 2020 at 10:19 AM Blake Hudson > wrote: Your comments seem to differentiate IP4 vs IP6, but I don't believe that is relevant to the issue of an ISP throttling or breaking specific applications. If you

Re: QUIC traffic throttled on AT residential

On Thu, Feb 20, 2020 at 02:50:58PM -0500, Todd Underwood wrote: > and just to check one thing... > > On Thu, Feb 20, 2020 at 2:33 PM Daniel Sterling > wrote: > > > I don't particularly *want* to block or advocate blocking QUIC, but if > > I keep hitting the issue and can't help people

Re: QUIC traffic throttled on AT residential

On Thu, Feb 20, 2020 at 10:41 AM Dave Bell wrote: > > Not indiscriminate. >> > > Indiscriminate - done at random or without careful judgement. > > Considering that Daniel is complaining that QUIC is broken, it certainly > seems like some network operators are subjecting all UDP traffic on their

Re: QUIC traffic throttled on AT residential

On Thu, Feb 20, 2020 at 10:57:46AM -0600, Blake Hudson wrote: > On 2/20/2020 10:34 AM, Ca By wrote: > > > > On Thu, Feb 20, 2020 at 10:19 AM Blake Hudson > > wrote: > > Dropping udp is not from a “best practice” doc from a vendor, it is > > deployed by network ops folks

Re: QUIC traffic throttled on AT residential

On Thu, Feb 20, 2020 at 2:57 PM Jared Mauch wrote: > if the question is will the browser vendor (google) or the broadband provider > (att) > move first, i can already predict the answer. my experience (again) with the > quic > wg is they seem to think there's many options and bad providers

Re: QUIC traffic throttled on AT residential

> On Feb 20, 2020, at 3:30 PM, Daniel Sterling > wrote: > > On Thu, Feb 20, 2020 at 2:57 PM Jared Mauch wrote: >> if the question is will the browser vendor (google) or the broadband >> provider (att) >> move first, i can already predict the answer. my experience (again) with >> the quic

Re: TCP-AMP DDoS Attack - Fake abuse reports problem

Peace, On Fri, Feb 21, 2020, 1:18 AM Octolus Development wrote: > OVH are threatening to kick us off their network, because we are victims > of this attack. > Most of the hosting companies will do that to you because you're causing degradation of service quality for other customers.

Re: TCP-AMP DDoS Attack - Fake abuse reports problem

Peace, On Fri, Feb 21, 2020, 1:57 AM Filip Hruska wrote: > [..] OVH has been offering DDOS protection capable of soaking up hundreds > of gigabits+ per second as a standard with all their services for a long > time > They only do it for common trivial vectors like UDP-based amplification — and

Re: QUIC traffic throttled on AT residential

On 2/20/2020 1:10 PM, Jared Mauch wrote: On Thu, Feb 20, 2020 at 10:57:46AM -0600, Blake Hudson wrote: On 2/20/2020 10:34 AM, Ca By wrote: On Thu, Feb 20, 2020 at 10:19 AM Blake Hudson mailto:bl...@ispn.net>> wrote: Dropping udp is not from a “best practice” doc from a vendor, it is

Re: QUIC traffic throttled on AT residential

> On Feb 20, 2020, at 4:53 PM, Blake Hudson wrote: > > As a network operator my goal was always to ensure customers receive the traffic they expected, high rates of UDP were often not what they wanted. Adusting the limits may be useful but I still think the

TCP-AMP DDoS Attack - Fake abuse reports problem

A very old attack method called TCP-AMP ( https://pastebin.com/jYhWdgHn [https://pastebin.com/jYhWdgHn] ) has been getting really popular recently.  I've been a victim of it multiple times on many of my IP's and every time it happens - My IP's end up getting blacklisted in major big databases.

Re: Forest HQ Has Received Your Message: Re: TCP-AMP DDoS Attack - Fake abuse reports problem

Help saving precious resources by unsubscribing from the NANOG mailing list, or I will have to report the abuse. On Fri, Feb 21, 2020, 1:39 AM Electric Forest Festival < i...@electricforestfestival.com> wrote: > > *Electric Forest 2020 will take place on June 25-28, 2020.* > > Forest HQ has

Re: TCP-AMP DDoS Attack - Fake abuse reports problem

Hello, Since OVH has been offering DDOS protection capable of soaking up hundreds of gigabits+ per second as a standard with all their services for a long time, I'm assuming this is a miscommunication / standard support response. I would try to get in touch with the network team and include

Re: QUIC traffic throttled on AT residential

> On Feb 20, 2020, at 4:42 PM, Blake Hudson wrote: > > > > On 2/20/2020 1:10 PM, Jared Mauch wrote: >> On Thu, Feb 20, 2020 at 10:57:46AM -0600, Blake Hudson wrote: >>> On 2/20/2020 10:34 AM, Ca By wrote: On Thu, Feb 20, 2020 at 10:19 AM Blake Hudson >>> > wrote:

Re: QUIC traffic throttled on AT residential

Hello, On Thu, 20 Feb 2020 at 21:30, Daniel Sterling wrote: > As has been continually noted, this issue goes away if you use v4 TCP or v6 > UDP. IPv6 UDP is currently not broken, that doesn't mean v6 is the solution to this problem. It's just means the particular ISP did not yet deploy the

Re: TCP-AMP DDoS Attack - Fake abuse reports problem

It doesn't sound to be a real amplification.. If it is, can anyone provide the amplification factor? 1x? It sounds more like a TCP spoofing. Jean On 2020-02-20 18:22, Töma Gavrichenkov wrote: Peace, On Fri, Feb 21, 2020, 1:57 AM Filip Hruska > wrote: [..] OVH

Re: QUIC traffic throttled on AT residential

As a network operator my goal was always to ensure customers receive the traffic they expected, high rates of UDP were often not what they wanted. Adusting the limits may be useful but I still think the question of what rate of UDP traffic is acceptable is a practical one for

Re: [External] Re: QUIC traffic throttled on AT residential

On Thu, Feb 20, 2020 at 3:45 PM Jared Mauch wrote: > I can think of many legitimate cases, but i think this is where you have > internet for everyone and internet for the tech-savvy/business split that > becomes interesting. > > I’ve generally been willing to pay more for a business class

Re: QUIC traffic throttled on AT residential

Lukas Tribus wrote: IPv6 UDP is currently not broken, that doesn't mean v6 is the solution to this problem. It's just means the particular ISP did not yet deploy the same policies or "mitigations" for v6 traffic. It is more likely that the ISP does not support v6 at all. In a much smaller

Re: QUIC traffic throttled on AT residential

On Thu, Feb 20, 2020 at 8:10 AM Ca By wrote: > > > Not indiscriminate. > > As Google was informed by network operators all along since 2014, ipv4 UDP > is a major uptime threat via DDoS to access networks. > ... > > Google choose not to be sensitive to that, they were told where the > landmines

Re: TCP-AMP DDoS Attack - Fake abuse reports problem

On Thu, Feb 20, 2020 at 3:40 PM Jean | ddostest.me via NANOG < nanog@nanog.org> wrote: > It doesn't sound to be a real amplification.. If it is, can anyone provide > the amplification factor? 1x? > > It sounds more like a TCP spoofing. > Some reading for you:

Re: TCP-AMP DDoS Attack - Fake abuse reports problem

Amir: you're exactly correct -- but since you asked, here's their answer from the last time I suggested they respond with RSTs: https://seclists.org/nanog/2020/Jan/612 Damian On Thu, Feb 20, 2020 at 5:36 PM Amir Herzberg wrote: > If I read your description correctly: > > - Attacker sends

Re: TCP-AMP DDoS Attack - Fake abuse reports problem

If I read your description correctly: - Attacker sends spoofed TCP SYN from your IP address(es) and different src ports, to some TCP servers (e.g. port 80) - TCP servers respond with SYN/ACK ; many servers resend the SYN/ACK hence amplification . - *** your system does not respond *** - Servers

Re: QUIC traffic throttled on AT residential

Daniel Sterling wrote: A problem of QUIC with NAT is that existing NAT can not detect graceful shutdown of QUIC and must depends on timeout. So, port numbers may be used up before timeout. Hmm, this is not what is happening. I thought so. My point is that the problem can be another reason

Re: QUIC traffic throttled on AT residential

On 2/18/20 18:40, nanog-l...@contactdaniel.net wrote: Growing prevalence of IPv6-only sites is probably the only thing that will get a lot of access networks to support v6. I recall a similar idea called "The Great IPv6 Experiment" back in 2007. ;-) -- Jay Hennigan - j...@west.net Network