Re: TCP-AMP DDoS Attack - Fake abuse reports problem

hhh well Damian, Ok, I guess a free service has some costs :) More seriously, did you try to follow up and explain how dropping your RST packets may be exactly the reason for the attacker to abuse your IP space for the attack? Also, you may ask the provider of the victim to block SYN packets from

Re: TCP-AMP DDoS Attack - Fake abuse reports problem

Good luck responding to such SYN/ACK, when you get 10+Gbps of them (real case happened while ago with colleague). Sure those SYN/ACK are not from single location, and attackers might use whole /24 for SYN spoofing. On 2020-02-21 03:34, Amir Herzberg wrote: If I read your description

Re: TCP-AMP DDoS Attack - Fake abuse reports problem

Yeah this type of attack is a pain in the ass to deal with. Attacker is spoofing your IP addresses to millions of random web servers all over the Internet that see it as a typical SYN Flood those with automated reporting are likely blowing up OVH's abuse@ making a pain for them as well. However,

WISPA/ISP around Memphis

We have been contacted by a manufacturing company in Memphis, TN that needs WIFI installed throughout their plant. If you work in or around Memphis and have an interest in this, please contact me off list. -- Regards, David Funderburk GlobalVision 864-569-0703 -- This message has been

MDXi / Lagos

Hi Guys, Sorry for the off-topic post. I would appreciate it if someone that has rack space in MDXi can please ping me off list. I just have a few (two or three) random questions that I would appreciate some general feedback on. Many thanks, -- Regards, Chris Knipe

Re: NANOG 78 Webcasts

To kinda cross this off the list, the videos of all the individual talks are up on the Team NANOG Youtube channel. On Sat, Feb 15, 2020 at 10:12 PM Steve Feldman wrote: > > On Feb 15, 2020, at 6:21 PM, Joly MacFie wrote: > > My guess is that this is some kind of legal red tape, speakers

Re: QUIC traffic throttled on AT residential

There are choices, such as making connection initiation, connection acceptance, and connection termination parsable by network elements on the path so state can be established, maintained, and cleared, DoS can be identified, and so on. The decision was to hide all that from network elements.

Re: QUIC traffic throttled on AT residential

Hi Dan! > On 21 Feb 2020, at 20:22, Dan Wing wrote: > > There are choices, such as making connection initiation, connection > acceptance, and connection termination parsable by network elements on the > path so state can be established, maintained, and cleared, DoS can be > identified, and

Re: [External] Re: QUIC traffic throttled on AT residential

On Fri, Feb 21, 2020 at 2:22 PM Hunter Fuller wrote: > On Fri, Feb 21, 2020 at 2:42 PM Jared Mauch wrote: > > I can already hear the QUIC WG types blaming the network in abstentia, > because well, why would an operator want to keep their network functioning? > :-) > > In fairness, it's not

NANOG PC Selection

NANOG Community, Thank you for joining us in San Francisco, and online , for NANOG 78! I am excited to announce that 13 NANOG members accepted appointments to the Program Committee. 27 highly-qualified volunteers from the

Re: QUIC traffic throttled on AT residential

> On Feb 21, 2020, at 2:22 PM, Dan Wing wrote: > > There are choices, such as making connection initiation, connection > acceptance, and connection termination parsable by network elements on the > path so state can be established, maintained, and cleared, DoS can be > identified, and so

Re: [External] Re: QUIC traffic throttled on AT residential

On Fri, Feb 21, 2020 at 2:42 PM Jared Mauch wrote: > I can already hear the QUIC WG types blaming the network in abstentia, > because well, why would an operator want to keep their network functioning? > :-) In fairness, it's not actually functioning. For one thing, it's passing some traffic

Re: TCP-AMP DDoS Attack - Fake abuse reports problem

It is spoofing, but it is also absolutely amplification. Look at the preso that Damien linked : https://www.usenix.org/conference/woot14/workshop-program/presentation/kuhrer Hope that this doesn't become one of the 'services' that you provide! :) On Thu, Feb 20, 2020 at 6:40 PM Jean |

Weekly Routing Table Report

This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG and the RIPE Routing WG. Daily listings are sent to

Re: QUIC traffic throttled on AT residential

At this pace and having adopted CI/CD methodology, we may QUICkly run out of UDP ports to use. I’d actually switch to ICMP. Type 8 code 0 and Type 0, code 0. Then staging a war on rate-limiters around the world. Also, 123/udp seems to look interesting ;) -- ./ > On 22 Feb 2020, at 00:21,

Re: QUIC traffic throttled on AT residential

On Fri, Feb 21, 2020, 13:31 Łukasz Bromirski wrote: > > [...] > > Now… once we are aware, the only question is — where we go from here? > > — > ./ > Well, it's clear the UDP 443 experiment wasn't entirely successful. So clearly, it's time to use the one UDP port that is allowed through at the

Re: QUIC traffic throttled on AT residential

First we moved the entire internet to TCP/443. Now we propose moving it all to UDP/53. What’s next? Why not simply eliminate port numbers altogether in favor of a single 16-bit client-side unique session identifier. Owen > On Feb 21, 2020, at 15:20 , Matthew Petach wrote: > > > > On Fri,

[NANOG-announce] NANOG PC Selection

NANOG Community, Thank you for joining us in San Francisco, and online , for NANOG 78! I am excited to announce that 13 NANOG members accepted appointments to the Program Committee. 27 highly-qualified volunteers from the