On 8 Dec 2021, at 1:47 PM, Randy Bush mailto:ra...@psg.com>>
wrote:
hi john
While that was inevitable at ARIN’s inception and continued for many
years, it is not currently the case that there are more legacy
customers than paying customers
i am easily confused. so just to keep my nouns the
On Thu, 9 Dec 2021 at 17:39, Deepak Jain wrote:
> Google’s 14 corrupts the packet or maybe deliberately manipulates it? 1.1.1.1
> doesn’t do that.
8.8.8.8 truncates ICMP's responses, this is well known. Different
platforms will react differently to it.
lukas@dev:~$ ping 8.8.8.8 -c1 -s1000
PING
Haven't seen this before. This is a Nexus 9K as a testing platform. Getting
sporadic complaints about data transfers aborting, but data moves well through
the platform.
Hop 13 doesn't respond to our 1400 byte ping, hop 12 does a normal response,
Google's 14 corrupts the packet or maybe
On Thu, Dec 9, 2021 at 7:15 AM Jean St-Laurent wrote:
> What is a ddos death spiral?
>
>
>
A closed circle economy where the vendor provides both the problem and the
solution
https://krebsonsecurity.com/2020/01/ddos-mitigation-firm-founder-admits-to-ddos/
That is just one example.
There are
Ca By wrote on 09/12/2021 14:36:
Just saying, facts are on my side. Check the number of times dnssec
caused an outage. Then check the number of hacks prevented by dnssec.
Literally 0.
it serves a purpose. There are plenty of actors, both public and
private sector, who would be happy to
I understand now and I agree with you that there’s something fishy there.
Fear sells.
Thanks
Jean
From: Ca By
Sent: December 9, 2021 10:47 AM
To: Jean St-Laurent
Cc: Arne Jensen ; nanog@nanog.org
Subject: Re: Anyone else seeing DNSSEC failures from EU Commission ?
Thu, Dec 09, 2021 at 12:52:45PM +, John Curran:
> So we’re approximately here at the beginning of December 2021 -
>
>7500 ISPs (i.e. services under an RSA / Members)
>8500 End-users (i.e. services under an RSA / Not Members Today)
> 15250 Legacy non-contracted (receiving
hi joh,
thanks for numbers in the shape i remember them. my only comment would
be a nit
> 15250 Legacy non-contracted (receiving services w/o fee or agreement / Not
> Members)
^ some
as i do not follow arin news, i found this even more interesting
>
On Thu, Dec 9, 2021 at 4:52 AM John Curran wrote:
> In a month (January 2022) it will become -
>
> 16000 ARIN IPv4/IPv6 customers (i.e. services under an RSA and with
> membership rights)
> 15250 Legacy non-contracted (receiving services w/o fee or agreement /
> Not Members)
>
>
On Thu, Dec 9, 2021 at 1:07 AM Arne Jensen wrote:
> Den 08-12-2021 kl. 15:32 skrev Niels Bakker:
> > * darkde...@darkdevil.dk (Arne Jensen) [Wed 08 Dec 2021, 15:23 CET]:
> >> To me, that part of it also points towards a broken implementation at
> >> CloudFlare, letting a bogus (insecure)
I’m not sure what you’re talking about. DNSSEC is alive and well and protects
DNS in-flight from modification. Any client with proper DNSSEC implemented will
drop any forged DNS response from an attackers dns server and prevent them from
loading whatever resource they were trying to access.
On Thu, Dec 9, 2021 at 3:35 AM John Curran wrote:
> So we’re approximately here at the beginning of December 2021 -
>
> 7500 ISPs (i.e. services under an RSA / Members)
> 8500 End-users (i.e. services under an RSA / Not Members Today)
> 15250 Legacy non-contracted
On 9 Dec 2021, at 7:55 AM, William Herrin
mailto:b...@herrin.us>> wrote:
On Thu, Dec 9, 2021 at 3:35 AM John Curran
mailto:jcur...@arin.net>> wrote:
So we’re approximately here at the beginning of December 2021 -
7500 ISPs (i.e. services under an RSA / Members)
8500 End-users
What is a ddos death spiral?
Jean
From: NANOG On Behalf Of Ca By
Sent: December 9, 2021 9:36 AM
To: Arne Jensen
Cc: nanog@nanog.org
Subject: Re: Anyone else seeing DNSSEC failures from EU Commission ?
(european-union.europa.eu)
and you feeding the vendor / hacker ddos death spiral
Thanks for this.. turned off netflow export.. and it dropped our qfp load
from 44% to 18%. ugh..
---
Colin Legendre
On Thu, Dec 9, 2021 at 4:22 AM Brian Turnbow via NANOG
wrote:
>
>
> > On 11/26/2021 1:09 PM, Colin Legendre wrote:
> > > Hi,
> > >
> > > We have ...
> > >
> > > ASR1006 that
> On 10 Dec 2021, at 01:36, Ca By wrote:
>
>
>
> On Thu, Dec 9, 2021 at 1:07 AM Arne Jensen wrote:
> Den 08-12-2021 kl. 15:32 skrev Niels Bakker:
> > * darkde...@darkdevil.dk (Arne Jensen) [Wed 08 Dec 2021, 15:23 CET]:
> >> To me, that part of it also points towards a broken implementation
If you still need netflow to gain some visibility on what’s happening, you
could check the percentage of netflow export.
Usually 1/1000 is good or 0.1%. Maybe for you 1/1 000 000 could be good enough
too.
If 100% was used, then indeed there are some real time performance penalties.
NBAR was not enabled.. just netflow export.. and that was enough..
---
Colin Legendre
President and CTO
Coextro - Unlimited. Fast. Reliable.
w: www.coextro.com
e: clegen...@coextro.com
p: 647-693-7686 ext.101
m: 416-560-8502
f: 647-812-4132
On Thu, Dec 9, 2021 at 7:17 PM Colin Legendre
Den 08-12-2021 kl. 16:23 skrev Masataka Ohta:
Arne Jensen wrote:
It is my understanding that the CNAME should never have been followed,
Wrong.
Hmm, okay.
-> https://www.rfc-editor.org/rfc/rfc4034.txt
Section 3, "The RRSIG Resource Record", at the third phrase:
Because every
Den 08-12-2021 kl. 15:32 skrev Niels Bakker:
* darkde...@darkdevil.dk (Arne Jensen) [Wed 08 Dec 2021, 15:23 CET]:
To me, that part of it also points towards a broken implementation at
CloudFlare, letting a bogus (insecure) responses take effect anyway.
Or they prefer allowing people to visit
> On 11/26/2021 1:09 PM, Colin Legendre wrote:
> > Hi,
> >
> > We have ...
> >
> > ASR1006 that has following cards...
> > 1 x ESP40
> > 1 x SIP40
> > 4 x SPA-1x10GE-L-V2
> > 1 x 6TGE
> > 1 x RP2
> >
> > We've been having latency and packet loss during peak periods...
> >
> > We notice all is
21 matches
Mail list logo