Re: DOS in progress ?

On Thu, 6 Aug 2009, Bill Woodcock wrote: > Note that this is a deeply-layered conflict, with both sides trying to > pass off actions as those of the other, and I don't know of anyone who's > asserted that they have any means of determining whether this was a > Georgian atta

Re: DOS in progress ?

On Aug 6, 2009, at 10:26 PM, Bill Woodcock wrote: On Thu, 6 Aug 2009, Marshall Eubanks wrote: http://www.nytimes.com/2009/08/07/technology/internet/07twitter.html Mr. Woodcock said this particular attack consisted of a wave of spam e-mail messages, which began infiltrating Twitter

Huawei optical transport

Everyone, I was curious if anyone has used Huawei Optical transport. We are looking at OptiX OSN 6800A to upgrade our backbone to 10G. Pro's and Con's would be great if anyone has used the platform. Thanks, Jeremy

Re: DOS in progress ?

On Thu, 6 Aug 2009, Marshall Eubanks wrote: > http://www.nytimes.com/2009/08/07/technology/internet/07twitter.html > Mr. Woodcock said this > particular attack consisted of a wave of spam e-mail messages, which began > infiltrating Twitter Uh... Yes, well, the gist of my ex

Re: DOS in progress ?

On Aug 6, 2009, at 5:29 PM, Christoph Blecker wrote: It looks like there is something more widespread today. I've noticed a couple other sites having issues. LiveJournal has confirmed they are under attack as well: http://community.livejournal.com/lj_maintenance/125027.html This is interesti

Re: DOS in progress ?

It looks like there is something more widespread today. I've noticed a couple other sites having issues. LiveJournal has confirmed they are under attack as well: http://community.livejournal.com/lj_maintenance/125027.html Cheers, -Christoph Jorge Amodio wrote: > FB flakyness could be related to t

Re: Conclusion: Smart hands in NYC area and new: Tokyo

Semi-on topic: In 2005 I was working with NTTcom on creating a new webhosting offering. NTT was going to move 16 FULL racks of net and server gear from the lab, to the next floor which was the actual datacenter. This required (due to weight and space issues) that every server/net device had to be

Re: DOS in progress ?

FB flakyness could be related to timeout with Twitter APIs Just reported by the birdhouse: "As we recover, users will experience some longer load times and slowness. This includes timeouts to API clients. We’re working to get back to 100% as quickly as we can."

Re: DOS in progress ?

On Thu, 06 Aug 2009 11:12:23 CDT, Jorge Amodio said: > > "We are defending against a denial-of-service attack, and will update status > > again shortly." > > Could be interesting if folks @Twitter take pictures or better video about how > are they defending against the attack. > > Do they wear sp

Re: DOS in progress ?

> "We are defending against a denial-of-service attack, and will update status > again shortly." Could be interesting if folks @Twitter take pictures or better video about how are they defending against the attack. Do they wear special helmets and cyber pitchforks ?

Re: DOS in progress ?

http://status.twitter.com/ Ongoing denial-of-service attack 1 hour ago We are defending against a denial-of-service attack, and will update status again shortly. *Update*: the site is back up, but we are continuing to def

Re: DOS in progress ?

> http://status.twitter.com/ > > "We are defending against a denial-of-service attack, and will update status > again shortly." Perhaps the "puddy tat" finally got the bird :-)

RE: DOS in progress ?

http://status.twitter.com/ "We are defending against a denial-of-service attack, and will update status again shortly." -Original Message- From: Marshall Eubanks [mailto:t...@americafree.tv] Sent: 06 August 2009 16:57 To: Jorge Amodio Cc: NANOG Subject: Re: DOS in progress ? On Aug 6,

RE: DOS in progress ?

From: Marshall Eubanks [mailto:t...@americafree.tv] > > Twitter is very flaky & slow to load today, but that is > hardly unusual. > > Do you have any other evidence ? > http://www.cnn.com/2009/TECH/08/06/twitter.attack/index.html

Re: DOS in progress ?

check out: http://status.twitter.com/ Tells the story. Chris Gotstein Sr Network Engineer UP Logon/Computer Connection UP 500 N Stephenson Ave Iron Mountain, MI 49801 Phone: 906-774-4847 Fax: 906-774-0335 ch...@uplogon.com Ken Gilmour wrote: Down from Costa Rica and Ireland too... Interesting

Re: DOS in progress ?

On Aug 6, 2009, at 11:25 AM, Jorge Amodio wrote: Are folks seeing any major DOS in progress ? Twitter seems to be under one and FB is flaky. Twitter is very flaky & slow to load today, but that is hardly unusual. Do you have any other evidence ? Regards Marshall

Re: DOS in progress ?

Down from Costa Rica and Ireland too... Interesting that they are starting to go for Social Networking sites now. Have they given up on online gambling sites now? It appears as though they haven't been actively attacking gambling sites for several days... 2009/8/6 Jorge Amodio : > Are folks seeing

Re: DOS in progress ?

Facebook is being really flaky here in Ireland too. http://www.irishtimes.com/newspaper/breaking/2009/0806/breaking53.htm (about Twitter) 2009/8/6 Cody Appleby > Ditto from Canberra, Australia > FB very flakey, same as Andy I guess. > > Thanks, > Cody Appleby > > > On 07/08/2009, at 1:36 AM, An

Re: DNS hardening, was Re: Dan Kaminsky

On Thu, Aug 6, 2009 at 11:16 AM, Paul Vixie wrote: > note, i went off-topic in my previous note, and i'll be answering florian > on namedroppers@ since it's not operational.  chris's note was operational: > >> Date: Thu, 6 Aug 2009 10:18:11 -0400 >> From: Christopher Morrow >> >> awesome, how does

Re: DOS in progress ?

Ditto from Canberra, Australia FB very flakey, same as Andy I guess. Thanks, Cody Appleby On 07/08/2009, at 1:36 AM, Andy Ringsmuth wrote: Same thing for me here in Lincoln, Neb. I was having issues like this starting Thursday evening about 8 p.m. or so, and it has continued all morning.

Re: DOS in progress ?

Same thing for me here in Lincoln, Neb. I was having issues like this starting Thursday evening about 8 p.m. or so, and it has continued all morning. And of course with Facebook being so vital to my job :) I can't pin down specifics, just that it feels "flaky" I guess. Timeouts, ret

Re: DOS in progress ?

Jorge Amodio wrote: Are folks seeing any major DOS in progress ? Twitter seems to be under one and FB is flaky. DDoS happens hundreds of times a day. Twitter and the Internet operations security community will likely take care of it, especially as it's twitter and we all have a warm fuzzy f

Re: DOS in progress ?

Seeing the same thing. Can't bring up either sites. Jorge Amodio wrote: Are folks seeing any major DOS in progress ? Twitter seems to be under one and FB is flaky.

Re: DOS in progress ?

We are presently seeing some weird FB behavior -- timeouts and retry issues. We've had several reports from our users and just began investigating. Any info you have would be appreciated. --sjk Jorge Amodio wrote: > Are folks seeing any major DOS in progress ? > > Twitter seems to be under one a

Re: DNS hardening, was Re: Dan Kaminsky

On Thu, Aug 06, 2009 at 03:16:25PM +, Paul Vixie wrote: > > ...: "Do loadbalancers, or loadbalanced deployments, deal with this > > properly?" (loadbalancers like F5, citrix, radware, cisco, etc...) > > as far as i know, no loadbalancer understands SCTP today. if they can be > made to pass SC

DOS in progress ?

Are folks seeing any major DOS in progress ? Twitter seems to be under one and FB is flaky.

Re: DNS hardening, was Re: Dan Kaminsky

note, i went off-topic in my previous note, and i'll be answering florian on namedroppers@ since it's not operational. chris's note was operational: > Date: Thu, 6 Aug 2009 10:18:11 -0400 > From: Christopher Morrow > > awesome, how does that work with devices in the f-root-anycast design? > (bo

Re: dnscurve and DNS hardening, was Re: Dan Kaminsky

On 8/5/09 7:05 PM, Naveen Nathan wrote: On Wed, Aug 05, 2009 at 09:17:01PM -0400, John R. Levine wrote: ... It seems to me that the situation is no worse than DNSSEC, since in both cases the software at each hop needs to be aware of the security stuff, or you fall back to plain unsigned DNS.

Re: DNS hardening, was Re: Dan Kaminsky

On Thu, Aug 6, 2009 at 2:51 AM, Paul Vixie wrote: > Christopher Morrow writes: > >> how does SCTP ensure against spoofed or reflected attacks? > > there is no server side protocol control block required in SCTP.  someone > sends you a "create association" request, you send back a "ok, here's your

A DNSSEC irony

At 15:53 -0700 8/5/09, Douglas Otis wrote: DNSSEC UDP will likely become problematic. dotORG (.org) is DNSSEC signed now. nanog.org is DNSSEC signed now. Still getting mail on the list saying "DNSSEC UDP will be a problem"... (from some commercial's punch line) ...priceless Continuing, T

Re: dnscurve and DNS hardening, was Re: Dan Kaminsky

On Wed, 5 Aug 2009, Naveen Nathan wrote: > > I might misunderstand how dnscurve works, but it appears that dnscurve > is far easier to deploy and get running. Not really. There are multiple competing mature implementations of DNSSEC and you won't be in a network of 1 if you deploy it. Tony. -- f

Conclusion: Smart hands in NYC area and new: Tokyo

Hello altogether, I got a couple of freelancers and a few tips which companies to use. I thought I'd at least share the company recommendations, of which I'll have the bosses pick. One other thing - I'll be needing the same thing in Tokyo by the end of the year. If anyone has recommendations, ple

Re: dnscurve and DNS hardening, was Re: Dan Kaminsky

There are really two security problems here, which implies that two different methods might be necessary: 1) Authenticate the nameserver to the client (and so on up the chain to the root) in order to defeat the Kaminsky attack, man in the middle, IP-layer interference. (Are you who you say you

Re: DNS hardening, was Re: Dan Kaminsky

On Thu, 6 Aug 2009, Florian Weimer wrote: This doesn't seem possible with current SCTP because the heartbeat rate quickly adds up and overloads servers further upstream. It also does not work on UNIX-like system where processes are short-lived and get a fresh stub resolver each time they are

Re: dnscurve and DNS hardening, was Re: Dan Kaminsky

* Naveen Nathan: > I'll assume the cipher used for the lasting secret keys is interchangeable. Last time I checked, even the current cryptographic algorithms weren't specified. It's unlikely that there is an upgrade path (other than stuffing yet another magic label into your name server names).

Re: DNS hardening, was Re: Dan Kaminsky

* John Levine: > 3) Random case in queries, e.g. GooGLe.CoM This does not work well without additional changes because google.com can be spoofed with responses to 123352123.com (or even 123352123.). Unbound strives to implement the necessary changes, some of which are also required if you want t

Re: DNS hardening, was Re: Dan Kaminsky

* Paul Vixie: > there is no server side protocol control block required in SCTP. SCTP needs per-peer state for congestion control and retransmission. > someone sends you a "create association" request, you send back a > "ok, here's your cookie" and you're done until/unless they come back > and s

Re: DNS hardening, was Re: Dan Kaminsky

* Douglas Otis: > DNSSEC UDP will likely become problematic. This might be due to > reflected attacks, SCTP does not stop reflective attacks at the DNS level. To deal with this issue, you need DNSSEC's denial of existence. The DNSSEC specs currently doesn't allow you to stop these attacks dead

Re: DNS hardening, was Re: Dan Kaminsky

* Douglas Otis: > Establishing SCTP as a preferred DNS transport offers a safe harbor > for major ISPs. SCTP is not a suitable transport for DNS, for several reasons: Existing SCTP stacks are not particularly robust (far less than TCP). The number of bugs still found in them is rather large. On