Re: Solutions for DoS & DDoS

The most popular solution is Arbor Clean pipes. they have different ways you can get this : http://www.arbornetworks.com/ On Thu, Dec 6, 2012 at 5:26 PM, Erol Blakely wrote: > My experience with most providers has been that null routing is the > "industry standard" when a DDoS hits their netw

Re: Solutions for DoS & DDoS

My experience with most providers has been that null routing is the "industry standard" when a DDoS hits their network. I would suggest approaching companies who specialize in DDoS mitigation - Prolexic and Blacklotus to name two I am familiar with. These outfits may have something that works

Re: Amazon Abuse contact

Thank you for everyone's help. We were contacted by Amazon today. Sincerely, Mark Keymer On 12/6/2012 1:37 PM, Enrico Sorge wrote: http://aws.amazon.com/security/vulnerability-reporting/ On Tue, Dec 4, 2012 at 11:40 PM, Mark Keymer > wrote: Hi, If ther

Re: Online/double-conversion UPS economy/high efficiency modes?

I apologize for mentioning it; thanks for taking the time to point out such data could not possibly be useful. ~Seth Sent from my iPad, please excuse my brevity. On Dec 6, 2012, at 16:19, Alex Rubenstein wrote: >> I have a 700VA 9130 rackmount that I recently bought to give it an eval run >>

RE: Online/double-conversion UPS economy/high efficiency modes?

> I have a 700VA 9130 rackmount that I recently bought to give it an eval run > (although the first was a dud). There is a 3kVA model. For my small load it > reports a PF of 0.91 online. PF, as in power factor? That has nothing to do with UPS efficiency.

Re: Google Fiber - keeps you regular

If you look at www.google.com/fiber they do seem to be in that market now On Friday, December 7, 2012, Otis L. Surratt, Jr. wrote: > Yep. But you know I wouldn't be surprised if Google entered that market. > That's why I was asking. You never know these days. > > From: Suresh Ramasubramanian [ma

RE: Google Fiber - keeps you regular

Yep. But you know I wouldn't be surprised if Google entered that market. That's why I was asking. You never know these days. From: Suresh Ramasubramanian [mailto:ops.li...@gmail.com] Sent: Thursday, December 06, 2012 5:36 PM To: Otis L. Surratt, Jr. Cc: nanog@nanog.org Subject: Re: Google Fiber

Re: Google Fiber - keeps you regular

All jokes about crappy Internet service aside, that is? On Friday, December 7, 2012, Otis L. Surratt, Jr. wrote: > Why does the youtube video link lead back to their Fiber Internet/TV > offering? > Maybe I'm lost but the video is about a Google Fiber Bar right? > > Otis > > -Original Message-

RE: Google Fiber - keeps you regular

Why does the youtube video link lead back to their Fiber Internet/TV offering? Maybe I'm lost but the video is about a Google Fiber Bar right? Otis -Original Message- From: Suresh Ramasubramanian [mailto:ops.li...@gmail.com] Sent: Thursday, December 06, 2012 5:31 AM To: nanog@nanog.org

Verizon ISP ATM ports

Hey All, Its that time of the year again, and I am looking for verizon ATM/DSL wholesale DSL ports for NY/NJ latas. Off-list replies are welcome. Thanks, Joe

Re: Online/double-conversion UPS economy/high efficiency modes?

On 12/6/12 12:49 PM, William Herrin wrote: > Hi folks, > > I'm looking at several brands of rackmount 3kva double-conversion > UPSes, such as Tripp Lite and Eaton Powerware. I'm specifically > looking for something that will work as a line-interactive UPS until > the power starts to misbehave and

RE: Online/double-conversion UPS economy/high efficiency modes?

> > I'm looking at several brands of rackmount 3kva double-conversion > > UPSes, such as Tripp Lite and Eaton Powerware. I'm specifically > > looking for something that will work as a line-interactive UPS until > > the power starts to misbehave and will then switch to > > double-conversion mode unt

Re: Cogent outage?

Internap just updated: Cogent has said that the issue they were having has been resolved. Internap's BGP session was turned back up at approximately 15:45 EST and traffic has been stable since that time. On Thu, Dec 6, 2012 at 4:36 PM, Blair Trosper wrote: > We've seen BGP resets on our servers

RE: Online/double-conversion UPS economy/high efficiency modes?

That is so old-school FUD re line-interactive vs double-conversion. Very much the tubeless vs tubed tire debate all over again. Buy well-engineered quality brand products (ie Emerson/Liebert, Schneider/APC) then it will be a non-issue. -Original Message- From: Mike [mailto:mike-na...@tiedy

Re: Amazon Abuse contact

http://aws.amazon.com/security/vulnerability-reporting/ On Tue, Dec 4, 2012 at 11:40 PM, Mark Keymer wrote: > Hi, > > If there is a Amazon Abuse person our there or if someone has a good > contact to someone at Amazon can you message me off-list. > > We have put in some Abuse request a couple

Re: Cogent outage?

We've seen BGP resets on our servers in Tampa...with Cogent no longer being the preferred route for outgoing traffic. The preferred path from out DC is now through Hurricane (AS6939). Blair Trosper Updraft Networks & LEARN (North Texas GigaPOP) On Thu, Dec 6, 2012 at 3:09 PM, Michael Bubb wrote

Re: How to get DID local numbers (IP Telephony)

>Can someone explain me how can I get an block of DID (Telephony numbers)? As I think recent messages have shown, it's not possible to provide a useful answer unless you give us some hint about what you want to do with the traffic from those numbers. If you want to deliver it via SIP over the pub

Re: Online/double-conversion UPS economy/high efficiency modes?

On 12/06/2012 12:49 PM, William Herrin wrote: Hi folks, I'm looking at several brands of rackmount 3kva double-conversion UPSes, such as Tripp Lite and Eaton Powerware. I'm specifically looking for something that will work as a line-interactive UPS until the power starts to misbehave and will th

RE: Cogent outage?

We got a notice from Internap a few hours ago: "At approximately 12:10 EST Internap shut down the BGP session with Cogent as we were widespread packet loss issues through their network out of our New York (NYM) PNAP. We are contacting Cogent to see if they are aware of what the issue is. " The

Re: Solutions for DoS & DDoS

By coincidence we have just published the video archive of our "Mitigating DDoS Attacks: Best Practices for an Evolving Threat Landscape" event last Wednesday. It's at http://youtu.be/FR0660X9lGc We'll have a full transcript up early next week. j On Thu, Dec 6, 2012 at 12:51 PM, Mike Gatti wro

RE: Solutions for DoS & DDoS

Is the cause of this non-profit a controversial one with a good likelihood of attracting the attention of demographics with the ability to mount DDoS attacks? If your upstream can do it for a good price (on account of being a non-profit organization) and they have lots of bandwidth along with a dec

Re: Solutions for DoS & DDoS

The ideal solution is a carrier that has its own true DDoS mitigation platform, and does not rely on black hole routing . Have the carrier handle the the large bulk flood attacks, then have your own prem base mitigation platform take care of the more application specific attacks that get through

Online/double-conversion UPS economy/high efficiency modes?

Hi folks, I'm looking at several brands of rackmount 3kva double-conversion UPSes, such as Tripp Lite and Eaton Powerware. I'm specifically looking for something that will work as a line-interactive UPS until the power starts to misbehave and will then switch to double-conversion mode until a whil

RE: Cogent outage?

Seeing 25% packet lost between Tampa and Munich at 19:59 UTC James Harris 727-571-9328 -Original Message- From: Matthew Huff [mailto:mh...@ox.com] Sent: Thursday, December 06, 2012 12:12 PM To: 'nanog@nanog.org' Subject: Cogent outage? About 10 minutes ago we stopped being able to pass

Re: How to get DID local numbers (IP Telephony)

- Original Message - > From: "Сергей Харламов" > Can someone explain me how can I get an block of DID (Telephony > numbers)? For example I need 200 numbers. Is that special organization > or I must buy it somewhere? > What the rule for USA (NY) about telephony providing ? Should I have a

RE: Six Strike Rule (Was: William was raided...)

If you are a facilities based broadband provider in the US you have to comply with CALEA. There is no "coming to some agreement", you have a legal obligation to comply. No more, and no less. You don't have to comply with requests from agencies other than law enforcement under CALEA but you may n

Re: How to get DID local numbers (IP Telephony)

If you're looking to use SIP, I've had a good experience with Flowroute.com. I got one of my customers a block of 20 DIDs from them. Flowroute had to order the block from the CLEC in their area code and it took about two weeks. Derek On Dec 4, 2012, at 5:03 PM, Сергей Харламов wrote: > >

RE: How to get DID local numbers (IP Telephony)

You can get DID numbers from a carrier when you buy a service from them. There is usually a ratio of how many DIDs you can get for a certain service. I know you will need state utilities commission licenses at least if you want to become a telephone carrier. IP only voice service I am not su

RE: China Telecom VPN problems (again)

There are lots of carriers but unfortunately they all seem to use China Telecom infrastructure for transport so there is not really a way to get better Internet service there. In our experience MPLS performs better because China Telecom seems to hand off service to the international MPLS carriers

RE: China Telecom VPN problems (again)

Agreed. I have run IPsec over MPLS with no problem in China on several carriers. Internet connectivity also worked but performance was spotty due to overloaded firewall or circuits in and out of the country. Steven Naslund -Original Message- From: Tom Paseka [mailto:t...@cloudflare.com]

RE: China Telecom VPN problems (again)

Make sure you check this out in detail. My export / import people found out that if the device is going to be in control of and used by a US company doing business in China, there are a lot less encryption restrictions. The ruling was that it was not an export if the device remains the property o

RE: Streaming video traffic increase from Level3?

We think we found out the source of usage -- the local college's Men's Volleyball team played last night against the neighboring (rival) school. The local college's streams are fixed at 1.5 Mbps, so you just need a few people watching to make it add up in hurry. That would explain the usage and wh

Solutions for DoS & DDoS

Hello Everyone, I'm assisting a non-profit organization to research solutions to secure their network from DOS/DDOS attacks. So far we have gone the route of discussing with their ISP's to see what solutions they have to offer, believing that the carriers are better positioned to block the att

RE: Cogent outage?

We just disabled our peering with Cogent in Boston and things have improved. We still have peering with them established in NYC (60 Hudson). Jeremiah Millay Network Engineer Vermont Telephone Co., Inc. Phone: 802 885-7796 Mobile: 802 289-2116 E-Mail: jmil...@vermontel.com -Original Message--

Re: Cogent outage?

Internet pulse now shows cogent with increased latency on nearly every peer. >From my Galaxy Note II, please excuse any mistakes. Original message From: Christopher Nielsen Date: 12/06/2012 9:31 AM (GMT-08:00) To: Matthew Huff Cc: nanog@nanog.org Subject: Re: Cogent outage?

RE: Cogent outage?

We are peered in Westchester Co, NY (north of NYC). Reports from status.cogentco.com suggest a problem in NYC. I wonder if it's related to the 75 Broad Street explosion this morning. According to Cogent status, they are running on generator. Matthew Huff | 1 Manhattanville Rd D

Re: Cogent outage?

I'm seeing packet loss between my Atlanta Cogent connection and some servers we have in both Dallas and London. According to Cogent's status page they're having an outage in the NYC area. -Proto http://status.cogentco.com/ On Thu, Dec 6, 2012 at 12:11 PM, Matthew Huff wrote: > About 10 minutes

Re: Cogent outage?

Internet pulse shows cogent being difficult. >From my Galaxy Note II, please excuse any mistakes. Original message From: Nick Olsen Date: 12/06/2012 9:28 AM (GMT-08:00) To: Steven Saner ,nanog@nanog.org Subject: Re: Cogent outage? No issues seen in Orlando either. Nick Ols

RE: Cogent outage?

Evan, We are hearing reports of this from our customers as well. We connect to them in NY and Boston. Jeremiah Millay Network Engineer Vermont Telephone Co., Inc. Phone: 802 885-7796 Mobile: 802 289-2116 E-Mail: jmil...@vermontel.com -Original Message- From: Evan Moore [mailto:emo...@sove

Re: Cogent outage?

No visible issues in the DC area. On Thu, Dec 6, 2012 at 10:17 AM, Evan Moore wrote: > I may have seen this as well. I touch Cogent in Boston. > > Seems to be returning as of 1717 GMT. > > ERM > > Evan R Moore > Network Engineer > Sovernet Communications > > > -Original Message- > From

Re: Cogent outage?

No issues seen in Orlando either. Nick Olsen Network Operations (855) FLSPEED x106 From: "Steven Saner" Sent: Thursday, December 06, 2012 12:17 PM To: nanog@nanog.org Subject: Re: Cogent outage? On 12/06/2012 11:11 AM, Matthew Huff wrote: > About 10 mi

Re: Cogent outage?

Passing normal traffic in San Jose and Ashburn. On Thu, Dec 6, 2012 at 12:11 PM, Matthew Huff wrote: > About 10 minutes ago we stopped being able to pass traffic through cogent. I > de-peered us from Cogent, and everything appears > better. When I call cogent, all I get is a busy signal (must be

Re: TCP time_wait and port exhaustion for servers

This issue is for really for connections that close properly and without any issue. The application closes the socket and doesn't care about it; but the OS keeps it in the TIME_WAIT state as required by the RFC for TCP in case data tries to be sent after the connection has closed (out of order tra

RE: Cogent outage?

I may have seen this as well. I touch Cogent in Boston. Seems to be returning as of 1717 GMT. ERM Evan R Moore Network Engineer Sovernet Communications -Original Message- From: Matthew Huff [mailto:mh...@ox.com] Sent: Thursday, December 06, 2012 12:12 PM To: 'nanog@nanog.org' Subject

Re: Cogent outage?

On 12/06/2012 11:11 AM, Matthew Huff wrote: > About 10 minutes ago we stopped being able to pass traffic through cogent. I > de-peered us from Cogent, and everything appears > better. When I call cogent, all I get is a busy signal (must be a major > outage). Anyone else seeing anything? > Passi

Cogent outage?

About 10 minutes ago we stopped being able to pass traffic through cogent. I de-peered us from Cogent, and everything appears better. When I call cogent, all I get is a busy signal (must be a major outage). Anyone else seeing anything? Matthew Huff | 1 Manhattanville Rd Director

Re: TCP time_wait and port exhaustion for servers

Question: If a TCP connection is left hanging and continues to hoard the port for some time before it times out, shouldn't the work to be focused on finding out why the connection is not properly closed instead of trying to support a greater number of hung connections waiting to time out ?

Re: TCP time_wait and port exhaustion for servers

On 12/6/12 10:20 AM, Kyrian wrote: Also, if you are going to hack the kernel to make that change, I urge you to make it part of the sysctl mechanism as well, and to send a patch back to the kernel developers to help out others who might be in a similar situation to you. This is both to help th

Re: TCP time_wait and port exhaustion for servers

Quoting Ray Soucy : net.ipv4.tcp_keepalive_intvl = 15 net.ipv4.tcp_keepalive_probes = 3 net.ipv4.tcp_keepalive_time = 90 net.ipv4.tcp_fin_timeout = 30 As discussed, those do not affect TCP_TIMEWAIT_LEN. There is a lot of misinformation out there on this subject so please don't just Google for

Re: TCP time_wait and port exhaustion for servers

> net.ipv4.tcp_keepalive_intvl = 15 > net.ipv4.tcp_keepalive_probes = 3 > net.ipv4.tcp_keepalive_time = 90 > net.ipv4.tcp_fin_timeout = 30 As discussed, those do not affect TCP_TIMEWAIT_LEN. There is a lot of misinformation out there on this subject so please don't just Google for 5 min. and chim

Fwd: [Infowarrior] - Leaked: ITU's secret Internet surveillance standard discussion draft]

- Forwarded message from Richard Forno - > From: Richard Forno > Date: Thu, 6 Dec 2012 08:21:15 -0500 > To: Infowarrior List > Subject: [Infowarrior] - Leaked: ITU's secret Internet surveillance standard > discussion draft > > > Leaked: ITU's secret Internet surveillance standar

Re: TCP time_wait and port exhaustion for servers

This tunes conntrack, not local TCP on the server itself. On Wed, Dec 5, 2012 at 4:18 PM, Cyril Bouthors wrote: > On 5 Dec 2012, r...@maine.edu wrote: > >> Where there is no way to change this though /proc > > 10:17PM lenovo:~% sudo sysctl -a |grep wait > net.netfilter.nf_conntrack_tcp_timeout_f

Re: TCP time_wait and port exhaustion for servers

It does require a fixed source address. The box is also a router and firewall, so it has many IP addresses available to it. On Wed, Dec 5, 2012 at 5:24 PM, William Herrin wrote: > On Wed, Dec 5, 2012 at 5:01 PM, Mark Andrews wrote: >> In message >> , >> William Herrin writes: >>> The thing is

Re: TCP time_wait and port exhaustion for servers

On 5 Dec 2012, r...@maine.edu wrote: > Where there is no way to change this though /proc ... Those netfilter connection tracking tunables have nothing to do with the kernel's TCP socket handling. No, but these do... net.ipv4.tcp_keepalive_intvl = 15 net.ipv4.tcp_keepalive_probes = 3 net.i

Google Fiber - keeps you regular

http://www.youtube.com/watch?v=re0VRK6ouwI&feature=share you'll probably laugh so hard you won't even need the fiber

RE: /. ITU Approves Deep Packet Inspection

So is it recommended now to go over all the NGN core routers and restore them to default with: no lawful-intercept disable cmd? :) adam

Re: Any enterprise operators very happy with their MPLS providers?

Subject: Any enterprise operators very happy with their MPLS providers? Date: Wed, Dec 05, 2012 at 02:14:25PM + Quoting McCall, Gabriel (gabriel.mcc...@thyssenkrupp.com): > I'm getting ready to prepare an RFP for our next generation WAN, and would > like feedback from anyone else who has 100