On 21 Nov 2014, at 12:08, Paul S. wrote:
> WANguard from andrisoft has worked well on this for us.
I believe the thread was focusing on open-source tools.
---
Roland Dobbins
WANguard from andrisoft has worked well on this for us.
It supports flow telemetry and mirrored ports both (We use flows
strictly), and does what it says it does.
No complaints.
On 11/21/2014 午後 12:00, Robert Duffy wrote:
I've been using NTOP for couple of years. I'm mostly looking for some
> Netflow is stateful stuff, and just to run it on wirespeed, on hardware,
> you need to utilise significant part of TCAM,
Cisco ASRs and MXs with inline jflow can do hundreds of K flows/second
without affecting packet forwarding.
> i am not talking that on some hardware it is just impossible t
Greetings,
We have recently added a second ISP (third if you count I2). Our first "ISP"
is actually a private state network that peers with two Tier 1 providers. We
own an AS number and our IP space but at the last minute learned our state
network is advertising our network using two differe
I've been using NTOP for couple of years. I'm mostly looking for something
that can quickly detect DDoS attacks in a datacenter environment. Thanks
for the suggestions. I"ll check them out.
On Thu, Nov 20, 2014 at 6:50 PM, Tim Jackson wrote:
> I highly recommend pmacct and it's in-memory tabl
Roland, you seem to have a lot of experience with these kinds of tools.
What open-source NetFlow analysis tools would you recommend for quickly
detecting a DDoS attack?
On Thu, Nov 20, 2014 at 5:12 PM, Roland Dobbins wrote:
>
> On 21 Nov 2014, at 6:22, Denys Fedoryshchenko wrote:
>
> Netflow is
Would also appreciate the clueful contact as I have the same experience
with going through the normal support escalation. Primarily interested in
the networking folk who are intimately familiar with the Adtran CPE they
ship to customers. The 'Engineers' shipped two devices with no gateways
configur
What happens when someone spoofs legitimate hosts that your customers use?
On Thu, Nov 20, 2014 at 3:36 PM, Pavel Odintsov
wrote:
> Hello, folks!
>
> I'm author of fastnetmon, thank you for some PR for my toolkit :)
>
> I use this tool for similar type of attacks and we do analyze all
> traffic
Sounds about on par with my experience so far.
We have a client who uses jive and we manage their network and when this
client opens tickets with jive, they get copy+pasted the exact same email
every time telling the client to make sure sip alg is disabled, check
firewall, etc. We have repeatedly
I highly recommend pmacct and it's in-memory tables. Lightweight, easy to
query and super fast.
You can also easily run multiple aggregates of traffic to find what you are
interested in, tag common interface types to easily filter traffic..
Or you can use pmacct to insert this into whatever datab
On 21 Nov 2014, at 9:19, Robert Duffy wrote:
What open-source NetFlow analysis tools would you recommend for
quickly
detecting a DDoS attack?
I generally recommend that folks get started with something like
nfdump/nfsen or ntop. There are other, more sophisticated tools out
there, but the
On 21 Nov 2014, at 6:22, Denys Fedoryshchenko wrote:
Netflow is stateful stuff,
This is factually incorrect; NetFlow flows are unidirectional in nature,
and in any event have no effect on processing of data-plane traffic.
and just to run it on wirespeed, on hardware, you need to utilise
s
Works for me, thanks.
I forgot exactly which IPs this was about right now though :)
On Fri, 21 Nov 2014 at 05:12 Siegel, David wrote:
>
> We decommissioned our rwhois server, but apparently we didn't get DNS
> cleaned up (which we'll do in the near future).
>
> The closest thing we have to that
We decommissioned our rwhois server, but apparently we didn't get DNS cleaned
up (which we'll do in the near future).
The closest thing we have to that is our whois server rr.level3.net, or if that
doesn't quite meet your needs, you can contact our security department at
ab...@level3.net.
Dav
On 2014-11-20 23:59, Roland Dobbins wrote:
On 21 Nov 2014, at 4:36, Pavel Odintsov wrote:
I tried to use netflow many years ago but it's not accurate enough and
not so fast enough and produce big overhead on middle class network
routers.
These statements are not supported by the facts. NetFl
On Thu, Nov 20, 2014 at 06:07:09PM -0500, Jay Ashworth wrote:
> He generally provides same-day service on email, but...
>
> Hope all is well.
Don't worry, he is alive and well. puck.nether.net is having some disk
issues hene a backlog on email.
- Job
He generally provides same-day service on email, but...
Hope all is well.
Cheers,
-- jra
Moderator @ outages
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Am I the only Network Admin wondering how this can happen and why its still
an issue if it was discovered in 2011?
Now I never worked in the Energy field so I am in the dark (pun intended I
guess) on how serious the Public utilities address these issues.
They should have redundant systems so they c
I put together a protocol framework in Node.js
https://www.npmjs.org/package/rwhois
Its still useful for some companies.
On Thu, Nov 20, 2014 at 2:49 PM, Jeff Walter wrote:
> It's nice to see someone is using RWHOIS. Back when I wrote the RWHOIS
> daemon for HE I spoke with Mark Kosters (one o
On 21 Nov 2014, at 4:36, Pavel Odintsov wrote:
I tried to use netflow many years ago but it's not accurate enough and
not so fast enough and produce big overhead on middle class network
routers.
These statements are not supported by the facts. NetFlow (and other
varieties of flow telemetry)
It's nice to see someone is using RWHOIS. Back when I wrote the RWHOIS
daemon for HE I spoke with Mark Kosters (one of the authors of RFC 2167). I
wish I still had the emails because at the time he was shocked anyone would
create software for something that no one really uses. I seem to recall him
Hello, folks!
I'm author of fastnetmon, thank you for some PR for my toolkit :)
I use this tool for similar type of attacks and we do analyze all
traffic from uplinks ports using port mirroring. You can look at this
network diagram:
https://raw.githubusercontent.com/FastVPSEestiOu/fastnetmon/mast
Larry Krone wrote:
I have a question that Godaddy support will not answer.
That actually seems odd - I've usually found them helpful. But that's
neither here nor there. See below...
My son moved a word press site to Godaddy from another host.
Apparently, unbeknowest to him, the
It won't do anything to another server. You won't get copies of messages
transferred with DNS changes.
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Nov 20, 2014 9:10 AM, "Larry Krone" wrote:
> I have a question that Godaddy support will not a
I have a question that Godaddy support will not answer.
My son moved a word press site to Godaddy from another host.
Apparently, unbeknowest to him, the original wordpress site was also the
email host.
The mail was moved from the old server to the new server but the email was
never prop
fyi:
On 11/20/2014 02:42 AM, cool hand luke wrote:
On 11/19/2014 07:29 PM, David Hubbard wrote:
Appears to have been resolved after seven hours. My ticket just says:
"We isolated the routing issue and resolved it.
The issue was due to a misconfiguration on one our core routers."
Now that the
Inspired by this thread (and other recent similar ones about how hard
it is to report abuse in the right format to the right people), I've
decided I'm going to start work on the Perl module presumed by this
gist ...
https://gist.github.com/PWBENNETT/18970413677c5df79c6a
Reporting network abuse sh
27 matches
Mail list logo