Re: BRAS/BNG Suggestion

2016-12-01 Thread Mark Tinka
On 29/Nov/16 20:33, Lorenzo Mainardi wrote: > Good morning, > Could you suggest some vendors of BRAS/BNG for PPPoE termination? > We have more than 20.000 users. > > In my short list there are already Juniper, Cisco and NOKIA/ALU. > Do you have any other honorable brand or good experiences?

Looking for some Quagga experience to discuss 32 bit ASN + community issue with

2016-12-01 Thread Eric Germann
Good evening, I’m looking for someone who’s familiar with Quagga and is using 32 bit ASN’s. Trying to do some work with communities with it and having no success. If you have some experience and would like to chat, email me off list or reply on-list if the demand is there. Basically trying

Re: Avalanche botnet takedown

2016-12-01 Thread Scott Weeks
--- r...@tristatelogic.com wrote: From: "Ronald F. Guilmette" In message <20161201124527.9be45...@m0087798.ppops.net>, sur...@mauigateway.com wrote: >What is your suggestion to keep the sky from falling? My full answer, if fully elaborated, would bore you and

Re: Avalanche botnet takedown

2016-12-01 Thread Robert McKay
I'm just assuming this because it doesn't say anywhere, but given the context it seems likely to me that almost none of the 90 domains were actually registered. It sounds more likely that they figured out how the domain generation algorithm works and instructed the registries to block out

Re: Avalanche botnet takedown

2016-12-01 Thread Ronald F. Guilmette
In message <20161201205647.ga8...@gsp.org>, Rich Kulawiec wrote: >2. As an aside, I've been doing a little research project for a >few years, focused on domains. I've become convinced that *at least* >99% of domains belong to abusers: spammers, phishers, typosquatters, >malware

Re: Avalanche botnet takedown

2016-12-01 Thread Ronald F. Guilmette
In message <20161201124527.9be45...@m0087798.ppops.net>, sur...@mauigateway.com wrote: >What is your suggestion to keep the sky from falling? My full answer, if fully elaborated, would bore you and everybody else to tears, so I'll try to give you an abbreviated version. It seems to be that it

Re: Avalanche botnet takedown

2016-12-01 Thread Rich Kulawiec
On Thu, Dec 01, 2016 at 03:02:30PM -0600, J. Hellenthal wrote: > 99% ? That's a pretty high figure there. Yeah. I thought so too. For the first ten years. Now I think it's not nearly high enough. Let me give you three examples -- the three that happen to be occupying my attention at the

RE: Avalanche botnet takedown

2016-12-01 Thread Steve Mikulasik
We need a cost effective and performant way of blocking botnet traffic in SP networks. Fact is the only way to enforce network policy is from within the network. Laws, putting the onous on users, notifying infected users, etc will never work. We can't expect to solve them all, but at least make

Re: Avalanche botnet takedown

2016-12-01 Thread Justin Paine via NANOG
straight from the horse's mouth -- they said "99.99% of the 900,000 domains" have been sinkholed. Justin Paine Head of Trust & Safety Cloudflare Inc. PGP: BBAA 6BCE 3305 7FD6 6452 7115 57B6 0114 DE0B 314D On Thu, Dec 1, 2016 at 1:02 PM, J. Hellenthal

Re: Avalanche botnet takedown

2016-12-01 Thread J. Hellenthal
99% ? That's a pretty high figure there. -- Onward!, Jason Hellenthal, Systems & Network Admin, Mobile: 0x9CA0BD58, JJH48-ARIN On Dec 1, 2016, at 14:56, Rich Kulawiec wrote: > On Thu, Dec 01, 2016 at 05:34:26PM -, John Levine wrote: > [...] 800,000 domain names used

Re: Avalanche botnet takedown

2016-12-01 Thread Rich Kulawiec
On Thu, Dec 01, 2016 at 05:34:26PM -, John Levine wrote: > [...] 800,000 domain names used to control it. 1. Which is why abusers are registrars' best customers and why (some) registrars work so very hard to support and shield them. 2. As an aside, I've been doing a little research project

Re: Avalanche botnet takedown

2016-12-01 Thread Scott Weeks
--- r...@tristatelogic.com wrote: From: "Ronald F. Guilmette" The Internet, viewed as an organism, quite clearly has, at present, numerous autoimmune diseases. It is attacking itself. And its immune system, such as it is, clearly ain't working. There's going to come

Re: Avalanche botnet takedown

2016-12-01 Thread Paul Ferguson
> P.S. WTF is "double fast flux[tm]”? Double fast-flux is when not only the TTL is set very low on the A record(s), bit also on the NS: https://en.wikipedia.org/wiki/Fast_flux - ferg > On Dec 1, 2016, at 12:38 PM, Ronald F. Guilmette > wrote: > > > In message

Re: Avalanche botnet takedown

2016-12-01 Thread Ronald F. Guilmette
In message <20161201173426.2861.qm...@ary.lan>, "John Levine" wrote: >More info here: > >https://www.europol.europa.eu/newsroom/news/%E2%80%98avalanche%E2%80%99-network-dismantled-in-international-cyber-operation I'm always happy when even a small handful of miscreants are

Re: Avalanche botnet takedown

2016-12-01 Thread anthony kasza
>From my understanding Avalanche wasn't a single botnet but was high availability infrastructure used by multiple different families/operators. -AK On Dec 1, 2016 10:37 AM, "John Levine" wrote: > Avalanche is a large nasty botnet, which was just disabled by a large >

Avalanche botnet takedown

2016-12-01 Thread John Levine
Avalanche is a large nasty botnet, which was just disabled by a large coordinated action by industry and law enforcement in multiple countries. It was a lot of work, involving among other things disabling or sinkholing 800,000 domain names used to control it. More info here:

Re: 10G switch drops traffic for a split second

2016-12-01 Thread Marian Ďurkovič
On Wed, Nov 30, 2016 at 11:58:06AM -0500, Lee wrote: > On 11/30/16, Mikael Abrahamsson wrote: > > If your switch is the typical small-buffered-switch that has become more > > and more common the past few years, then the entire switch might have > > buffer to keep packets for