Re: Traffic being directed at random infrastructure with pornhub.com host header (?)

On Sep 13, 2023, at 20:38, Drew Weaver wrote: Has anyone else recently seen a spike of port 80 traffic being sent at seemingly random IP addresses that include the Pornhub host header? It may be related to this:

Re: FastNetMon Usage in the wild

On 18 Oct 2023, at 19:49, Adam Thompson wrote: Sightline *Insight* is the piece the sales team won't sell me, and TAC won't support me, for deployment in our private-cloud environment Insight isn’t used for first-order DDoS detection/classification/traceback/mitigation; Sightline/TMS

Latest NETSCOUT DDoS Threat Intelligence Report published, no registration required.

This issue covers 1H2023, and the full report is available online: We make these findings freely available as a service to the operational community; feedback welcome. Again, no registration is required to view the full report online. A .pdf summary is

Re: FastNetMon Usage in the wild

On 11 Oct 2023, at 01:50, Adam Thompson wrote: you need to buy a moderately-expensive hardware server (they don’t let you virtualize it) To clarify, Sightline has supported virtualization for many years, FYI. I’m not aware of any anti-DDoS products at ISP scale that aren’t SFlow +

Re: AKAMAI, Re: Apple blocking all AS29852 iCloud traffic, residential gigabit last mile provider in NYC.

On 18 Aug 2023, at 08:28, Eric Kuhnke wrote: Additionally this appears to have a strong correlation with everything that is hosted by Akamai Edge. Akamai, we are a fairly mundane last mile operator… It might be a good idea to analyze your outbound traffic in order to determine if you/your

Re: Standard DC rack rail distance, front to back question

On 27 Apr 2023, at 20:51, Chuck Church mailto:chuckchu...@gmail.com>> wrote: Is there a ‘standard’ distance between front and back rails that devices usually adhere to? There isn’t a standard for rack depth, AFAIK, but one typically sees anywhere from 27in/69cm – 50in/127cm, in my

Re: Flow Tools AS-Path

On 4 Apr 2023, at 20:04, Mike Hammett mailto:na...@ics-il.net>> wrote: 2) I have seen flow tools that show the entire AS path. Are they just cherry picking which platforms they showcase for the best marketing, or are they enriching the data they receive from "lesser" platforms from an outside

Re: Flow Tools AS-Path

On 4 Apr 2023, at 21:48, Peter Phaal mailto:peter.ph...@gmail.com>> wrote: Export of destination AS-Path is supported in the sFlow extended_gateway structure. As a consumer of sFlow, [as well as NetFlow, IPFIX, etc.] I haven’t run into the use of this option in production, FWIW. In

Re: Strange IPSEC traffic

On Nov 14, 2023, at 00:12, Shawn L via NANOG wrote: The destination address is always one of our customer's ip addresses. Attackers will sometimes use synthetic ESP, AH, GRE, or other protocols in DDoS attacks, because organizations often only think about TCP/UDP/ICMP in terms of ACLs, DDoS