Dark Fiber in Latin America
All, I'm looking for some general information of a dark fiber provider in latin america countries namely Nicaragua and Costa Rica. Any info is greatly appreciated. Please contact me off list. thanks, -Beavis -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/
Re: First! [?]
happy new year. On Tue, Dec 31, 2013 at 11:45 PM, Bryan Tong cont...@nullivex.com wrote: Happy New Year guys! On Tue, Dec 31, 2013 at 10:38 PM, jamie rishaw j...@arpa.com wrote: Happy New Year to all, and to all a good lawful interception. -- eSited LLC (701) 390-9638 -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/
Re: Radware vs Arbor
For a DDoS solution; my experience leans on arbor's peakflow and their partnership with other upstream carrier's (Level3, Peer1, etc.) which makes sense since most of the attacks are distributed having recon work done by an organization like arbor makes you only worry about the attack types that come into your network and not much the top part complexities of it. I am in no relationship with arbor or any of it's employees. this is solely based on my knowledge of the product. regards, -Beavis On Thu, Sep 26, 2013 at 10:47 AM, Tempest tempestter...@gmail.com wrote: Doing a bunch of research, and I can't find a meaningful comparison of these two products. Work for a carrier, and I am looking at implementing a DDoS mitigation service that we can sell to our customers. Radware is cheaper, but I am seeing a lot of noise in various forums that makes me question their viability for what we need. Arbor has most of the market, and I assume there is good reason for it. Both companies seem to be very deceptive about how they compare to the other. Anyone out there with good hands on experience that can compare? Not interested in input from either company, we get plenty of that already. Good experience, or links to good write ups would be excellent... Davis B. -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/
Re: DNS Reliability
I go with 99.999% given that you have a good number of DNS Servers (anycasted). On Thu, Sep 12, 2013 at 9:03 PM, Phil Fagan philfa...@gmail.com wrote: Everything else remaining equal...is there a standard or expectation for DNS reliability? 98% 99% 99.5% 99.9% 99.99% 99.999% Measured in queries completed vs. queries lost. Whats the consensus? -- Phil Fagan Denver, CO 970-480-7618 -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/
Need someone from telia NOC Ops
Hi, Can someone from telia.net ops contact me offlist please. thank you, Beavis. $ traceroute www.cnn.com traceroute to www.cnn.com (157.166.249.11), 30 hops max, 60 byte packets 1 190.106.69.113 (190.106.69.113) 16.792 ms 17.686 ms 18.049 ms 2 186.32.189.69 (186.32.189.69) 103.475 ms 103.676 ms 103.796 ms 3 mai-noa-I1-link.telia.net (213.248.72.161) 101.505 ms 101.635 ms 106.750 ms 4 atl-bb1-link.telia.net (80.91.251.28) 106.466 ms atl-bb1-link.telia.net (80.91.245.43) 103.891 ms atl-bb1-link.telia.net (80.91.251.28) 106.578 ms 5 level3-ic-149649-atl-bb1.c.telia.net (80.239.167.74) 88.384 ms 88.397 ms 88.628 ms 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/
Mikrotik visibility
Hello All, I would like to ask if there are any folks out there that use any specific tool (OpenSource/Closed) that is used for mikrotik routers. I need packet visibility (ala netflow) or anything similar to that effect. any suggestions are greatly appreciated. cheers, -Beavis -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/
Re: Mikrotik visibility
thanks all this is a good start. regards, -Beavis On Tue, Apr 2, 2013 at 8:22 PM, Yang Yu yang.yu.l...@gmail.com wrote: I am using Plixer Scrutinizer Flow Analyzer with RouterOS. It does have cool looking web panel. But some interfaces (instance 0, instance 1 etc.) reported doesn't exactly match up with interfaces in RouterOS. I haven't figured out what exactly those are. Yang -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/
NAPA link from Latin America
hello all, would like to politely ask if there are any folks from the NAPA here. Would you be so kind as to contact me off-list. many thanks, -Beavis -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/
Re: Ddos mitigation service
+1 on Dosarrest, not so crazy price, used them before their support is awesome. Used to be called whypigsfly, heard that some of their techniques of mitigation we're used by prolexic as well. I'm not a sales rep. nor will I ever be. On Fri, Feb 1, 2013 at 10:28 AM, Joseph Chin l-na...@iodi.se wrote: From my personal experience, I am a fan of pure-play DDoS mitigation service providers (e.g. Prolexic, Dosarrest) because they are the least likely to give up on you when things get real difficult. Read the SLA careful to make sure it is fit for your purpose. -Original Message- From: James Thomas [mailto:j...@nimblesec.com] Sent: Friday, February 01, 2013 3:49 PM To: nanog@nanog.org Subject: Re: Ddos mitigation service Hi Pierre, Thank you for your interesting note. On 01/02/2013 09:57, Pierre Lamy wrote: The 3 major scrubbing vendors: Prolexic Verisign Akamai IIRC, CloudFlare claims to the same capcity of DDOS mitigation as Prolexic (500gb) and also has a free option with fewer scrubbing features. Do you have experience with it, or is there some other reason to have excluded it from your list? I apologize for my noobish question. Cheers, James -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/
Re: IP Address Management IPAM software for small ISP
+1 for ipplan http://iptrack.sourceforge.net/ -Ed On Thu, Dec 13, 2012 at 4:10 AM, Aftab Siddiqui aftab.siddi...@gmail.com wrote: Kindly search the archives for many threads on the same subject, which should be the normal practice. nevertheless, IPPlan, PHPIP, PHPIPAM are good enough as per the need. The first one I assume should serve your purpose for both v4 and v6. Regards, Aftab A. Siddiqui On Thu, Dec 13, 2012 at 6:22 AM, Eric A Louie elo...@yahoo.com wrote: I'm looking for IPAM solutions for a small regional wireless ISP. There are 4 Tier 2 personnel and 2 NOC technicians who would be using the tool, and a small staff of engineers. They have regionalized IP addresses so blocks are local, but there are subnets that are global. don't care if it's a linux or windows solution. Need to be able to migrate from FreeIPdb (yes, I know, it's a dinosaur) We're not dealing with a lot now, but the potential for growth is pretty high. What are you using and how is it working for you? Much appreciated, Eric -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/
Re: About CISCO ASR 1006 router performance.
suggest go to http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf On Tue, Mar 20, 2012 at 5:29 AM, Md.Jahangir Hossain jrjahan...@gmail.com wrote: Dear valued member: Wishes all are fine. i need suggestion from you about CISCO ASR 1006 router performance. i want to buy this router for IP Transit provider where i received all global routes . it would be nice please put your valued suggestion about this issue. Thanks -- Jahangir* * -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/
Re: ASA log viewer
+1 here i use splunk for sorting out logs pretty cool tool. easy to install. On Sat, Nov 19, 2011 at 7:30 PM, Mike Lyon mike.l...@gmail.com wrote: Check out Splunk (www.splunk.com) -mike Sent from my iPhone On Nov 19, 2011, at 16:51, Duane Toler deto...@gmail.com wrote: Hey NANOG! My employer is deploying CIsco ASA firewalls to our clients (specifically the 5505, 5510 for our smaller clients). We are having problems finding a decent log viewer. Several products seem to mean well, but they all fall short for various reasons. We primarily use Check Point firewalls, and for those of you with that experience, you know the SmartViewer Tracker is quite powerful. Is there anything close to the flexibility and filtering capabilities of Check Point's SmartView Tracker? For now, I've been dumping the logs via syslog with TLS using syslog-ng to our server, but that is mediocre at best with varying degrees of reliability. The syslog-ng server then sends that to a perl script to put that into a database. That allows us to run our monthly reports, but that doesn't help us with live or historical log parsing and filtering (see above, re: SmartView Tracker). If a customer called to help us troubleshoot connection issues over the past few days, there's no way to review the logs and figure out what happened back then. Every CCIE we've talked to, and Cisco themselves, seem to not care about firewall traffic logs or the ability to parse and review them. We know about Cisco Security Center, but that seems incapable of handling logs, etc. CS-MARS would've been great, but that's overpriced and now discontinued anyway. We'd hate to spend the time writing our own app if there's a viable product already available (we're willing to pay a reasonable price for one, too). Any ideas? Thanks!! -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/
Re: events
We use splunk works ok except with the amount of text data you can process with it (depends on license). -B On Fri, Sep 30, 2011 at 7:50 AM, harbor235 harbor...@gmail.com wrote: What is everyone using to collect, alert, and analyze syslog data? I am looking for something that can generate reports as well as support multiple vendors. We have done some home grown stuff in the past but would be interested in something that incorprates all the best features. Soalrwinds, splunk, fwanalog, and others come to mind, any other good ones out there? Mike -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/
Net-Neutrality or Net-Neutered?
I come across this interesting link. http://blogs.techrepublic.com.com/security/?p=4828tag=nl.e036 Is ICANN really that susceptible to govt. pressure? I only see chaos ahead specially with ipv6 coming into the scene. -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/
Re: Net-Neutrality or Net-Neutered?
we'll if ICANN't .. maybe HECANN (*trying out humor*). this idea of second internet doesn't make sense. icann alone is already a handful. On Tue, Dec 14, 2010 at 10:50 PM, Ken k...@sizone.org wrote: On Tue, Dec 14, 2010 at 10:20:17PM -0600, Beavis said: I come across this interesting link. http://blogs.techrepublic.com.com/security/?p=4828tag=nl.e036 Is ICANN really that susceptible to govt. pressure? Funny, tho - being succeptible to govt pressure CREATES an alt root DNS structure. You'd think the smart thinkers in the govt woulda figured that out. Apply pressure and it splinters. Sometimes easier to supervise if its in one pile, no? Also, new DNS = whole new internet? lol. /kc -- Ken Chase - k...@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W. -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/
Re: LOIC tool used in the Anonymous attacks
Interesting.. there's an ED about LOIC http://encyclopediadramatica.com/LOIC it even gives a instruction on how to deny the use of the tool: (funny) What if I get caught and Vd? You probably won't. It's recommended that attack with over 9000 other anons while attacking alone pretty much means doing nothing. If you are a complete idiot and LOIC a small server alone, there is a chance of getting V. No one will bother let alone have the resources to deal with DDoS attacks that happens every minute around the world. Then theres always the botnet excuse. Just say your pc was infected by a botnet and you have since ran antivirus programs and what not to try to get rid of it. Or just say you have NFI what a DDoS is at all. PROTIP: If you do get V: ALWAYS deny it, Explain it was botnet, Say you have dynamic IP and that they have the wrong guy. Also, epic lolz will be achieved because you are a fag. DDOS ONLY IN GROUPS On Sat, Dec 11, 2010 at 9:19 AM, Marshall Eubanks t...@multicasttech.com wrote: Interesting analysis of the 3 LOIC tool variants used in the Anonymous Operation Payback attacks on Mastercard, Paypal, etc. http://www.simpleweb.org/reports/loic-report.pdf LOIC makes no attempt to hide the IP addresses of the attackers, making it easy to trace them if they are using their own computers. Regards Marshall -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/
Re: U.S. officials deny technical takedown of WikiLeaks
++ Enough already...this is not a political list -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/
Re: Interesting IPv6 viral video
lol... Is this video by cisco? what a funny way to mis-inform non-tech folks. On Thu, Oct 28, 2010 at 2:08 PM, Zaid Ali z...@zaidali.com wrote: Not quite accurate and a bit too dramatic on the panic side but the approach is interesting to put C-Level folks in the hot seat about v6. Would be interesting also to see if folks here get asked by C-Level folks bout IPv6. http://www.youtube.com/watch?v=eYffYT2y-Iw Zaid -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Re: Interesting IPv6 viral video
haha... definitely like this!!! :D On Thu, Oct 28, 2010 at 3:38 PM, Jay Hennigan j...@west.net wrote: On 10/28/10 2:32 PM, Zaid Ali wrote: On 10/28/10 2:24 PM, Beavis pfu...@gmail.com wrote: lol... Is this video by cisco? what a funny way to mis-inform non-tech folks. Yes it is. When do marketing people get it right? I actually think the fun hasn't begun yet. Wait till CNN/FOX etc makes this a big issue and claim the internet is going to come to an end then folks with clue will have to go on TV and calm the hysteria. Like this? http://www.youtube.com/watch?v=QAUyaELfwBo -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Re: DDOS attack via as702 87.118.210.122
whois on 702(Verizon) http://www.robtex.com/as/as702.html goodluck. On Tue, Oct 26, 2010 at 5:51 AM, Serg Shubenkov s...@macomnet.net wrote: Hello, list. Please send me off-list abuse contact for as702. -- Serg Shubenkov, MAcomnet, Internet Dept., Head of Inet Department phone: +7 495 7969392/9079, +7 916 5316625, mailto:s...@macomnet.net icq uin: 101964103, Skype: serg.v.shubenkov -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Re: Tools for teaching users online safety
I use this for the kids.. http://www.hectorsworld.com/island/index.html On Mon, Oct 25, 2010 at 7:13 PM, Alex Thurlow a...@blastro.com wrote: I'm trying to find out if there are currently any resources available for teaching people how to be safe online. As in, how to not get a virus, how to pick out phishing emails, how to recognize scams. I'm sure everyone on this list knows these things, but a lot of end users don't. I'm trying to find a way to teach these things to people who aren't too technically savvy. It seems to me that the fewer end users that have issues, the easier our lives will be. So what I'm trying to figure out is, is there a good site or set of sites for this stuff, or is there anyone out there interested in helping to build a unified list of instructions, videos, etc. for all this? -- Alex Thurlow Blastro Networks http://www.blastro.com http://www.roxwel.com http://www.yallwire.com -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Re: Facebook Issues/Outage in Southeast?
are they down coz of DDoS? On Thu, Sep 23, 2010 at 2:04 PM, Cameron Byrne cb.li...@gmail.com wrote: IPv6 seems to be working fine for me www.v6.facebook.com :) Cameron == http://groups.google.com/group/tmoipv6beta === -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Re: Copyright Enforcement DoS/DDoS Attacks
man.. this guy is retarded.. good luck posing your company, face and such. lol
Re: Partial Use Of one Regions IP Block in another
From my experience with the provider I have, when I try to acquire IP space to let's say on the RIPE side (Im on the LACNIC side) for reasons like greater visibility (some how). I believe that RIPE requires me to have a company registered on the EMEA side or have my provider place it for me. but i guess when i disengage with that provider, I may need to give back the IP space they have provided me. On Thu, May 20, 2010 at 6:06 AM, Net funky...@gmail.com wrote: Hi folks, Are there any policies set by internet registries and/or transit providers today that prohibits organizations from using a Partially used IP Block allocated in one region say AP through APNIC to be comissioned and Propagated in another region such as EMEA serviced by RIPE?. Obv, the best approach would be to acquire a new Block in the 2nd region through its own registry, but sometimes due to strict prvisioning timelines, legal delays in getting the necessary approvals involved etc make this option less attractive. From an IPV4 space depletion perspective as well, it might be feasible if organizations having a large block in one region could split it amongst multiple regions to prevent Wastage. Any thoughts/expereinces and feedback would be appreciated. Regards, -- Sent from my mobile device -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Re: BGP hijack from 23724 - 4134 China?
Is it possible for you to share that filter list you have for china? im getting bogged down by those ssh-bruts as well coming in from china. -B On Thu, Apr 8, 2010 at 2:36 PM, Brielle Bruns br...@2mbit.com wrote: On 4/8/10 2:23 PM, Jay Hennigan wrote: We just got Cyclops alerts showing several of our prefixes sourced from AS23474 propagating through AS4134. Anyone else? aut-num: AS23724 as-name: CHINANET-IDC-BJ-AP descr: IDC, China Telecommunications Corporation country: CN aut-num: AS4134 as-name: CHINANET-BACKBONE descr: No.31,Jin-rong Street descr: Beijing descr: 100032 country: CN -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV I'm starting to wonder if someone is 'testing the waters' in China to see what they can get away with. I hate to be like this, but there's a reason why I have all of China filtered on my routers. Amazing how much SSH hammering, spam, and other nastiness went away within minutes of the filtering going in place. There comes a point where 'accidental' and 'isolated incident' become we no care and spam not illegal. And no, i'm not quoting that to mock, but rather repeat exactly what admins in China send to me in response to abuse reports and blocking in the AHBL. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Re: Best Practice: 2routers, 2isp, 1AS
I'll do some digging on interface tracking for cisco gear. thanks On Wed, Apr 7, 2010 at 8:06 AM, Dylan Ebner dylan.eb...@crlmed.com wrote: You can still use vrrp in the inside. We have a similar configuration to what you have defined. Two routers, 4 ISPs, BGP annoucing 2 /24's. We get partial routes and prepend on 3 of the isps to only use our primary. Our primary is delivered via fiber and the backup isps are delivered via copper ethernet. We use interface tracking with reachability to determine if we are having a problem with one of our downstreams. This way, if we still have a link light, but no traffic flow we can detect and adjust accordingly. Dylan -Original Message- From: Beavis [mailto:pfu...@gmail.com] Sent: Wednesday, April 07, 2010 12:42 AM To: nanog@nanog.org Subject: Re: Best Practice: 2routers, 2isp, 1AS thanks for the reply brian. :) sorry for a bit lack on the info, I was thinking of using VRRP. but my 2 links are running on different interface-types isp1 runs via ethernet while the other is on an ATM interface. I only have 1 router that has an ATM interface. setting it to VRRP would cause me problems if it was a physical failure. I have a small /24 to advertise on my AS. I'll go and check on the Performance Based Routing you recommend. thanks, -b On Tue, Apr 6, 2010 at 11:25 PM, Brian Feeny bfe...@mac.com wrote: There are alot more questions that need to be asked. Like how much address space do you have to announce? What routes are you getting from each ISP? Assuming you are an end user, and knowing the very limited information I know at this point, I would make sure that these two routers LAN interfaces are in some sort of transit vlan/subnet with my downstream router, which would also be participating in iBGP. Alternately you could have that router do VRRP/HSRP with your two border routers, but I prefer iBGP. I would then setup both routers using OER (Optimized Edge Routing, i think now known as Performance Based Routing), to handle outbound. You could just announce your /24 out each provider (assuming that's what you had) to handle inbound, or if you have larger than that you could announce the aggregate out both and more specifics out each to do some type of balancing. Its hard to say there is a best practice here, as there are so many scenarios. I will say that I like OeR/PfR for edge customers who are dual homed. BGP is very arbitrary, and its nice to have some real metrics that mean something to play with :) Brian On Apr 7, 2010, at 1:14 AM, Beavis wrote: Greetings! Want to ask out anybody on the list about a best practice of the setup below: - 2 ISP's (A B) - 2 Routers (A B) I want Router-A for ISP-A, Router-B for ISP-B and have Router-A Router-B talk and be able to pass routes on each side in an event of a physical failure on one of the Routers. I was planning at first to setup a multi-home BGP, but I want to have physical redundancy as well. ASCII-diag =--[RouterA]--isp1(bgp) L | A iBGP N | =--[RouterB]--isp2(bgp) Any recommendation would awesomely appreciated. -B -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Re: Finding content in your job title
Nathan, CIJ (Chief Internet Janitor) is kinda catchy ;) and this best describe my line of work. Keeping the company's Internet clean.. or when a mess is done already. But at the end of the day regardless of one's fancy title. there is still the work ... if you love it stay with it. my 0.002nc On Tue, Mar 30, 2010 at 9:30 PM, Nathan Ward na...@daork.net wrote: On 31/03/2010, at 4:26 PM, Steve Bertrand wrote: On 2010.03.30 23:20, Jorge Amodio wrote: I'd say that probably around here for those like me that have been in operations/engineering management positions we don't give a squat about what title your biz card says you have, your actions and performance speak by themselves. There are no kings around here so titles most of the time are worthless. By asking what title may impress others is sort of a -1 to start. It isn't about impression. I'd put 'janitor' on my business card for all I really care. I'm pretty sure Jonny Martin was Chief Internet Janitor in his previous role. He cleaned the tubes so the sewage could flow. -- Nathan Ward -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Best Practice: 2routers, 2isp, 1AS
Greetings! Want to ask out anybody on the list about a best practice of the setup below: - 2 ISP's (A B) - 2 Routers (A B) I want Router-A for ISP-A, Router-B for ISP-B and have Router-A Router-B talk and be able to pass routes on each side in an event of a physical failure on one of the Routers. I was planning at first to setup a multi-home BGP, but I want to have physical redundancy as well. ASCII-diag =--[RouterA]--isp1(bgp) L| A iBGP N| =--[RouterB]--isp2(bgp) Any recommendation would awesomely appreciated. -B -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Re: Best Practice: 2routers, 2isp, 1AS
thanks for the reply brian. :) sorry for a bit lack on the info, I was thinking of using VRRP. but my 2 links are running on different interface-types isp1 runs via ethernet while the other is on an ATM interface. I only have 1 router that has an ATM interface. setting it to VRRP would cause me problems if it was a physical failure. I have a small /24 to advertise on my AS. I'll go and check on the Performance Based Routing you recommend. thanks, -b On Tue, Apr 6, 2010 at 11:25 PM, Brian Feeny bfe...@mac.com wrote: There are alot more questions that need to be asked. Like how much address space do you have to announce? What routes are you getting from each ISP? Assuming you are an end user, and knowing the very limited information I know at this point, I would make sure that these two routers LAN interfaces are in some sort of transit vlan/subnet with my downstream router, which would also be participating in iBGP. Alternately you could have that router do VRRP/HSRP with your two border routers, but I prefer iBGP. I would then setup both routers using OER (Optimized Edge Routing, i think now known as Performance Based Routing), to handle outbound. You could just announce your /24 out each provider (assuming that's what you had) to handle inbound, or if you have larger than that you could announce the aggregate out both and more specifics out each to do some type of balancing. Its hard to say there is a best practice here, as there are so many scenarios. I will say that I like OeR/PfR for edge customers who are dual homed. BGP is very arbitrary, and its nice to have some real metrics that mean something to play with :) Brian On Apr 7, 2010, at 1:14 AM, Beavis wrote: Greetings! Want to ask out anybody on the list about a best practice of the setup below: - 2 ISP's (A B) - 2 Routers (A B) I want Router-A for ISP-A, Router-B for ISP-B and have Router-A Router-B talk and be able to pass routes on each side in an event of a physical failure on one of the Routers. I was planning at first to setup a multi-home BGP, but I want to have physical redundancy as well. ASCII-diag =--[RouterA]--isp1(bgp) L | A iBGP N | =--[RouterB]--isp2(bgp) Any recommendation would awesomely appreciated. -B -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
ip capacity provider
All, I know this is a long shot, but can anyone help me out on getting in touch with carriers in Miami FL. one that can pass ip traffic into latin america?. any help would be greatly appreciated. thanks, -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Re: Gmail Down?
mine is showing up temporarily unable to access your contacts mail seems to work ok. On Thu, Sep 24, 2009 at 9:08 AM, Chris Gotstein ch...@uplogon.com wrote: Anyone else seeing Google's Gmail down right now? Seems to have been down since 10am CST. We are connected through Chicago. downforeveryoneorjustme.com is also reporting it's down. -- Chris Gotstein, Sr Network Engineer, UP Logon/Computer Connection UP http://uplogon.com | +1 906 774 4847 | ch...@uplogon.com -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Re: Minnesota to block online gambling sites?
Hi, I host some gambling sites (off-shore) and I would like to get some info on how i can put minnesota IP blocks on my Filter-List to comply with their 'wacked politics' -beavis On Wed, Apr 29, 2009 at 3:38 PM, Ken Gilmour ken.gilm...@gmail.com wrote: Hi there, I am just wondering if anyone knows any more about the attempt by Minnesota to block online gambling companies other than what's publicly available (e.g. http://www.gambling911.com/gambling-news/minnesota-regulators-try-block-access-gambing-sites-042909.html)? Such as a list or the letter to the providers? Thank you! Ken -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
REVERSE DNS Practices.
hi, I want to ask some folks out there that maintain reverse DNS queries of their respective IP blocks. I want to know if there is a need for me to contact my upstream provider. I am in charge of 2 /24's under LACNIC. I've already registered my DNS servers on LACNIC. but for some weird reason it's not owning reverse resolves. any tips would be gladly appreciated. thanks, b -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Re: ARCOS Outage
I ran through ARCOS(CN) and I didn't get any connectivity disruption yesterday. On Fri, Dec 5, 2008 at 5:49 AM, Reginald CHAUVET ( H ) [EMAIL PROTECTED] wrote: This is my first post on this list. Does anyone on the list knows what happened with the ARCOS submarine cable last night? Last night at 07H14PM Two out of the Three ISP from HAITI connected to the internet backbone on the ARCOS submarine cable through the Dominican Republic at Puerto Plata, experienced a complete outage of internet connectivity. The connectivity was re-established at 10H46PM when the traffic was re-routed through the Antillas submarine cable through Puerto Rico. As we have no direct contact with ARCOS and are buying internet connectivity through operators in the Dominican Republic, it is difficult to obtain clear information as to what exactly happened and or what is the problem. Any info is appreciated. Thanks Reggie Reginald CHAUVET, Ing. President HAICOM Haiti Communications, S.A. 10, Delmas 29; Port-au-Prince, HAITI, HT-6120 011-509-246-2068 Office 011-509-246-2309 Fax 011-509-410-0044 Mobile GSM 011-509-510-0044 Mobile CDMA 305-888-7336 VoIP [EMAIL PROTECTED]
Re: ARCOS Outage
for the guy that will replace the card RoadTrip!!! lol On Fri, Dec 5, 2008 at 8:31 AM, Alex Rubenstein [EMAIL PROTECTED] wrote: I wonder if having a spare card there would have been cheaper than this outage and resulting flights and labour? Yup, there is a defective card in the Bahamas. They should be flying in this morning to have it replaced. It's been out since yesterday evening.
Re: the attack continues..
I'm hosting the company's site and we're not running any type of promotions other than the ones that we have. this is a typical scenario for sites that host these type of content to get attacked. If only i can get through one of those IP's and get the program that's running on them (bot) that will give me a clue where it goes. Attacker IP's these guys are just persistent they are trying to hit port 80 on a dns box. 92.124.174.10 89.252.28.60 91.124.110.98 98.25.64.170 92.112.229.94 75.186.69.225 89.113.48.227 87.103.174.101 84.47.161.244 89.169.111.90 92.112.145.158 85.141.238.233 91.202.109.72 89.222.217.116 193.109.241.45 212.192.251.11 213.252.64.74 91.200.8.6 92.113.10.101 200.11.153.142 80.55.213.118 200.43.3.153 On Sat, Oct 18, 2008 at 12:59 PM, Jay Coley [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Frank Bulk wrote: The website is http://www.betmania.com/; and when I try to connect to it I get Database Error: Unable to connect to the database:Could not connect to MySQL. It's not unusual for betting sites to be DDoSed for ransom. Also competition (rival companies) based attacks are extremely common in the gambling/betting industry as well these days. Are you running any special promotions at the same time as your competition? - --J Frank -Original Message- From: Jay Hennigan [mailto:[EMAIL PROTECTED] Sent: Saturday, October 18, 2008 10:24 AM To: NANOG list Subject: Re: the attack continues.. Beavis wrote: Hello Lists, I'm still getting attacked and most of the IP's i got have been reported. and just this morning it looks as if someone is testing my network. and sending out short TCP_SESSION requests. now i may be paranoid but this past few days have been hell.. just want to know if the folks from these ip's can help me out. Attacker IP,Attacker Port,Victim IP,Victim Port,Attack Type,Start Time,Extra Info 205.188.116.7,47198,200.0.179.73,80,TCP_SESSION,2008-10-18 14:20:48,Filtered IP: Dropped packets: 3 Dropped bytes: 156 205.188.117.134,45379,200.0.179.73,80,TCP_SESSION,2008-10-18 14:20:48,Filtered IP: Dropped packets: 0 Dropped bytes: 0 205.188.117.137,42257,200.0.179.73,80,TCP_SESSION,2008-10-18 14:20:48,Filtered IP: Dropped packets: 0 Dropped bytes: 0 75.105.128.38,4092,200.0.179.73,80,TCP_SESSION,2008-10-18 14:20:48,Filtered IP: Dropped packets: 0 Dropped bytes: 0 First 3 IP's come from AOL, I'll try to see if I can get their attention. Last IP is from a Wildblue Communications WBC-39. Beavis, you're running a web server on 200.0.179.73, some sort of gambling site. Those who operate web servers generally expect traffic to TCP port 80. If you're not aware that you have a web server running, then it is most likely your machine that is infected with a bot. -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkj6MisACgkQETh+0NgvOtFHnwCfRYCU4VwNmQRXABtgem4wmWhX gD8AnRSxyfM67NJKGiYVn1MNYNQ5eaSO =J0JL -END PGP SIGNATURE-
Re: the attack continues..
overall .. sorry list for putting out such a noise. -John On Sat, Oct 18, 2008 at 1:52 PM, Beavis [EMAIL PROTECTED] wrote: I'm hosting the company's site and we're not running any type of promotions other than the ones that we have. this is a typical scenario for sites that host these type of content to get attacked. If only i can get through one of those IP's and get the program that's running on them (bot) that will give me a clue where it goes. Attacker IP's these guys are just persistent they are trying to hit port 80 on a dns box. 92.124.174.10 89.252.28.60 91.124.110.98 98.25.64.170 92.112.229.94 75.186.69.225 89.113.48.227 87.103.174.101 84.47.161.244 89.169.111.90 92.112.145.158 85.141.238.233 91.202.109.72 89.222.217.116 193.109.241.45 212.192.251.11 213.252.64.74 91.200.8.6 92.113.10.101 200.11.153.142 80.55.213.118 200.43.3.153 On Sat, Oct 18, 2008 at 12:59 PM, Jay Coley [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Frank Bulk wrote: The website is http://www.betmania.com/; and when I try to connect to it I get Database Error: Unable to connect to the database:Could not connect to MySQL. It's not unusual for betting sites to be DDoSed for ransom. Also competition (rival companies) based attacks are extremely common in the gambling/betting industry as well these days. Are you running any special promotions at the same time as your competition? - --J Frank -Original Message- From: Jay Hennigan [mailto:[EMAIL PROTECTED] Sent: Saturday, October 18, 2008 10:24 AM To: NANOG list Subject: Re: the attack continues.. Beavis wrote: Hello Lists, I'm still getting attacked and most of the IP's i got have been reported. and just this morning it looks as if someone is testing my network. and sending out short TCP_SESSION requests. now i may be paranoid but this past few days have been hell.. just want to know if the folks from these ip's can help me out. Attacker IP,Attacker Port,Victim IP,Victim Port,Attack Type,Start Time,Extra Info 205.188.116.7,47198,200.0.179.73,80,TCP_SESSION,2008-10-18 14:20:48,Filtered IP: Dropped packets: 3 Dropped bytes: 156 205.188.117.134,45379,200.0.179.73,80,TCP_SESSION,2008-10-18 14:20:48,Filtered IP: Dropped packets: 0 Dropped bytes: 0 205.188.117.137,42257,200.0.179.73,80,TCP_SESSION,2008-10-18 14:20:48,Filtered IP: Dropped packets: 0 Dropped bytes: 0 75.105.128.38,4092,200.0.179.73,80,TCP_SESSION,2008-10-18 14:20:48,Filtered IP: Dropped packets: 0 Dropped bytes: 0 First 3 IP's come from AOL, I'll try to see if I can get their attention. Last IP is from a Wildblue Communications WBC-39. Beavis, you're running a web server on 200.0.179.73, some sort of gambling site. Those who operate web servers generally expect traffic to TCP port 80. If you're not aware that you have a web server running, then it is most likely your machine that is infected with a bot. -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkj6MisACgkQETh+0NgvOtFHnwCfRYCU4VwNmQRXABtgem4wmWhX gD8AnRSxyfM67NJKGiYVn1MNYNQ5eaSO =J0JL -END PGP SIGNATURE-
Re: DDoS Attack in Progress.
Sorry for the anonymity part Steve This is the only one email i got that is added to the NANOG List. John Lopez NOC Manager Constructora Pura Vida (506)243-018-35 Ext. 2901 On Sat, Oct 11, 2008 at 2:05 AM, Steve Linford [EMAIL PROTECTED] wrote: On 10 Oct 2008, at 20:46, Beavis wrote: Hi All, DoS attack in progress, any upstream info for these guys? their phone number doesn't respond. inetnum: 88.247.0.0 - 88.247.79.255 netname: TurkTelekom descr: TT ADSL-alcatel static_ulus country: tr The Spamhaus folk on this list have the address of TurkTelekom's chief security/abuse guy who would take take of this, but we would not be inclined to give his address to someone identifying themselves as Beavis with a gmail address. Can you elaborate on who you are, what's being DoSsed (a router, an http server, a mail server?), and whether you can ACL the source (since you know the source is in 88.247.0.0/17, why not ACL the source at your router or at whatever device is being DoSsed). Steve Linford The Spamhaus Project http://www.spamhaus.org
DDoS Attack in Progress.
Hi All, DoS attack in progress, any upstream info for these guys? their phone number doesn't respond. This is the RIPE Whois query server #1. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html % Note: This output has been filtered. % To receive output for a database update, use the -B flag. % Information related to '88.247.0.0 - 88.247.79.255' inetnum: 88.247.0.0 - 88.247.79.255 netname: TurkTelekom descr: TT ADSL-alcatel static_ulus country: tr admin-c: TTBA1-RIPE tech-c: TTBA1-RIPE status: ASSIGNED PA status: definitions mnt-by: as9121-mnt source: RIPE # Filtered role:TT Administrative Contact Role address: Turk Telekom address: Bilisim Aglari Dairesi address: Aydinlikevler address: 06103 ANKARA phone: +90 312 313 1950 fax-no: +90 312 313 1949 e-mail: [EMAIL PROTECTED] admin-c: BADB3-RIPE tech-c: ZA66-RIPE tech-c: NO638-RIPE tech-c: SO351-RIPE nic-hdl: TTBA1-RIPE mnt-by: AS9121-MNT source: RIPE # Filtered % Information related to '88.247.0.0/17AS9121' route: 88.247.0.0/17 descr: TurkTelecom origin: AS9121 mnt-by: AS9121-MNT source: RIPE # Filtered
Re: Building a BGP test network
Jas, hi check this thread, you might be able to talk with the same guy. http://www.ripe.net/ripe/maillists/archives/routing-wg/1999/msg00107.html goodluck, -b On Wed, Jul 9, 2008 at 8:29 AM, Jason Lewis [EMAIL PROTECTED] wrote: I'm building a BGP test network and I'd like to replicate a full route table on a few of my routers. I thought I might be able to use Quagga and insert a rib dump, but I'm not finding a lot of info on if it's possible. (I've pinged the quagga list and didn't get any response) So my question is, is it possible to feed a router on a private test network a full route table from a RIB snapshot? I have to think someone has done it and I'm just not searching for the right things. Thanks, jas