Re: "Defensive" BGP hijacking?

2016-09-12 Thread Paras Jha 
Well don't forget, normal attacks launched from vDOS were around 8 -
16gbps.

On the Krebs article, he mentions "the company received an email directly
from vDOS claiming credit for the attack"

Now, if this holds true, it's likely that the operator of vDOS (Apple J4ck
was his moniker) was directing the full resources of the network towards
BackConnect. Given that Brian indicated that at any given time vDOS could
be launching 10 - 15 times (9 "DDoS years" or something in a few months),
the full force of the vDOS network could easily amount to 200gbps.

> This behavior is never defensible nor acceptable.
>
> In addition to being in the wrong with BGP hijacking a prefix, it
> appears that Mr. Townsend had the wrong target, too. We've been
> attacked a few dozen times by this botnet, and they could never muster
> anything near 200 gbps worth of traffic. They were orders of magnitude
> smaller, only around 8-16 gbps depending on attack.
>
> Mr. Townsend's motives were wrong and so was his information.

Re: Zayo Extortion

2016-08-15 Thread Paras Jha 
Yeah, I see a wall of text, but no real evidence to substantiate it.

On Mon, Aug 15, 2016 at 8:29 AM, Mike Hammett  wrote:

> Try more facts and less emotion.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
>
> Midwest Internet Exchange
>
> The Brothers WISP
>
>
> - Original Message -
>
> From: "HonorFirst Name Ethics via NANOG" 
> To: nanog@nanog.org
> Sent: Saturday, August 13, 2016 11:50:46 AM
> Subject: Zayo Extortion
>
> Question to the NANOG community, Is anyone else being extorted by Zayo? Is
> Zayo threatening shutdown over bogus and fabricated charges?
>
> The purpose of this message to the group is twofold: 1) to share our
> experience being extorted by Zayo with the community and 2) to understand
> the depth and extent of Zayo's less than ethical behavior by getting
> feedback from the community.
>
> Abovenet was a great organization with quality service, reasonable prices
> and nice folks to work with. Since being acquired by Zayo we have seen a
> significant degradation of service quality and responsiveness which is not
> unusual from a provider, but Zayo has taken things to a level of low ethics
> that would make Tony Soprano proud.
> Most interestingly they seem to identify points where you are dependent on
> them and threaten a shut down unless you pay them some arbitrary amount. In
> our case we use multiple Zayo IP, Transport, and Colo Services -- they set
> their extortion amount at $128,000. A completely arbitrary and fabricated
> number. They put significant pressure threatening to shut us down by
> setting their lawyers on us.
> Our detailed contract breakdowns, invoice and payment spreadsheets, along
> with all other commonsense and professional efforts were simply
> disregarded. At one point their lawyers and accounting people had the nerve
> to say "our accounting system does not track invoice details -- it only
> shows the total amount due so your numbers mean nothing to us." All the
> while they relentlessly levied disconnect threats with short timelines such
> as: "if you don't pay us $128,000 by this Friday, we will shut your
> operation down."
> We have had anecdotal feedback that we are not alone in our experience and
> that there are many more like us. If you and your company have had a
> similar experience with Zayo, please share it with the group or if like us
> you are concerned about retaliation from Zayo, please respond privately.
>
> If the group shares their experiences the public shaming may drive Zayo to
> stop operating like mafia thugs. If the problem is as common as we suspect,
> it may warrant getting the Attorney General involved.
>
> In the mean time, I strongly urge anyone already in a relationship with
> Zayo or considering a relationship to make sure your are well diversified
> with other more ethical carriers. Otherwise please consider another
> organization to work with.
> In our case we were better of with Ransomeware, than Zayo as a vendor! Its
> cheaper and less damaging
>
> A Zayo victim and a NANOG Member
>



-- 
Regards,
Paras

President
ProTraf Solutions, LLC
Enterprise DDoS Mitigation

Re: EVERYTHING about Booters (and CloudFlare)

2016-07-28 Thread Paras Jha 
Nothing is going to happen. Cloudflare will continue to turn a blind eye
towards abusive customers, and even downright allow customers to HTTP scan
from their network without batting an eyelash. The mere act of scanning
isn't illegal, but it shows the kind of mindset that they have.

Re: EVERYTHING about Booters (and CloudFlare)

2016-07-27 Thread Paras Jha 
I am not a lawyer and I don't pretend to be, but I believe

> the gamer who ticked off another gamer and got DDoSed doesn't
> have the knowledge, time, or resources to file a claim that will actually
> accomplish anything, and nobody else can file the claim on their behalf.

I believe a class action lawsuit would sidestep this. Don't quote me on
that though, I may be wrong.

On Wed, Jul 27, 2016 at 10:04 PM, Paras Jha <pa...@protrafsolutions.com>
wrote:

> He's right, conspiracy to commit X is a valid criminal charge, at least in
> the US. Conspiracy to commit fraud, theft, murder, racketeering, etc are
> all "sister charges" of charges of ones actually carried out.
>



-- 
Regards,
Paras

President
ProTraf Solutions, LLC
Enterprise DDoS Mitigation

Re: EVERYTHING about Booters (and CloudFlare)

2016-07-27 Thread Paras Jha 
He's right, conspiracy to commit X is a valid criminal charge, at least in
the US. Conspiracy to commit fraud, theft, murder, racketeering, etc are
all "sister charges" of charges of ones actually carried out.

Re: EVERYTHING about Booters (and CloudFlare)

2016-07-27 Thread Paras Jha 
Hi Randy,

I've found the vast majority of large service providers to be very
receptive to abuse reports when they contain evidence and valid information.

Regards
Paras

Re: EVERYTHING about Booters (and CloudFlare)

2016-07-27 Thread Paras Jha 
Hi Justin,

I have submitted abuse reports in the past, maybe from 2014 - 2015, but I
gave up after I consistently did not even get replies and saw no action
being taken. It is the same behavior with other providers who host malware
knowingly. I appreciate you coming out onto the list though, it's nice to
see that CF does maintain a presence here.

Regards
Paras

Re: EVERYTHING about Booters (and CloudFlare)

2016-07-27 Thread Paras Jha 
Hi Jair,

This list is really interesting.

>From just a preliminary test, more than half of these domains are hiding
behind Cloudflare, and OVH has a sizable fraction too. I suppose it's
inevitable, given that both are known for having non-existent abuse
departments.

Regards

On Wed, Jul 27, 2016 at 9:49 AM, Jair Santanna 
wrote:

> Hi folks,
>
> A friend forward me your topic about Booters and CloudFlare. Then I
> decided to join the NANOG list. The *answer* for the first question about
> CloudFlare and Booters is at: https://www.youtube.com/watch?v=wW5vJyI_HcU
> (minute 45:55) given by the _CloudFlare CEO_ in the blackhat2013.
>
> I investigate Booters since 2013 and I know many (if not all) the possible
> aspects about this DDoS-as-a-Service phenomenon. A summary of my entire
> research (or large part of that) can be watched at
> https://tnc16.geant.org/web/media/archive/3A (from minute 22:53). On top
> of that, I developed an algorithm to find Booters and publicly share such
> list (http://booterblacklist.com/). My main goal with this initiative is
> to convince people to blacklist and keep on track the users that access
> Booters (that potentially perform attacks)
>
> If you have any question about any aspect of the entire phenomenon don't
> hesitate to contact me. By the way, I want to help deploy the booters
> blacklist worldwide and help prosecutors to shutdown this bastards. I have
> many evidences!
>
> Cheers,
>
> Jair Santanna
> jairsantanna.com
>
>
>
>


-- 
Regards,
Paras

President
ProTraf Solutions, LLC
Enterprise DDoS Mitigation

Re: cloudflare hosting a ddos service?

2016-07-26 Thread Paras Jha 
I read through the blog post, and it was an interesting window into how
Cloudflare operates. If I could be so bold as to raise this issue, however -

Specifically, this part

*Originally, when we would receive reports of phishing or malware we would
terminate the customers immediately. The challenge was that this didn't
actually solve the problem. Since we're just a proxy, not the host, us
terminating the customer doesn't make the harmful content disappear.
Terminating the site effectively just kicked the problem further down the
road, moving it off our network and onto someone else's.*

>From that paragraph, what I understand it as is that Cloudflare doesn't
want to terminate customers hosting illegal content / facilitating illegal
activities because if they do, that content will just move elsewhere. It
was an interesting parallel to one of the problems plaguing the internet
today - source address spoofing. More and more hosts are implementing
source address verification, but unfortunately there are still those that
still allow source address spoofing (and those hosts are sometimes used to
launch amplified DDoS attacks). However, reputable hosts don't make the
argument "We won't disallow source address spoofing because if we block it,
the customers will just go elsewhere". Reputable providers block it, and
try to get others to block the problem as well. The difference is that
Cloudflare is lax "because other people are lax, so it's pointless for us
to be strict".

That kind of logic is the same flawed logic that goes with "I shouldn't
vote, because no matter which way I vote my vote is insignificant". Sure,
as a single entity that's true - but if everybody thought that, we'd be in
a real pickle. Some problems are larger than what an individual faces, and
must be addressed by not just a single entity, but all the entities to whom
this problem affects - it is your responsibility to vote, a hosts
responsibility to disable source address verification (and help fight crime
on their network), and I'd argue it's Cloudflare's responsibility to help
stop abuse.

Just my 2C

On Tue, Jul 26, 2016 at 11:02 PM, Paras Jha <pa...@protrafsolutions.com>
wrote:

> Justin,
>
> The only problem with that statement is that it's not true: if you did
> terminate service to them, the websites would go away. Maybe not today, but
> eventually. "Network stresser" owners are notorious for trying to take out
> the competition. Cloudflare provides free protection for these services to
> stay online. Most other ISPs wouldn't tolerate such shenanigans, whether it
> be for facilitating illegal activities or being on the receiving end of
> DDoS attacks, and would kick them off.
>
> On Tue, Jul 26, 2016 at 10:58 PM, Justin Paine <jus...@cloudflare.com>
> wrote:
>
>> Folks,
>>
>> "For a long time their abuse@ alias was (literally) routed to /dev/null.
>> I'm not
>> sure whether that's still the case or whether they now ignore reports
>> manually."
>>
>> @Steve   It (literally) never was. :) The team I manage processes
>> reports all day
>> long. If you have a report to file certainly do so,
>> https://www.cloudflare.com/abuse
>>
>>
>> On the topic of booters:
>>
>> Short version -- As someone already mentioned, CloudFlare continues
>> not to be a hosting provider.
>>
>> Our CEO has broadly covered this topic several times.
>> https://blog.cloudflare.com/thoughts-on-abuse/
>>
>> Even if we removed our service the website does not go away, it
>> doesn't solve the problem if we temporarily stop providing DNS to the
>> domain(s). An often overlooked but extremely important note: there are
>> some situations where law
>> enforcement has required that we *not* terminate service to certain
>> websites. In those situations we are of course not allowed to discuss
>> specifics.
>>
>> 
>> Justin Paine
>> Head of Trust & Safety
>> CloudFlare Inc.
>> PGP: BBAA 6BCE 3305 7FD6 6452 7115 57B6 0114 DE0B 314D
>>
>>
>> On Tue, Jul 26, 2016 at 7:42 PM, Paras Jha <pa...@protrafsolutions.com>
>> wrote:
>> > A five minute Google search revealed this, which is just the tip of the
>> > iceberg
>> >
>> > booter.xyz
>> > exitus.to
>> > zstress.net
>> > critical-boot.com
>> > instress.club
>> > webstresser.co
>> > anonymousstresser.com
>> > rawdos.com
>> > kronosbooter.com
>> > alphastress.com
>> > synergy.so
>> > str3ssed.me
>> > layer7.pw
>> >
>> > There are probably hundreds
>> >
>> >
>> >
>> > On Tue, Jul 26, 2016 at

Re: cloudflare hosting a ddos service?

2016-07-26 Thread Paras Jha 
Justin,

The only problem with that statement is that it's not true: if you did
terminate service to them, the websites would go away. Maybe not today, but
eventually. "Network stresser" owners are notorious for trying to take out
the competition. Cloudflare provides free protection for these services to
stay online. Most other ISPs wouldn't tolerate such shenanigans, whether it
be for facilitating illegal activities or being on the receiving end of
DDoS attacks, and would kick them off.

On Tue, Jul 26, 2016 at 10:58 PM, Justin Paine <jus...@cloudflare.com>
wrote:

> Folks,
>
> "For a long time their abuse@ alias was (literally) routed to /dev/null.
> I'm not
> sure whether that's still the case or whether they now ignore reports
> manually."
>
> @Steve   It (literally) never was. :) The team I manage processes
> reports all day
> long. If you have a report to file certainly do so,
> https://www.cloudflare.com/abuse
>
>
> On the topic of booters:
>
> Short version -- As someone already mentioned, CloudFlare continues
> not to be a hosting provider.
>
> Our CEO has broadly covered this topic several times.
> https://blog.cloudflare.com/thoughts-on-abuse/
>
> Even if we removed our service the website does not go away, it
> doesn't solve the problem if we temporarily stop providing DNS to the
> domain(s). An often overlooked but extremely important note: there are
> some situations where law
> enforcement has required that we *not* terminate service to certain
> websites. In those situations we are of course not allowed to discuss
> specifics.
>
> 
> Justin Paine
> Head of Trust & Safety
> CloudFlare Inc.
> PGP: BBAA 6BCE 3305 7FD6 6452 7115 57B6 0114 DE0B 314D
>
>
> On Tue, Jul 26, 2016 at 7:42 PM, Paras Jha <pa...@protrafsolutions.com>
> wrote:
> > A five minute Google search revealed this, which is just the tip of the
> > iceberg
> >
> > booter.xyz
> > exitus.to
> > zstress.net
> > critical-boot.com
> > instress.club
> > webstresser.co
> > anonymousstresser.com
> > rawdos.com
> > kronosbooter.com
> > alphastress.com
> > synergy.so
> > str3ssed.me
> > layer7.pw
> >
> > There are probably hundreds
> >
> >
> >
> > On Tue, Jul 26, 2016 at 10:33 PM, Paras Jha <pa...@protrafsolutions.com>
> > wrote:
> >
> >> This is quite common, almost all of the DDoS-for-hire services are
> hosted
> >> behind CloudFlare, and a great majority of them take PayPal. Another one
> >> had even managed to secure an EV SSL cert.
> >>
> >> On Tue, Jul 26, 2016 at 10:24 PM, Dovid Bender <do...@telecurve.com>
> >> wrote:
> >>
> >>> I used to have a boss that was convinced that MCafee was writing
> viruses
> >>> to stay in business
> >>>
> >>> Regards,
> >>>
> >>> Dovid
> >>>
> >>> -Original Message-
> >>> From: Phil Rosenthal <p...@isprime.com>
> >>> Sender: "NANOG" <nanog-boun...@nanog.org>Date: Tue, 26 Jul 2016
> 22:17:53
> >>> To: jim deleskie<deles...@gmail.com>
> >>> Cc: NANOG list<nanog@nanog.org>
> >>> Subject: Re: cloudflare hosting a ddos service?
> >>>
> >>> Plus, it’s good for business!
> >>>
> >>> -Phil
> >>>
> >>> > On Jul 26, 2016, at 10:14 PM, jim deleskie <deles...@gmail.com>
> wrote:
> >>> >
> >>> > sigh...
> >>> >
> >>> > On Tue, Jul 26, 2016 at 10:55 PM, Patrick W. Gilmore <
> patr...@ianai.net
> >>> >
> >>> > wrote:
> >>> >
> >>> >> CloudFlare will claim they are not hosting the problem. They are
> just
> >>> >> hosting the web page that lets you pay for or points at or otherwise
> >>> >> directs you to the problem.
> >>> >>
> >>> >> The actual source of packets is some other IP address. Therefore,
> they
> >>> can
> >>> >> keep hosting the web page. It is not sending the actual
> >>> >> [spam|DDoS|hack|etc.], right? So stop asking them to do something
> >>> about it!
> >>> >>
> >>> >> Whether you think that is the proper way to provide service on the
> >>> >> Internet is left as an exercise to the reader.
> >>> >>
> >>> >> --
> >>> >> TTFN,
> >>> >> patrick
> &

Re: cloudflare hosting a ddos service?

2016-07-26 Thread Paras Jha 
A five minute Google search revealed this, which is just the tip of the
iceberg

booter.xyz
exitus.to
zstress.net
critical-boot.com
instress.club
webstresser.co
anonymousstresser.com
rawdos.com
kronosbooter.com
alphastress.com
synergy.so
str3ssed.me
layer7.pw

There are probably hundreds



On Tue, Jul 26, 2016 at 10:33 PM, Paras Jha <pa...@protrafsolutions.com>
wrote:

> This is quite common, almost all of the DDoS-for-hire services are hosted
> behind CloudFlare, and a great majority of them take PayPal. Another one
> had even managed to secure an EV SSL cert.
>
> On Tue, Jul 26, 2016 at 10:24 PM, Dovid Bender <do...@telecurve.com>
> wrote:
>
>> I used to have a boss that was convinced that MCafee was writing viruses
>> to stay in business
>>
>> Regards,
>>
>> Dovid
>>
>> -Original Message-
>> From: Phil Rosenthal <p...@isprime.com>
>> Sender: "NANOG" <nanog-boun...@nanog.org>Date: Tue, 26 Jul 2016 22:17:53
>> To: jim deleskie<deles...@gmail.com>
>> Cc: NANOG list<nanog@nanog.org>
>> Subject: Re: cloudflare hosting a ddos service?
>>
>> Plus, it’s good for business!
>>
>> -Phil
>>
>> > On Jul 26, 2016, at 10:14 PM, jim deleskie <deles...@gmail.com> wrote:
>> >
>> > sigh...
>> >
>> > On Tue, Jul 26, 2016 at 10:55 PM, Patrick W. Gilmore <patr...@ianai.net
>> >
>> > wrote:
>> >
>> >> CloudFlare will claim they are not hosting the problem. They are just
>> >> hosting the web page that lets you pay for or points at or otherwise
>> >> directs you to the problem.
>> >>
>> >> The actual source of packets is some other IP address. Therefore, they
>> can
>> >> keep hosting the web page. It is not sending the actual
>> >> [spam|DDoS|hack|etc.], right? So stop asking them to do something
>> about it!
>> >>
>> >> Whether you think that is the proper way to provide service on the
>> >> Internet is left as an exercise to the reader.
>> >>
>> >> --
>> >> TTFN,
>> >> patrick
>> >>
>> >>> On Jul 26, 2016, at 9:49 PM, Mike <mike-na...@tiedyenetworks.com>
>> wrote:
>> >>>
>> >>> Hi,
>> >>>
>> >>>   So vbooter.org's dns and web is hosted by cloudflare?
>> >>>
>> >>> "Using vBooter you can take down home internet connections, websites
>> and
>> >> game servers such us Minecraft, XBOX Live, PSN and many more."
>> >>>
>> >>>   dig -t ns vbooter.org
>> >>>
>> >>> ; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> -t ns vbooter.org
>> >>> ;; global options: +cmd
>> >>> ;; Got answer:
>> >>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62177
>> >>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
>> >>>
>> >>> ;; OPT PSEUDOSECTION:
>> >>> ; EDNS: version: 0, flags:; udp: 512
>> >>> ;; QUESTION SECTION:
>> >>> ;vbooter.org.INNS
>> >>>
>> >>> ;; ANSWER SECTION:
>> >>> vbooter.org.21599INNSrick.ns.cloudflare.com.
>> >>> vbooter.org.21599INNSamy.ns.cloudflare.com.
>> >>>
>> >>> dig -t a www.vbooter.org
>> >>>
>> >>> ; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> -t a www.vbooter.org
>> >>> ;; global options: +cmd
>> >>> ;; Got answer:
>> >>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34920
>> >>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
>> >>>
>> >>> ;; OPT PSEUDOSECTION:
>> >>> ; EDNS: version: 0, flags:; udp: 512
>> >>> ;; QUESTION SECTION:
>> >>> ;www.vbooter.org.INA
>> >>>
>> >>> ;; ANSWER SECTION:
>> >>> www.vbooter.org.299INCNAMEvbooter.org.
>> >>> vbooter.org.299INA104.28.13.7
>> >>> vbooter.org.299INA104.28.12.7
>> >>>
>> >>>
>> >>>   Can anyone from cloudflare answer me why this fits with your
>> business
>> >> model?
>> >>>
>> >>> Mike-
>> >>
>> >>
>>
>>
>
>
> --
> Regards,
> Paras
>
> President
> ProTraf Solutions, LLC
> Enterprise DDoS Mitigation
>



-- 
Regards,
Paras

President
ProTraf Solutions, LLC
Enterprise DDoS Mitigation

Re: cloudflare hosting a ddos service?

2016-07-26 Thread Paras Jha 
This is quite common, almost all of the DDoS-for-hire services are hosted
behind CloudFlare, and a great majority of them take PayPal. Another one
had even managed to secure an EV SSL cert.

On Tue, Jul 26, 2016 at 10:24 PM, Dovid Bender  wrote:

> I used to have a boss that was convinced that MCafee was writing viruses
> to stay in business
>
> Regards,
>
> Dovid
>
> -Original Message-
> From: Phil Rosenthal 
> Sender: "NANOG" Date: Tue, 26 Jul 2016 22:17:53
> To: jim deleskie
> Cc: NANOG list
> Subject: Re: cloudflare hosting a ddos service?
>
> Plus, it’s good for business!
>
> -Phil
>
> > On Jul 26, 2016, at 10:14 PM, jim deleskie  wrote:
> >
> > sigh...
> >
> > On Tue, Jul 26, 2016 at 10:55 PM, Patrick W. Gilmore 
> > wrote:
> >
> >> CloudFlare will claim they are not hosting the problem. They are just
> >> hosting the web page that lets you pay for or points at or otherwise
> >> directs you to the problem.
> >>
> >> The actual source of packets is some other IP address. Therefore, they
> can
> >> keep hosting the web page. It is not sending the actual
> >> [spam|DDoS|hack|etc.], right? So stop asking them to do something about
> it!
> >>
> >> Whether you think that is the proper way to provide service on the
> >> Internet is left as an exercise to the reader.
> >>
> >> --
> >> TTFN,
> >> patrick
> >>
> >>> On Jul 26, 2016, at 9:49 PM, Mike 
> wrote:
> >>>
> >>> Hi,
> >>>
> >>>   So vbooter.org's dns and web is hosted by cloudflare?
> >>>
> >>> "Using vBooter you can take down home internet connections, websites
> and
> >> game servers such us Minecraft, XBOX Live, PSN and many more."
> >>>
> >>>   dig -t ns vbooter.org
> >>>
> >>> ; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> -t ns vbooter.org
> >>> ;; global options: +cmd
> >>> ;; Got answer:
> >>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62177
> >>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
> >>>
> >>> ;; OPT PSEUDOSECTION:
> >>> ; EDNS: version: 0, flags:; udp: 512
> >>> ;; QUESTION SECTION:
> >>> ;vbooter.org.INNS
> >>>
> >>> ;; ANSWER SECTION:
> >>> vbooter.org.21599INNSrick.ns.cloudflare.com.
> >>> vbooter.org.21599INNSamy.ns.cloudflare.com.
> >>>
> >>> dig -t a www.vbooter.org
> >>>
> >>> ; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> -t a www.vbooter.org
> >>> ;; global options: +cmd
> >>> ;; Got answer:
> >>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34920
> >>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
> >>>
> >>> ;; OPT PSEUDOSECTION:
> >>> ; EDNS: version: 0, flags:; udp: 512
> >>> ;; QUESTION SECTION:
> >>> ;www.vbooter.org.INA
> >>>
> >>> ;; ANSWER SECTION:
> >>> www.vbooter.org.299INCNAMEvbooter.org.
> >>> vbooter.org.299INA104.28.13.7
> >>> vbooter.org.299INA104.28.12.7
> >>>
> >>>
> >>>   Can anyone from cloudflare answer me why this fits with your business
> >> model?
> >>>
> >>> Mike-
> >>
> >>
>
>


-- 
Regards,
Paras

President
ProTraf Solutions, LLC
Enterprise DDoS Mitigation

Re: students questions

2016-07-25 Thread Paras Jha 
Hi,

Try taking a look at Zoho, they offer what you're looking for for free.

Regards

On Mon, Jul 25, 2016 at 12:11 PM, sam  wrote:

> Hello if this is not appropriate for this list please excuse me and
> disregard this email. I thought of no better place than this place however
> if there is a better place for this email please advise and I will direct
> the email and the student to the questions.
>
> I received an email form a student this morning asking the following
> questions.
> 1.  Are there any email providers that market to professional but offer
> a student rate or are of good quality but inexpensive etc..
>
> 2.  I have looked at the Microsoft exchange server in the cloud while
> it
> looks promising it does not seems to fit my cost ratio
>
> 3.  I would mainly like to be able to have a professional email address
> so when I apply for jobs and other business of that sort I can be seen as a
> professional and to gather my email from various sources i.e. Gmail,
> Hotmail
> etc. and to present a more professional appearance to my work and school
> work etc..
>
>
>
> I responded that he should look at google apps, however his questions got
> me
> thinking and I google around for an answer to give him, however I am not as
> well versed as I should be in the cloud besides for backup service and
> active directory management. I would like to know if you guys have any
> places I own give the student.
>
>
> Thanks
> Samual
> Office of technology education
>
> Please excuse grammar and spelling errors as this was typed on a
> smartphone.
>
>
>
> -BEGIN PGP MESSAGE-
> Version: GnuPG v2
>
> owFdVAtsFEUYbqkQvPQoGgpUHo5FzEHKUcqr2FCoILY8pFCQR1Jlbnf2brndnXVm
> t9fjFSOCFtBUimjBNtJCI5AIFOQhFbSgxAgURQIo8rKIaUTTVBERxH9274rlcpfb
> 2fn/b77/+79/yr1JCV0TScLQ81mX05oSv24JJMxZP+ZGPtE0ilQFWSGVI/ga1ELY
> NBk1mYotghTK3D1N5RYyNYI5QaRUsuFPJwgbMpJVzkgQM9kNJDpWNT8qgBW1gyEL
> UQVQUYBYFmGAgCUCW9hwo911iEZICew6RAgjggnumNJOxMGPM8FyicpdGgUoomoa
> sGFEsgRMLFLsiRW3bJkYsEOd5cs24ZZKDe73egoQ5BC1hMgQHUuD83Tg0J4ljtYp
> M1QjiDAPiz8Bo1AQMCJW9wGR1zPMj5xPHiOxirARjVNntESVCeNCBgvpmIWJQws2
> FMI5YGANBWyhnAL13yfBREdABwx4oGqQUhmOxZpqRZ141SClJjE4VIKIJfmvvlLn
> 9WTFqBSgEIb3GqVhUacr0TRVYpRTxRI9haYEQSfCnFYYToCkUVtGkZCqQVMsJ5sL
> orrKRdHwSqbEtQ0nROeiDgXe6lEkUe5QVikIMrydRYTamgxVq4YWBVeFiUgJgEAB
> zXl0WOKOYsQ6KcsMXiFOgRAxAAucCiDCGgtpgDutpkJuUAPoiViquCpzyixIkKC/
> AVEjpGP+4DGOVSgKYgdDjzdMgXJRCWYqtcXhNpOgYtVP/Og5sZ+B8qnlBArN4yAm
> UBU9w8I15IFzTJNghg3JKRjOiVAWdhK5FKJUc9cCDcyJkPsTJuUmNWQiuyUJT4cc
> MUVXREfBEEEQEeB5RvtMCeO2exNCLDG3Vuizo6rhuNidnXgqozashaKgFDZ4BBCE
> JMJSIVW/Dwvi6+5twVEEbhEEL7kwFoetGC9QuoONAoSD8bkDH8BS2DYdt6mSO8FY
> ssQx7gRTFgWTGDhIdJDR326cuGPCBo2I+yJKbRS0ozzmG5gy574QLGjEcIn/b/z9
> MTVngdnByV5PEdZhguBhuqIIIsIwRAoZVKNBMIBsS8LBRiytsMMFGGRYh/F1O2eC
> CEJPwhiF2cbcvTMi4iFqgjIAAqMM8ZYZogZxmJR16vtQQmLXhC6dO4nrOMHzcPf4
> HX1lZMrtpMXDM+ftvL7Oc7V7y5oF/sNjKk+l7Mr9nQQWdvlW2pmknlp+7vGc5rsZ
> plKfdP3MrDtZ4S8b7/0yUL634+OKtwu9F36aNzmw+c3GwP59Y+f6sof+NWtagnW6
> fvvKaxNHlc2+lH/+yfU/D/lg8Onvvqqvz1g9s7ri2dTK6ak1ZxsSq349M6P12PSj
> Ff7RV7In59+yW58YtfiN6hHW9/4iVsX63t1mp51U01O+aPCkKgPeinqtCbt6k9oP
> UZ8B/RXfp59sKn5q0I4Zrd0KG7VFM7f3qBh7zB52ee+2C1OSD2x5/XgZe/Usa/ot
> reGdjNGh4p2Dt/zQduxE9b8NzX2Ti1bU7Njwnpl2boRP2tP0uS/vwv6LgTGD0s+Y
> f+fW6X/glpu9D437qLJ1LV7X3OtmwchFvjvrtFUvZC1flpgdJs3+rav6VfXvZmS3
> bFx6Ut2aeevA8dZ/LvqkouKNNT2u8aljlz82aUVb79bnB/65enxyy5L9RnmS52DO
> o20r26bOn1t46GDpKPvI3vpb41bMTrd6NY+P1r2WenjRxEsvLqC1czOz5uyaXz0n
> r8f5JRs2bV3ax/dS3chlJ2xf9e5Ma3TnnH63NynXOl2sThzx7pArFXTg7mGD/Pt6
> BtdWPpNXUj6pLP3p67Wh9xP31BypOlc8M6u0TfXmTkuxa298M6E0+Ui/NRWb0xt7
> 7mnKrWPlRWkHShf/+EjOlP8A
> =cNlY
> -END PGP MESSAGE-
>
>

Re: NANOG67 - Tipping point of community and sponsor bashing?

2016-06-14 Thread Paras Jha 
The world of networking is in itself decentralized. In the event a certain
network starts behaving badly, other networks will take appropriate action
by themselves if they see it as a problem.

I see no need to become a nanny state over issues like this. If someone is
being belligerent and harming people, that's a different story. But
criticism is criticism, and a sharp tongue isn't reason enough to try to
censor viewpoints. Individuals who see it as a problem are more than free
to take action to protect themselves (read: stop listening to them).

On Tue, Jun 14, 2016 at 4:29 PM, Rich Kulawiec  wrote:

> On Tue, Jun 14, 2016 at 01:40:20PM -0400, Peter Beckman wrote:
> >  Negative feedback, respectfully and objectively delivered, should be
> >  embraced as opportunities to improve ourselves, our products and our
> >  services, not shunned and silenced because it points out a flaw.
>
> 1. This.  A hundred times this.
>
> 2. This is why we have RFC 2142 (which specifies role addresses
> such as postmaster@, abuse@, and so on): so that we can easily and
> quickly tell each other when we're screwing up so that it can be fixed.
> This is why all professional and responsible operations maintain those
> addresses, pay attention to what shows up there, read it, analyze it,
> act on it, and respond to it.  This is and has been an instrinic part
> of our operational culture for decades -- even though we all know
> that just about every message ever received via them will be negative.
> (Because nobody's going to drop a line to hostmaster@ noting that our
> DNS servers are all working perfectly.)
>
> A critical presentation is really no different than an email message
> to webmaster@ that points out a 404'd URL.  It's an opportunity to
> fix something and to do better.
>
> ---rsk
>



-- 
Regards,
Paras

President
ProTraf Solutions, LLC
Enterprise DDoS Mitigation

Re: Google GeoIP issue

2016-06-01 Thread Paras Jha 
We had the same issue, there's a form you can fill out on Google's site if
you visit the homepage from one of the IPs in question. However, I don't
remember the exact link.

On Wed, Jun 1, 2016 at 6:17 PM, Peter Loron  wrote:

> Hello folks. An address we use is not identified as being in the correct
> location by Google. Can someone from their NOC reach out off-list?
>
> Thanks.
>
>
> Sent from my iPhone
>



-- 
Regards,
Paras

President
ProTraf Solutions, LLC
Enterprise DDoS Mitigation

Re: Arista Routing Solutions

2016-04-26 Thread Paras Jha 
Just wanted to interject, the port density of the Arista switches is quite
impressive, especially considering the price point they're at.

On Tue, Apr 26, 2016 at 12:46 PM, Ryan Woolley 
wrote:

> While the QFX in general is similar to Jericho-based platforms, I think the
> QFX10002 is perhaps not an ideal comparison.  At 100G, there is a
> significant density penalty on that platform, as you can use all 36 ports
> at 40G, but only 12 ports at 100G.
>
> BGP convergence in the newer EOS releases is indeed very, very fast.
>
> On Sun, Apr 24, 2016 at 12:08 PM, Colton Conor 
> wrote:
>
> > Saku,
> >
> > I guess you are right the QFX10002-36Q is probably a better comparison.
> But
> > let's be honest, Juniper is not going to sell a QFX10002-36Q for less
> than
> > $20k like Arista will do for a semi- similar box. Even with a high
> discount
> > (like 90 percent off list), the Juniper QFX10002-36Q at $360k list price
> > comes nowhere close on the price point. Cisco, Juniper, ALU, etc are all
> > not going to see a low cost high density fixed switch because that would
> > cannibalize on their sales on the larger platforms. I really think Arista
> > is kind of unique here as they don't have another routing platform to
> > cannibalize, so they are competitively pricing their platform.
> >
> > So I guess the question becomes, what features are missing that Arista
> does
> > not currently have? They seems to be adding more and more features, and
> > taking more market share. Here is a list of features supported:
> >
> https://www.arista.com/en/support/product-documentation/supported-features
> > I have not personally used Arista myself, but I like what I am seeing as
> > far as price point, company culture, and repruatation in the market
> place.
> > I know their switching is solid, but I am not sure about their routing.
> >
> > Arista claims to have much, much faster BGP convergence time than all the
> > other vendors.
> >
> >
> >
> >
> >
> > On Sat, Apr 23, 2016 at 1:20 PM, Saku Ytti  wrote:
> >
> > > On 23 April 2016 at 10:52, Tom Hill  wrote:
> > > > In broad strokes: for your money you're either getting port density,
> or
> > > > more features per port. The only difference here is that there's
> > > > suddenly more TCAM on the device, and I still don't see the above
> > > > changing too drastically.
> > >
> > > Yeah OP is comparing high touch chip (MX104) to low touch chip
> > > (Jericho) that is not fair comparison. And cost is what customer is
> > > willing to pay, regardless of sticker on the box. No one will pay
> > > significant mark-up for another sticker, I've never seen in RFP
> > > significant differences in comparable products.
> > >
> > > Fairer comparison would be QFX10k, instead of MX104. QFX10k is AFAIK
> > > only product in this segment which is not using Jericho. If this is
> > > competitive advantage or risk, jury is still out, I lean towards
> > > competitive advantage, mainly due to its memory design.
> > >
> > > --
> > >   ++ytti
> > >
> >
>



-- 
Regards,
Paras

President
ProTraf Solutions, LLC
Enterprise DDoS Mitigation

Re: Major IX bandwidth sharing

2016-04-21 Thread Paras Jha 
I'm sure you can get 1gb on 10gbit burst. 4gb on 40G burst is also pretty
achievable in a single location. But there are very few places where you'll
get a 10G on 100G burst line. Even if they are willing to give it to you,
you'll probably have to commit to more than 10% of the port size

On Thu, Apr 21, 2016 at 3:40 PM, Pavel Odintsov <pavel.odint...@gmail.com>
wrote:

> If they could offer 95th percentile usage no more than commit they should
> pay only for it. But actually it depends on certain carrier and certain
> agreement conditions.
>
> On Thursday, 21 April 2016, Max Tulyev <max...@netassist.ua> wrote:
>
> > Hello,
> >
> > I'm sure in this case they will pay for 100G every month, not for 10-20G
> ;)
> >
> > On 21.04.16 20:25, Pavel Odintsov wrote:
> > > Hello!
> > >
> > > If you want cheaper price just ask any TIER-1 provider for link with
> > commit
> > > 10ge and burst up to 100GE. It will be definitely cheaper and simpler
> > than
> > > your "magic" with IX cost reduction.
> > >
> > > On Thursday, 21 April 2016, Paras Jha <pa...@protrafsolutions.com
> > <javascript:;>> wrote:
> > >
> > >> Interesting to see how the idea is gaining traction
> > >>
> > >> On Thu, Apr 21, 2016 at 8:52 AM, Piotr Iwanejko <
> > piotr.iwane...@gmail.com <javascript:;>
> > >> <javascript:;>>
> > >> wrote:
> > >>
> > >>> Hello Nanog-ers,
> > >>>
> > >>> We are looking for a company that has >=100G connectivity to major
> > IX-es
> > >>> (AMS-IX, DE-CIX preferred) with traffic asymmetry/heavy outgoing
> > traffic,
> > >>> willing to resell incoming fraction n*10G/1*100G IX-only IP transit.
> > >>> Our company develops custom Anti-DDoS solution on PC platform (
> > >>> http://www.slideshare.net/atendesoftware/100-mpps-on-pc) and we want
> > to
> > >>> collocate 1U scrubbing node.
> > >>>
> > >>> Please contact me off list for more details.
> > >>>
> > >>> Thank you.
> > >>> --
> > >>> Piotr Iwanejko
> > >>
> > >>
> > >>
> > >>
> > >> --
> > >> Regards,
> > >> Paras
> > >>
> > >> President
> > >> ProTraf Solutions, LLC
> > >> Enterprise DDoS Mitigation
> > >>
> > >
> > >
> >
> >
>
> --
> Sincerely yours, Pavel Odintsov
>



-- 
Regards,
Paras

President
ProTraf Solutions, LLC
Enterprise DDoS Mitigation

Re: Major IX bandwidth sharing

2016-04-21 Thread Paras Jha 
Interesting to see how the idea is gaining traction

On Thu, Apr 21, 2016 at 8:52 AM, Piotr Iwanejko 
wrote:

> Hello Nanog-ers,
>
> We are looking for a company that has >=100G connectivity to major IX-es
> (AMS-IX, DE-CIX preferred) with traffic asymmetry/heavy outgoing traffic,
> willing to resell incoming fraction n*10G/1*100G IX-only IP transit.
> Our company develops custom Anti-DDoS solution on PC platform (
> http://www.slideshare.net/atendesoftware/100-mpps-on-pc) and we want to
> collocate 1U scrubbing node.
>
> Please contact me off list for more details.
>
> Thank you.
> --
> Piotr Iwanejko




-- 
Regards,
Paras

President
ProTraf Solutions, LLC
Enterprise DDoS Mitigation

Re: FCC Privacy NPRM

2016-04-14 Thread Paras Jha 
Page Not Found

Link wasn't copied correctly, the "consumer-privacy" bit was cut off.

Here's the working link:
https://www.fcc.gov/document/fcc-releases-proposed-rules-protect-broadband-consumer-privacy

On Thu, Apr 14, 2016 at 1:23 PM, Sean Donelan  wrote:

> On Thu, 14 Apr 2016, Livingood, Jason wrote:
>
>> I have not yet read all of the 147 pages of the FCC Privacy NPRM -
>>
>> https://www.fcc.gov/document/fcc-releases-proposed-rules-protect-broadband-
>> consumer-privacy. But it may be worth noting, especially for this
>> audience, that the FCC proposes considering things like IP addresses and
>> geo-location information to be Customer Proprietary Information.
>>
>
> Pretty much all ISPs should take a look at this NPRM.  Although its
> advertised as a "privacy" rule-making, it has a several sections on ISP
> data security and data breach notification, including mandatory reporting
> to the FCC and FBI.
>
>

NTT communications horrible routing, unresponsive NOC

2016-03-23 Thread Paras Jha 
Hi all,

I've been trying to get this issue resolved for the entire day now, but NTT
has been pretty unreceptive here.

We're announcing a large prefix for a client across our network, and we
discovered some insanely high latency.

After tracking down the issue, we determined it to be something wrong with
NTT at their Seattle location. We anycast this prefix, but no matter where
in the world traffic is originating from, it's going to Seattle and then to
Atlanta. Example: Rotterdam in the Netherlands routes from Europe -> east
coast -> west coast Seattle -> los angeles -> atlanta. The gist of it is
that something is seriously messed up at NTT in Seattle.

We contacted our transit provider to try and carry the issue upstream, and
what they told us was

Sorry for delay, I've asked NTT to clear the more specific for this one as
well.
The problem seems to be a bug on the NTT side which keeps stale routes in
the routing table for more specifics ( at random ).
If you have more routes affected please notify us of the routes and I will
ask them to clear the routing table for these routes.
NTT is working on this with their vendor to get this resolved as soon as
possible.


I had spoken to a sales rep for NTT a few weeks prior, and they assured me
that the NOC was top notch, and that all routes were redundant, and they
guaranteed less than 50ms in the US, and all kinds of marketing. However,
it looks like it's all marketing - for this entire day this router has been
causing tons of issues for our clients.

No-exporting it to NTT does not even solve the problem, as NTT's router in
Seattle apparently just decides to keep random small prefixes in it,
causing traffic to go there.

At a loss as to what to do now, since their NOC isn't receptive. Anyone
have someone I can contact off-list to get this issue resolved? It's
especially frustrating because the problem absolutely cannot be resolved on
our end, even with a no-export since NTT is keeping the routes in their
router.

Any large IPv4 space brokers?

2016-03-01 Thread Paras Jha 
Does anyone know of any IP space brokers other than Hilco Streambank? I'm
looking to get a feel for the market a little bit.

Regards
Paras

Re: Southwest Airlines captive portal

2016-02-27 Thread Paras Jha 
You got MITM'd

On Sat, Feb 27, 2016 at 1:57 PM, Damien Burke 
wrote:

> You should change your paypal password.
>
> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Frank Bulk
> Sent: Saturday, February 27, 2016 10:27 AM
> To: nanog@nanog.org
> Subject: Southwest Airlines captive portal
>
> Anyone from Southwest Airlines on this list?
>
> On a recent flight I discovered I couldn't complete payment through PayPal
> because my web browsers properly noticed that the Southwest Airlines SSL
> certificate that the captive portal was giving for PayPal didn't match up.
> =)  I had to create an exception for PayPal just to complete payment.
>
> Frank
>
>

Re: Thank you, Comcast.

2016-02-25 Thread Paras Jha 
It's interesting that they'd call about DNS amplification... You don't
typically see DNS amplified floods coming from home ISPs. I would imagine
SSDP amplification is a far greater issue for any home ISP.

On Thu, Feb 25, 2016 at 10:46 PM, Mike Hammett  wrote:

> I know. It seems odd, doesn't it?
>
> They're actually suspending people's accounts for DNS amplification. My
> aunt got a call about it tonight. I had already firewalled that off on her
> router before they called, but they're doing it. There's more that they
> could do I'm sure, but they're doing it. Maybe it's flooding their upstream
> causing other service issues but they're doing it.
>
> So many others aren't doing much at all.
>
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> Midwest-IX
> http://www.midwest-ix.com
>

Re: Cogent & Google IPv6

2016-02-24 Thread Paras Jha 
Transit providers are the mdidlemen of the internet, I see no problem with
the concept of "double dipping". It's their fiber and infrastructure, if
you want access to everything on their network, including other people on
their network, pay for it or find a way to get access.

On Wed, Feb 24, 2016 at 4:02 PM, Mike Hammett  wrote:

> *nods* and everything is pros and cons. In one's situation, does Cogent
> have enough pros to overcome the cons? Same for HE or any other carrier. If
> I get full tables (v4 and b6) from multiple networks and\or I peer with the
> networks that are missing from a particular provider's offering, I may very
> well not give a darn about it being missing. I may never have even used it
> in the first place. If whatever advantages to me outweigh that loss, so be
> it.
>
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> Midwest-IX
> http://www.midwest-ix.com
>
> - Original Message -
>
> From: "Patrick W. Gilmore" 
> To: "NANOG list" 
> Sent: Wednesday, February 24, 2016 2:27:21 PM
> Subject: Re: Cogent & Google IPv6
>
> Agreed on all points. “Double dipping” is not morally abhorrent, or even
> slightly slimy. However, Cogent customers paid Cogent to connect to The
> Internet, not “The other networks that are paying Cogent”. So in this case,
> if I had to make a choice of which provider to drop, I’d stick with Google.
> (I do not have to make such a decision.)
>
> One could claim the same about HE vs. Cogent. However, I’m still going to
> give the nod to the people saying “we are happy to connect” over the people
> who say “pay me to connect”. Obviously a lot of details I’m glossing over,
> but HE does have, IMHO, a good argument for v6 peering with Cogent. Doesn’t
> mean either is “wrong", just that is how I would vote with my wallet if I
> had to make the choice. (Again, I do not.)
>
> So when FB does the same thing, when Comcast does the same thing, when
> Apple does the same thing, when …. When will Cogent feel enough pain to
> relent?
>
> Or will this simply delay the full implementation of IPv6 even more, and
> Cogent won’t notice because everyone falls back to v4?
>
> --
> TTFN,
> patrick
>
> > On Feb 24, 2016, at 3:16 PM, Mike Hammett  wrote:
> >
> > Whomever hurts the most will blink first. I don't really care who that
> is. I have no ill will towards "double dipping". Either they do or they
> don't offer the desired connectivity and I'm moving on.
> >
> >
> >
> >
> > -
> > Mike Hammett
> > Intelligent Computing Solutions
> > http://www.ics-il.com
> >
> > Midwest-IX
> > http://www.midwest-ix.com
> >
> > - Original Message -
> >
> > From: "Patrick W. Gilmore" 
> > To: "NANOG list" 
> > Sent: Wednesday, February 24, 2016 2:12:07 PM
> > Subject: Re: Cogent & Google IPv6
> >
> > Are HE & Google the new L3 & FT?
> >
> > Nah, L3 would never have baked Cogent a cake. :)
> >
> > Shall we start a pool? Only problem is, should the pool be “who will
> disconnect from Cogent next?” or “when will Cogent blink?” I’m voting for
> the former.
> >
> > --
> > TTFN,
> > patrick
> >
> >> On Feb 24, 2016, at 3:08 PM, Baldur Norddahl 
> wrote:
> >>
> >> This is Google saying that Google does not want to pay for traffic to
> >> Cogent. If Cogent wants to exchange any traffic with Google, Cogent is
> >> invited to peer directly with Google. Of course Cogent refuses. And now
> >> Cogent is not only missing the part of IPv6 internet that is Hurricane
> >> Electric single homed but also everything Google.
> >>
> >> Why does Cogent refuse? They used to deliver this traffic on free
> peering
> >> with another tier 1 provider. Now they are asked to deliver the same
> >> traffic for the same price (free) on a direct peering session. They
> won't
> >> because Cogent believes Google should pay for this traffic. That another
> >> Cogent customer already paid for the traffic does not matter. They want
> >> double dipping or nothing. So nothing it is.
> >>
> >> Seems to me that if you are serious about IPv6 you can not use Cogent as
> >> your primary or secondary transit provider. You can use them as your
> third
> >> if you want to.
> >>
> >> Regards,
> >>
> >> Baldur
> >>
> >>
> >>
> >> On 24 February 2016 at 20:46, Matt Hoppes 
> >> wrote:
> >>
> >>> Correct me if I'm wrong, but if Cogent isn't peering with Google IPv6,
> >>> shouldn't the traffic flow out to one of their peer points where
> another
> >>> peer DOES peer with Google IPv6 and get you in?
> >>>
> >>> Isn't that how the Internet is suppose to work?
> >>>
> >>>
> >>> On 2/24/16 2:43 PM, Damien Burke wrote:
> >>>
>  Not sure. I got the same thing today as well.
> 
>  Is this some kind of ipv6 war?
> 
>  -Original Message-
>  From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Ian Clark
>

Looking for GTT contact

2016-02-10 Thread Paras Jha 
Hello,

Can a rep for GTT contact me off-list? I tried twice using their website,
but nobody has gotten back to me for a few days now.

Thanks in advance!