Re: Dyn DDoS this AM?

On Oct 21, 2016, at 12:40 PM, David Hubbard wrote: > > Do we know the attack destinations so we can watch transit traffic destined > for it to help sources that may be unaware? My guess is you should track anything to as33517. -- TTFN, patrick

Re: Dyn DDoS this AM?

Are there sites that can test your BCP38\84 compliance? I'm okay, but interested in what I can share to raise awareness. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com - Original Message - From: "Patrick W.

Re: Dyn DDoS this AM?

Attack has re-started. This is the time, folks. Rally the troops, offer help, watch your flow. STOP THIS NOW. -- TTFN, patrick > On Oct 21, 2016, at 11:48 AM, Patrick W. Gilmore wrote: > > I cannot give additional info other than what’s been on “public media”. > >

Re: Dyn DDoS this AM?

https://www.caida.org/projects/spoofer/ -- TTFN, patrick > On Oct 21, 2016, at 12:01 PM, Mike Hammett wrote: > > Are there sites that can test your BCP38\84 compliance? I'm okay, but > interested in what I can share to raise

Re: Dyn DDoS this AM?

Do we know the attack destinations so we can watch transit traffic destined for it to help sources that may be unaware? David

RE: Dyn DDoS this AM?

Anyone want a quick consulting gig helping us configure BCP38 and BCP84? Configurations is all cisco Edge routers connect to Verizon, Level 3 Fiber Each Edge router talks to two BGP routers. $150/hour, I'm guessing it is only an hour for somebody to explain, and guide us through the

Re: Dyn DDoS this AM?

On 21 Oct 2016, at 23:01, Mike Hammett wrote: > Are there sites that can test your BCP38\84 compliance? --- Roland Dobbins

Re: Dyn DDoS this AM?

On Fri, Oct 21, 2016 at 12:09 PM, Roland Dobbins wrote: > On 21 Oct 2016, at 23:01, Mike Hammett wrote: > > > Are there sites that can test your BCP38\84 compliance? > > Quick note: If anyone has this installed already on OSX, bring

RE: Dyn DDoS this AM?

LA Times: Why sites like Twitter and Spotify were down for East Coast users this morning http://www.latimes.com/business/la-fi-tn-dyn-attack-20161021-snap-story.html -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Chris Grundemann Sent: Friday, October 21

Re: Dyn DDoS this AM?

On 10/21/16 09:05, Matthew Black wrote: LA Times: Why sites like Twitter and Spotify were down for East Coast users this morning http://www.latimes.com/business/la-fi-tn-dyn-attack-20161021-snap-story.html I actually can't resolve twitter.com this morning and I'm west coast. None

Re: Dyn DDoS this AM?

Rofl, Yeah good luck with that... 15+ years later and most of the actors that could fix that, for the planete, still refuses to do anything. Now you can start the usual circular discussion that goes nowhere after 3 days... PS: yeah usual BCP38 rant... but its friday. -

Re: Dyn DDoS this AM?

I cannot give additional info other than what’s been on “public media”. However, I would very much like to say that this is a horrific trend on the Internet. The idea that someone can mention a DDoS then get DDoS’ed Can Not Stand. See Krebs’ on the Democratization of Censorship. See lots of

Dyn DDoS this AM?

Does anyone have any additional details? Seems to be over now, but I'm very curious about the specifics of such a highly impactful attack (and it's timing following NANOG 68)... https://krebsonsecurity.com/2016/10/ddos-on-dyn-impacts-twitter-spotify-reddit/ -- @ChrisGrundemann

RE: Dyn DDoS this AM?

On Fri, 21 Oct 2016, rar wrote: Anyone want a quick consulting gig helping us configure BCP38 and BCP84? Configurations is all cisco Edge routers connect to Verizon, Level 3 Fiber Each Edge router talks to two BGP routers. $150/hour, I'm guessing it is only an hour for somebody to explain,

Re: MPLS in the campus Network?

On 21/Oct/16 16:19, Marian Ďurkovič wrote: > > Much easier to setup, operate & maintain than MPLS and obviously much > lower cost. Based on 6-months production experience, my recommendation > would be to stay away from MPLS in the campus. I'd be curious to hear what MPLS-specific issues you

Re: MPLS in the campus Network?

Our campus started off with L2 vlans spanning through the core, but we migrated to routing in the core and moved our many spanning tree/broadcast domains to the edge of buildings fronted by redundant routing with ecmp to a redundant core utilizing ospf. In a campus network the challenge becomes

Re: MPLS in the campus Network?

In a message written on Fri, Oct 21, 2016 at 12:02:24PM -0500, Javier Solis wrote: > In a campus network the challenge becomes extending subnets across your > core. You may have a college that started in one building with their own > /24, but now have offices and labs in other buildings. They

Weekly Routing Table Report

This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, SAFNOG, SdNOG, BJNOG, CaribNOG and the RIPE Routing WG. Daily listings are sent to

Re: Dyn DDoS this AM?

anyone who relies on a single dns provider is just asking for stuff such as this. randy

Re: Dyn DDoS this AM?

The brutal reality in todays world is that anyone that relies on the Internet is just asking for stuff like this. No service is safe. Andrew Andrew Fried andrew.fr...@gmail.com On 10/21/16 5:58 PM, Randy Bush wrote: > anyone who relies on a single dns provider is just asking for stuff such >

Re: Dyn DDoS this AM?

amen. On Fri, Oct 21, 2016 at 2:58 PM, Randy Bush wrote: > anyone who relies on a single dns provider is just asking for stuff such > as this. > > randy >

Re: Dyn DDoS this AM?

On Fri, Oct 21, 2016 at 6:21 PM, David Birdsong wrote: > > I'd love to hear how others are handling the overhead of managing two dns > providers. Every time we brainstorm on it, we see it as blackhole of eng > effort WRT to keeping them in sync and and then waiting for TTLs to

Re: Dyn DDoS this AM?

anyone who relies on a single dns provider is just asking for stuff such as this. I'd love to hear how others are handling the overhead of managing two dns providers. * ra...@psg.com (Randy Bush) [Sat 22 Oct 2016, 00:28 CEST]: good question. staying in-band, hidden primary comes to mind. but

Re: Dyn DDoS this AM?

Subject: Re: Dyn DDoS this AM? Date: Fri, Oct 21, 2016 at 03:21:20PM -0700 Quoting David Birdsong (da...@imgix.com): > On Fri, Oct 21, 2016 at 2:58 PM, Randy Bush wrote: > > > anyone who relies on a single dns provider is just asking for stuff such > > as this. > > > > randy > >

Re: Dyn DDoS this AM?

I don't have a horse in this race, and haven't used it in anger, but Netflix released denominator to attempt to deal with some of these issues: https://github.com/Netflix/denominator Their goal is to support the highest common denominator of features among the supported providers, Maybe

Re: MPLS in the campus Network?

This is exactly what we are recommending and building for our customers in that space. Most of the time the university network acts as a provider, so to me it only makes sense to use that type of tech. The biggest problem then is support, which could be something they are unwilling or unable

Re: Dyn DDoS this AM?

>> anyone who relies on a single dns provider is just asking for stuff such >> as this. > I'd love to hear how others are handling the overhead of managing two dns > providers. good question. staying in-band, hidden primary comes to mind. but i am sure clever minds can come up with more clever

Re: Dyn DDoS this AM?

Patrick W. Gilmore wrote: > Our biggest problem is people thinking they cannot or do not want to > help. Our biggest problem is that if the Internet community does not handle problems like this, governments and regulators may decide to intervene. If they do this in the wrong way, it will turn

Re: Dyn DDoS this AM?

Subject: Re: Dyn DDoS this AM? Date: Sat, Oct 22, 2016 at 01:19:24AM +0200 Quoting Niels Bakker (niels=na...@bakker.net): > The point of outsourcing DNS isn't just availability of static hostnames, > it's the added services delivered, like returning different answers based on > source of the

Re: MPLS in the campus Network?

> FWIW, if I had to solve the "college across buildings with common > access control" problem I would create MPLS L3 VPN's, one subnet > per building (where it is a VLAN inside of a building), with a > "firewall in the cloud" somewhere to get between VLAN's with all > of the policy in one place. >

Re: Dyn DDoS this AM?

> amen. >> anyone who relies on a single dns provider is just asking for stuff >> such as this. part of the problem is that we think of it as attack surface when, in fact, it usually has more than two dimensions. randy

Re: Dyn DDoS this AM?

On Fri, Oct 21, 2016 at 2:58 PM, Randy Bush wrote: > anyone who relies on a single dns provider is just asking for stuff such > as this. > > randy > I'd love to hear how others are handling the overhead of managing two dns providers. Every time we brainstorm on it, we see it as

Re: Dyn DDoS this AM?

On 10/21/16 3:21 PM, David Birdsong wrote: > On Fri, Oct 21, 2016 at 2:58 PM, Randy Bush wrote: > >> anyone who relies on a single dns provider is just asking for stuff such >> as this. >> >> randy >> > I'd love to hear how others are handling the overhead of managing two dns >

Re: Dyn DDoS this AM?

Ansible would be a decent start. On Oct 21, 2016 5:26 PM, "David Birdsong" wrote: > On Fri, Oct 21, 2016 at 2:58 PM, Randy Bush wrote: > > > anyone who relies on a single dns provider is just asking for stuff such > > as this. > > > > randy > > > > I'd love to

Re: Dyn DDoS this AM?

Just a FYI, That "horrific trend" has been happening since some techie got dissed on an IRC channel over 20 years ago. He used a bunch of hosted putters to ICMP flood the IRC server. Whatever the community is behind, until the carriers decide to wise up this will keep happening,

Re: MPLS in the campus Network?

On Oct 21, 2016, at 4:18 PM, Youssef Ghorbal wrote, in part: > > Until people start complaining they can no more auto discover their > Time Capsule left in the other building whereas their colleagues in > the other building can etc etc. All fancy discover protocols

Re: Dyn DDoS this AM?

+1! Well said, Patrick. B On Friday, October 21, 2016, Patrick W. Gilmore wrote: > I cannot give additional info other than what’s been on “public media”. > > However, I would very much like to say that this is a horrific trend on > the Internet. The idea that someone can

Re: Dyn DDoS this AM?

Given the scale of these attacks, whether having two providers does any good may be a crap shoot. That is, what if the target happens to share the same providers you do? Given the whole asymmetry of resources that make this a problem in the first place, the attackers probably have the resources

Re: Dyn DDoS this AM?

Subject: Re: Dyn DDoS this AM? Date: Sat, Oct 22, 2016 at 01:37:09AM +0200 Quoting Niels Bakker (ni...@bakker.net): > * mansa...@besserwisser.org (Måns Nilsson) [Sat 22 Oct 2016, 01:27 CEST]: > >Also, do not fall in the "short TTL for service agility" trap. > > Several CDNs, Akamai among them,

Re: Dyn DDoS this AM?

Ah, disregard. I see what you're saying now. Yes, I can see how that would be problematic. On Oct 21, 2016 6:40 PM, "Josh Reynolds" wrote: > Ansible would be a decent start. > > On Oct 21, 2016 5:26 PM, "David Birdsong" wrote: > >> On Fri, Oct 21, 2016

Re: Death of the Internet, Film at 11

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/21/2016 5:52 PM, Laszlo Hanyecz wrote: > > On 2016-10-22 00:39, Ronald F. Guilmette wrote: >> P.S. To all of you Ayn Rand devotees out there who still >> vociferously argue that it's nobody else's business how you >> monitor or police your

Re: Dyn DDoS this AM?

On Fri, Oct 21, 2016 at 05:11:34PM -0700, Crist Clark wrote: > > Given the scale of these attacks, whether having two providers does any > good may be a crap shoot. > > That is, what if the target happens to share the same providers you do? > Given the whole asymmetry of resources that make this

Death of the Internet, Film at 11

VICTOR LASZLO: If we stop fighing our enemies, the world will die. RICK BLAINE: Well, what of it? It will be out of its misery. -- From the movie "Casablanca" (1942) Sorry, but some days I just can't help thinking to myself "Oh well, as much fun as

Re: Death of the Internet, Film at 11

On 2016-10-22 00:39, Ronald F. Guilmette wrote: P.S. To all of you Ayn Rand devotees out there who still vociferously argue that it's nobody else's business how you monitor or police your "private" networks, and who still refuse to take even minimalist steps (like BCP 38), congratulations.

Re: Death of the Internet, Film at 11

> On Oct 21, 2016, at 17:39, Ronald F. Guilmette wrote: > P.S. To all of you Ayn Rand devotees out there who still vociferously > argue that it's nobody else's business how you monitor or police your > "private" networks, and who still refuse to take even minimalist

Re: Dyn DDoS this AM?

On 2016-10-21 18:45, david raistrick wrote: > switch too..). setting TTLs that make sense for a design that supports > change is also easy. Cuts both ways. Had Twitter had TTLs of say 7 days, vast majority wouldn't notice an outage of a few hours because their local cache wa still valid. It

Re: Dyn DDoS this AM?

On 21 October 2016 at 18:12, Jean-Francois Mezei wrote: > On 2016-10-21 18:45, david raistrick wrote: > >> switch too..). setting TTLs that make sense for a design that supports >> change is also easy. > > Cuts both ways. Had Twitter had TTLs of say 7 days, vast

Re: Dyn DDoS this AM?

> On Oct 21, 2016, at 6:35 PM, Eitan Adler wrote: > > [...] > > In practice TTLs tend to be ignored on the public internet. In past > research I've been involved with browser[0] behavior was effectively > random despite the TTL set. > > [0] more specifically, the

Re: Death of the Internet, Film at 11

> What does BCP38 have to do with this? nothing technical, as these iot attacks are not spoofed. think of it as a religion.

Re: Dyn DDoS this AM?

Feel free to feed me with attack sources. Once those companies notice their precious mail does not arrive at clients. They will attempt to fix things. Sad but true. Kind regards, Alexander Maassen - Technical Maintenance Engineer Parkstad Support BV- Maintainer DroneBL- Peplink Certified

Re: Death of the Internet, Film at 11

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/21/2016 8:08 PM, Randy Bush wrote: >> What does BCP38 have to do with this? > > nothing technical, as these iot attacks are not spoofed. > > think of it as a religion. > I'm going to save this e-mail forever! Cheers, - - ferg - --

Re: Death of the Internet, Film at 11

>>> What does BCP38 have to do with this? >> nothing technical, as these iot attacks are not spoofed. >> think of it as a religion. > I'm going to save this e-mail forever! no extra charge we deploy it more than most. we talk about it less than most. and every time something untoward happens

Re: Death of the Internet, Film at 11

Block one type of attack enough times and you've accomplished something. Because script kiddies are taking advantage of published exploits doesn't mean we stop setting passwords on things. You have to protect from them all. No, no collateral damage. We discussed this a couple weeks ago and

Re: Dyn DDoS this AM?

On Fri, Oct 21, 2016 at 11:45 AM, Patrick W. Gilmore wrote: > My guess is you should track anything to as33517. And AS15135?

Re: Dyn DDoS this AM?

As a Twitter network engineer (and the guy Patrick let camp out in your hotel room all day) - thank you for this. Whoever was behind this just poked a hornet’s nest. “Govern yourselves accordingly”. -C (Obviously speaking for myself, not my employer…) > On Oct 21, 2016, at 10:48 AM,

Re: Death of the Internet, Film at 11

Laszlo Hanyecz wrote: >What does BCP38 have to do with this? Your're right. That's not specifically related to *this* attack. Nobody needs to spoof anything when you've got a zillion fire hoses just lying around where any 13 year old can command them from the TRS 80 in his mom's basement.

Re: MPLS in the campus Network?

> Compared to MPLS, a L2 solution with 100 Gb/s interfaces between > core switches and a 10G connection for each buildings looks so much > cheaper. But we worry about future trouble using Trill, SPB, or other > technologies, not only the "open" ones, but specifically the proprietary > ones based