On Tue, Dec 10, 2019 at 8:51 AM Bottiger wrote:
> I sent an email to noc at gtt.net from 2 different emails and both got a
> reply saying:
>
> 5.1.0 - Unknown address error 550-'5.4.1 Recipient address rejected:
> Access denied [HE1EUR01FT058.eop-EUR01.prod.protection.outlook.com]'
>
> Not sure
BCP38
After all this time and knowledge why people still think ip> are legit evidence in DDoS instances...
-
Alain Hebertaheb...@pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911
The term " Software Defined Networks " is open to interpretation. But
chapter 1 & 2 of bellow course give a concise idea about general concept
around Software Defined Networks.
https://courses.edx.org/courses/course-v1:LinuxFoundationX+LFS165x+2T2018/course/
Regards
Asif
On Wed, Dec 4,
Hi all.
Just to let this group know that we've started the process of activating
the dropping of Invalids for all our eBGP customers.
We're starting off with our Juniper edge routers. Once those are done,
we'll move on to our Cisco ASR1006 routers, finishing off with our Cisco
ASR920 routers.
I sent an email to noc at gtt.net from 2 different emails and both got a
reply saying:
5.1.0 - Unknown address error 550-'5.4.1 Recipient address rejected: Access
denied [HE1EUR01FT058.eop-EUR01.prod.protection.outlook.com]'
Not sure if this means if they are blocking my email or if their email
Normally these attacks are spoofed IPs, usually amplification attacks based on
UDP using DNS/LDAP etc. This is something that is common and usually is towards
schools, financial institutions. This an easy attack to orchestrate by anyone,
most of these attacks can be launch via stresser
Dear Arturo, group,
On Tue, Dec 10, 2019 at 20:51 Arturo Servin wrote:
>
> Invalid according to RPKI or IRR? Or both?
>
In this context the use of the word “invalid” refers to the result of
validation procedure described in RFC 6811 - which is to match received BGP
updates to the RPKI and
Peace,
On Mon, Dec 9, 2019 at 11:35 PM Florian Brandstetter via NANOG
wrote:
> if that was to be amplification, the source addresses
> would not be within Google or CloudFlare ranges
> (especially not CloudFlare, as they are not running
> a vulnerable recursor
Well, vulnerable — arguably of
On Tue, Dec 10, 2019 at 7:32 PM Rubens Kuhl wrote:
>
>
>>
>> RPKI ROAs (compared to IRR objects) carry different meaning: the existence
>> of a ROA (both by definition and common implementation) supersedes other
>> data sources (IRR, LOAs, or comments in whois records, etc), and as such can
>>
You can get the bogon prefixes from Cymru and defend your network using them in
combination with rpf
The key with the attacks dos or ddos is to have proper telemetry (streaming
telemetry not polling telemetry)
and baselines without this information you run the danger of blocking good
traffic.
Is that unique to the FiOS gateway device? I don't use their router and my
traces go right out.
On Tue, Dec 10, 2019 at 3:08 PM Joe Maimon wrote:
> Apparently Verizon FIOS is a red herring, terminating ICMP traceroutes
> right on their gateways.
>
> More internet breakage. Thanks for the
Rarely will sourced ips be the same every time a victim gets DDOS'd. Good
telemetry is key but every time the attack happens it needs to be looked at. I
find bogon prefixes are not as used much, especially amplification attacks.
Gathering good intel and blocking bogons will help, but there
mtr -u 4.2.2.2 --report-wide
Start: 2019-12-10T21:26:20-0500
HOST: fedora-lenovo Loss% Snt Last Avg Best
Wrst StDev
1.|-- _gateway 0.0%101.3 1.4 1.1
2.3 0.3
2.|-- ??? 100.0100.0
>
> RPKI ROAs (compared to IRR objects) carry different meaning: the existence
> of a ROA (both by definition and common implementation) supersedes other
> data sources (IRR, LOAs, or comments in whois records, etc), and as such
> can be used on any type of EBGP session for validation of the
On 12/10/19, Christopher Morrow wrote:
> On Tue, Dec 10, 2019 at 5:36 PM Nimrod Levy wrote:
>>
>> Is that unique to the FiOS gateway device? I don't use their router and my
>> traces go right out.
>>
>
> I also don't use their device and:
> $ traceroute 205.132.109.90
> traceroute to
On Tue, Dec 10, 2019 at 11:44 PM Lee wrote:
> It's protocol specific. Windows tracert uses icmp instead of udp.
> On a linux box try
> ping -t 2 205.132.109.90
>
> You should get a time to live exceeded but the Verizon router gives
> you an echo reply instead.
that's hilariously bad :( I
On Tue, Dec 10, 2019 at 5:36 PM Nimrod Levy wrote:
>
> Is that unique to the FiOS gateway device? I don't use their router and my
> traces go right out.
>
I also don't use their device and:
$ traceroute 205.132.109.90
traceroute to 205.132.109.90 (205.132.109.90), 30 hops max, 60 byte packets
I’d like to assist here.
Do you have access to Ethervision. The customer portal is the most efficient
way to initiate and track NOC tickets.
OR Try calling: USA Toll Free: +1 877-385-5252, +1 800-583-1388.
If you still have trouble, please reach me directly and I’ll get you to the
right
i...@gtt.net
On Tue, Dec 10, 2019 at 7:52 AM Bottiger wrote:
> I sent an email to noc at gtt.net from 2 different emails and both got a
> reply saying:
>
> 5.1.0 - Unknown address error 550-'5.4.1 Recipient address rejected:
> Access denied [HE1EUR01FT058.eop-EUR01.prod.protection.outlook.com]'
is anyone aware of any conference other than nanog which does
Online Reservations: (Open exclusively to NANOG Members only from
December 2 - December 16)
randy
Online reservations? Yes
Exclusively only reservations? Yes
Restricted to a 2 week window? No - I'd guess this was to keep it from
being so open ended and increase the cost of running the show.
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
Which hotel was that? I might want to go, just to take advantage of the
discount... ^_^
Matt
On Tue, Dec 10, 2019, 09:36 Randy Bush wrote:
> is anyone aware of any conference other than nanog which does
>
> Online Reservations: (Open exclusively to NANOG Members only from
>
I am looking for a contact in the network group (may be called National
Escalation team or NatEsc team internally) within AT/DirecTV pertaining to
the NFL Sunday Ticket online streaming service. I have been attempting to work
through their normal support process for quite some time, they are
Years ago, we looked at netflow data and precursors to attacks, and found that
UDP 3074 Xbox Live was showing up just prior to the attacks...and through other
research we concluded that gamers are a big cause of large ddos attacks
apparently they go after each other in retaliation
I've
mark,
> Just to let this group know that we've started the process of
> activating the dropping of Invalids for all our eBGP customers.
cool. any stats and lessons appreciated.
randy
On Tue, 10 Dec 2019 at 19:08, Aaron Gould wrote:
> - policers of well-known *good* ports/protocols (like ntp, dns, etc) to some
> realistic level
You might want to downpref these to a scavanger class, instead of
police. Since ultimately policing makes it just easier to ddos the
service, which
I had this issue while looking at Ripe Atlas measurements.
Turns out these Verizon boxes spoof ICMP with TTL = 3 (or 2, I don't
recall). Try doing a UDP or TCP based traceroute instead.
Maybe you're seeing the same problem.
Kind Regards,
Filip
On 12/10/19 8:47 PM, Joe Maimon wrote:
Anyone
This is not from a verizon CPE. Its happening on their CO internet
gateway customer facing routers.
tcptraceroute looks more legit
Joe
Nimrod Levy wrote:
Is that unique to the FiOS gateway device? I don't use their router
and my traces go right out.
On Tue, Dec 10, 2019 at 3:08 PM Joe
Anyone have an idea why there are some destinations that on residential
verizon fios here in NY area terminate right on first external hop?
There seems to be a CDN common denominator here. On other networks with
more typical BGP paths and traceroutes, users are reporting issues
accessing
Mark
Invalid according to RPKI or IRR? Or both?
Regards
as
On Tue, 10 Dec 2019, 18:22 Randy Bush, wrote:
> mark,
>
> > Just to let this group know that we've started the process of
> > activating the dropping of Invalids for all our eBGP customers.
>
> cool. any stats and lessons
Apparently Verizon FIOS is a red herring, terminating ICMP traceroutes
right on their gateways.
More internet breakage. Thanks for the information to all who responded.
Random control test.
C:\Users\Home>tracert -d 1.4.5.6
Tracing route to 1.4.5.6 over a maximum of 30 hops
115 ms
wasn't vz pursuing some 'get the a cdn in the central office' for a
time? :) perhaps this is the manifestation of that? :)
or perhaps jared arranged to get links back from each CO to his
network gear in akamai-land?
I love conspiracies!
On Tue, Dec 10, 2019 at 2:48 PM Joe Maimon wrote:
>
>
32 matches
Mail list logo