Re: US Warships jamming Lebanon Internet

Hi I'm sysadmin of Lebanese ISP. Almost at same time i got heavy interference on few of my C-Band carriers, and it looks like electronic warfare jamming, because i can see phase modulated, very weak signal, but it is completely breaking almost any communications on my carriers. Strange

Re: US Warships jamming Lebanon Internet

On Tuesday 08 February 2011 01:42:42 George Herbert wrote: On Mon, Feb 7, 2011 at 2:23 PM, Ryan Wilkins r...@deadfrog.net wrote: On Feb 7, 2011, at 4:06 PM, Michael Painter wrote: Hi Denys I doubt it's intentional jamming since I've had the same problem. Aegis radar is very high power in

Re: US Warships jamming Lebanon Internet

On Tuesday 08 February 2011 14:18:59 Adrian Chadd wrote: On Tue, Feb 08, 2011, Denys Fedoryshchenko wrote: I try to install C-Band bandpass filter, no effect at all, so it is in-band interference. Putting foil (yes i try almost everything) near LNB doesn't affect interference level

Re: US Warships jamming Lebanon Internet

On Tuesday 08 February 2011 14:34:58 TR Shaw wrote: On Feb 8, 2011, at 6:59 AM, Denys Fedoryshchenko wrote: On Tuesday 08 February 2011 01:42:42 George Herbert wrote: On Mon, Feb 7, 2011 at 2:23 PM, Ryan Wilkins r...@deadfrog.net wrote: On Feb 7, 2011, at 4:06 PM, Michael Painter wrote

Re: US Warships jamming Lebanon Internet

On Tuesday 08 February 2011 14:41:29 Adrian Chadd wrote: On Tue, Feb 08, 2011, Denys Fedoryshchenko wrote: On Tuesday 08 February 2011 14:18:59 Adrian Chadd wrote: On Tue, Feb 08, 2011, Denys Fedoryshchenko wrote: I try to install C-Band bandpass filter, no effect at all, so

Re: US Warships jamming Lebanon Internet

On Tuesday 08 February 2011 15:46:31 TR Shaw wrote: On Feb 8, 2011, at 7:34 AM, Denys Fedoryshchenko wrote: On Tuesday 08 February 2011 14:41:29 Adrian Chadd wrote: On Tue, Feb 08, 2011, Denys Fedoryshchenko wrote: On Tuesday 08 February 2011 14:18:59 Adrian Chadd wrote: On Tue, Feb 08

Re: 30% packet loss between cox.net and hetzner.de, possibly at tinet.net

.|-- hos-bb2.juniper2.rz13.hetzner.de 6060 0.0% 6.1 7.7 10.4 74.9 14.8 8.|-- static.33.203.4.46.clients.your-server.de6060 0.0% 6.5 7.7 7.8 13.1 1.4 --- Denys Fedoryshchenko, Network Engineer, Virtual ISP S.A.L.

Re: 30% packet loss between cox.net and hetzner.de, possibly at tinet.net

. Indeed, i noticed that transfers from EC2 are terrible last days to Hetzner. Maybe worth to open topic at www.webhostingtalk.com ? Best regards, Constantine. --- Denys Fedoryshchenko, Network Engineer, Virtual ISP S.A.L.

DNS 8.8.8.8 was down

216.239.46.117 (216.239.46.117) 64.171 ms * * 15 google-public-dns-a.google.com (8.8.8.8) 63.749 ms 63.729 ms 63.680 ms --- System administrator Denys Fedoryshchenko Virtual ISP S.A.L.

Re: antisocial security

: Lebanon, Greece, Saudi Arabia, Netherlands, Germany - all is fine --- System administrator Denys Fedoryshchenko Virtual ISP S.A.L.

RE: VPN over satellite

additionally if that hardware would also support WAN bonding even better because I also have a scenario to connect 2 times 2 satellites to have more capacity for my L3 VPN Regards, Rens --- Network engineer Denys Fedoryshchenko Dora Highway - Center Cebaco - 2nd Floor Beirut, Lebanon

Re: Constant low-level attack

into a firewall reject table? I have done that and do see a certain amount of repeat hits. -=[L]=- You can use fail2ban to block bruteforcing hosts automatically and even report to your mail their whois info http://www.fail2ban.org/ --- Denys Fedoryshchenko, Network Engineer, Virtual ISP S.A.L.

Re: VPN over slow Internet connections

On Thu, 21 Apr 2011 17:55:32 +0100, Ben Whorwood wrote: IMHO it is not good idea to go to OpenVPN/IPSec/etc level at all (IP layer at least, and in case of Windows it is also ethernet headers). First of all OpenVPN for Windows/different OS sometimes become a headache and need admin privileges.

Re: Comcast Bussiness Class and GRE Tunnels

. At least it doesn't have fragmentation issues, as IPIP/GRE/PPTP has, and also it will run smoothly over NAT/SPI. Cons, that it is a bit more laggy, because it runs over TCP. --- System administrator Denys Fedoryshchenko Virtual ISP S.A.L.

Re: Comcast Bussiness Class and GRE Tunnels

On Wed, 27 Jul 2011 19:23:33 +1000, Matthew Palmer wrote: On Wed, Jul 27, 2011 at 12:17:16PM +0300, Denys Fedoryshchenko wrote: I can recommend you to try to use openvpn, if you are Mikrotik only. At least it doesn't have fragmentation issues, as IPIP/GRE/PPTP has, and also it will run smoothly

Re: Comcast Bussiness Class and GRE Tunnels

, that can cause packetloss, sessions stalling, improper UDP NAT handling, lack of proper interoperability. Maybe discussed issue lays not in comcast, but in some Mikrotik bug. --- System administrator Denys Fedoryshchenko Virtual ISP S.A.L.

Re: Comcast Bussiness Class and GRE Tunnels

FPGA to run NOR flash over SPI. Note: DD-WRT on RT305x suck. Their wireless support are incomplete, and no NAT offload. --- System administrator Denys Fedoryshchenko Virtual ISP S.A.L.

Re: VRF/MPLS on Linux

your needs. - Jared I guess VRF more close to Linux containers. --- System administrator Denys Fedoryshchenko Virtual ISP S.A.L.

Re: DDOS, IDS, RTBH, and Rate limiting

On 2014-11-20 23:59, Roland Dobbins wrote: On 21 Nov 2014, at 4:36, Pavel Odintsov wrote: I tried to use netflow many years ago but it's not accurate enough and not so fast enough and produce big overhead on middle class network routers. These statements are not supported by the facts.

Re: DDOS, IDS, RTBH, and Rate limiting

On 2014-11-21 03:12, Roland Dobbins wrote: On 21 Nov 2014, at 6:22, Denys Fedoryshchenko wrote: Netflow is stateful stuff, This is factually incorrect; NetFlow flows are unidirectional in nature, and in any event have no effect on processing of data-plane traffic. Word stateful has nothing

Re: DDOS, IDS, RTBH, and Rate limiting

On 2014-11-21 06:45, freed...@freedman.net wrote: Netflow is stateful stuff, and just to run it on wirespeed, on hardware, you need to utilise significant part of TCAM, Cisco ASRs and MXs with inline jflow can do hundreds of K flows/second without affecting packet forwarding. Yes, i

Re: DDOS, IDS, RTBH, and Rate limiting

On 2014-11-21 14:50, Roland Dobbins wrote: On 21 Nov 2014, at 15:17, Denys Fedoryshchenko wrote: Word stateful has nothing common with stateful firewall.Stateful protocol. a protocol which requires keeping of the internal state on the server is known as a stateful protocol. Correct

Re: DDOS, IDS, RTBH, and Rate limiting

On 2014-11-21 18:41, Peter Phaal wrote: Actually, sFlow from many vendors is pretty good (per your points about flow burstiness and delays), and is good enough for dDoS detection. Not for security forensics, or billing at 99.99% accuracy, but good enough for traffic visibility, peering

Re: DDOS, IDS, RTBH, and Rate limiting

collector.. -- Tim On Fri, Nov 21, 2014 at 9:06 AM, Denys Fedoryshchenko de...@visp.net.lb wrote: On 2014-11-21 18:41, Peter Phaal wrote: Actually, sFlow from many vendors is pretty good (per your points about flow burstiness and delays), and is good enough for dDoS detection. Not for security

Re: DDOS, IDS, RTBH, and Rate limiting

On 2014-11-22 18:00, freed...@freedman.net wrote: Cisco ASRs and MXs with inline jflow can do hundreds of K flows/second without affecting packet forwarding. Yes, i agree,those are good for netflow, but when they already exist in network. Does it worth to buy ASR, if L3 switch already

Re: OT - Small DNS appliances for remote offices.

On 2015-02-19 18:26, valdis.kletni...@vt.edu wrote: On Thu, 19 Feb 2015 14:52:42 +, David Reader said: I'm using several to connect sensors, actuators, and such to a private network, which it's great for - but I'd think at least twice before deploying one as a public-serving host in

Re: OT - Small DNS appliances for remote offices.

Beaglebone has gigabit mac, but due some errata it is not used in gigabit mode, it is 100M (which is maybe enough for small office). But it is hardware mac. Another hardware MAC on inexpensive board it is Odroid-C1. But stability of all this boards in heavy networking use is under question, i

Re: OT - Small DNS appliances for remote offices.

On 2015-02-19 15:13, Rob Seastrom wrote: Denys Fedoryshchenko de...@visp.net.lb writes: Beaglebone has gigabit mac, but due some errata it is not used in gigabit mode, it is 100M (which is maybe enough for small office). But it is hardware mac. The Beaglebone Black rev C BOM calls out

Re: Arista unqualified SFP

Same here, i was considering Arista, because they are quite cost effective,feature rich, interesting hardware for developing some custom solutions. But no more, after reading about unreasonable vendor lock-in. But such inflexibility are very bad sign, this "openness" looks like marketing only,

Re: Arista unqualified SFP

Not a case with Intel X*710 new chipset, check is in firmware. Someone hacked it, but ... On 2016-08-18 15:41, Mike Hammett wrote: Intel does allow DAC of any vendor (assuming they properly identify as DACs. You can also disable Intel's check in the Linux drivers. - Mike Hammett

Re: Arista unqualified SFP

message/28698959/ That or similar doesn't work for that model? - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message ----- From: "Denys Fedoryshchenko" <de...@visp.net.lb> To: "Mike Hammett" <na..

Re: Recent NTP pool traffic increase (update)

of the the problem. If possible, would you please tell me the model numbers of Tenda and TP-Link?? -- Sho FUJIMURA Information Technology Center, Fukuoka University. 8-19-1, Nanakuma, Jyonan-ku, Fukuoka, 8140180, Japan fujim...@fukuoka-u.ac.jp 2016-12-20 5:33 GMT+09:00 Denys Fedoryshchenko <

Re: Recent NTP pool traffic increase (update)

amp: 3691177073.0 (2016/12/19 22:57:53) Originator - Receive Timestamp: 0.0 Originator - Transmit Timestamp: 3691177073.0 (2016/12/19 22:57:53) On 2016-12-19 21:40, Roland Dobbins wrote: On 20 Dec 2016, at 2:22, Denys Fedoryshchenko wrote: If it is

Re: Recent NTP pool traffic increase

I noticed now many customers using tp-links reported issues with internet connection. Analyzing internet traffic, i noticed that tp-link seems excessively requesting ntp from those ip addresses, and not trying others: > 192.5.41.40.123: NTPv3, Client, length 48 > 192.5.41.41.123: NTPv3,

Re: Recent NTP pool traffic increase (update)

Many sorry! Update, seems illiterate in english (worse than me, hehe) customer was not precise about model of router, while he reported issue. I noticed now many customers using specific models of routers reported issues with internet connection. Analyzing internet traffic, i noticed that this

Re: difference with caching when connected to telia internet

On 2017-03-17 18:04, Aaron Gould wrote: Thanks, but James, you would not believe how rapidly the traffic to my local caches drop off, *and* on the same day I brought up my new Telia internet connection. ...and furthermore, my internet inbound traffic went *through the roof* -Aaron Most

Re: PCIe adapters supporting long distance 10GB fiber?

hat's just guessing, i never seen circuit diagrams of good switches, or at least reference design, as it is all NDA material. Den 20. jun. 2017 22.24 skrev "Denys Fedoryshchenko" <de...@visp.net.lb>: On 2017-06-20 22:07, Baldur Norddahl wrote: I would expect anything mounted

Re: PCIe adapters supporting long distance 10GB fiber?

pect it might work, but noone knows how long, and how reliable, if it is not cooled very well. And 82599 sensitive to cooling(it is very old card after all), as soon as it is not enough, it starts to glitch. Den 20. jun. 2017 18.09 skrev "Denys Fedoryshchenko" <de...@visp.n

Re: PCIe adapters supporting long distance 10GB fiber?

I guess it depends on NIC, there is many spinoffs of Intel X520 with much weaker power supply circuitry. It might work with good NIC, but you can't rely on it on long term, IMHO. Even 40km Finisar SFP+ has Pdiss 1.5W. Also they mention: "The typical power consumption of the FTLX1672D3BTL may

Re: PCIe adapters supporting long distance 10GB fiber?

On 2017-06-20 18:59, Hunter Fuller wrote: On Tue, Jun 20, 2017 at 10:29 AM Chris Adams wrote: For Linux at least, the standard driver includes a load-time option to disable vendor check. Just add "options ixgbe allow_unsupported_sfp=1" to your module config and it works

Re: Russian diplomats lingering near fiber optic cables

On 2017-06-02 05:42, Ben McGinnes wrote: On Thu, Jun 01, 2017 at 07:15:12PM -0700, Joe Hamelin wrote: The Seattle Russian Embassy is in the Westin Building just 4 floors above the fiber meet-me-room and five floors above the NRO tap room. They use to come ask us (an ISP) for IT help back in

Re: Russian diplomats lingering near fiber optic cables

On 2017-06-02 12:19, Ben McGinnes wrote: On Fri, Jun 02, 2017 at 10:28:38AM +0300, Denys Fedoryshchenko wrote: American diplomats are doing also all sort of nasty stuff in Russia(and not only), Yes they have and for a very long time. but that's a concern of the equivalent of FBI/NSA/etc

Broadcom chipset limitations Was: Switch/Router

What are those limitations? I started to be afraid from those, because just hit recently nasty hash collision issue with EX4550, with declared 32k mac's it badly choked on 28k macs, and even magic "mac-lookup-length" didn't helped. I'm considering EX4600, but afraid from it and that possibly

Bandwidth distribution per ip

National operator here ask customers to distribute bandwidth between all ip's equally, e.g. if i have /22, and i have in it CDN from one of the big content providers, this CDN use only 3 ips for ingress bandwidth, so bandwidth distribution is not equal between ips and i am not able to use all

Re: Bandwidth distribution per ip

On 2017-12-20 17:52, Saku Ytti wrote: On 20 December 2017 at 16:55, Denys Fedoryshchenko <de...@visp.net.lb> wrote: And for me, it sounds like faulty aggregation + shaping setup, for example, i heard once if i do policing on some models of Cisco switch, on an aggregated interface, if

Re: Bandwidth distribution per ip

On 2017-12-20 19:16, Blake Hudson wrote: Denys Fedoryshchenko wrote on 12/20/2017 8:55 AM: National operator here ask customers to distribute bandwidth between all ip's equally, e.g. if i have /22, and i have in it CDN from one of the big content providers, this CDN use only 3 ips for ingress

Re: Bandwidth distribution per ip

On 2017-12-20 19:12, Saku Ytti wrote: On 20 December 2017 at 19:04, Denys Fedoryshchenko <de...@visp.net.lb> wrote: As person who is in love with embedded systems development, i just watched today beautiful 10s of meters long 199x machine, where multi kW VFDs manage huge motors(not st

Re: Bandwidth distribution per ip

<> Are you claiming that your bandwidth is being equally divided 1024 ways (you mentioned a /22) or just that each host (IP) is not receiving the full bandwidth? What is the bandwidth ordered and what is the bandwidth you're seeing per host(IP)? Some facts from today. Ordered capacity 3.3Gbit

Re: Spectre/Meltdown impact on network devices

AFAIK, Meltdown/Spectre require access to some proper programming language and ability to run attacker own code. If underprivileged user can't spawn shell on device or run some python code - i guess you are safe. I guess people need to push support of vendors, for equipment who has

Re: Blockchain and Networking

Each offsite copy of git repository will give alert then, as all hashes in chain changed at some moment. Same principle as blockchain. On 2018-01-08 09:54, tglas...@earthlink.net wrote: Uh since MITM Bill perk of custody is key. //tsg Sent from my HTC - Reply message - From: "

Re: Blockchain and Networking

On 2018-01-08 08:59, Peter Kristolaitis wrote: On 2018-01-08 12:52 AM, William Herrin wrote: I'm having trouble envisioning a scenario where blockchain does that any better than plain old PKI. Blockchain is great at proving chain of custody, but when do you need to do that in computer

Re: Linux BNG

On 2018-07-14 15:13, Baldur Norddahl wrote: Hello I am investigating Linux as a BNG. The BNG (Broadband Network Gateway) being the thing that acts as default gateway for our customers. The setup is one VLAN per customer. Because 4095 VLANs is not enough, we have QinQ with double VLAN tagging

Re: Linux BNG

On 2018-07-15 19:00, Raymond Burkholder wrote: On 07/15/2018 09:03 AM, Denys Fedoryshchenko wrote: On 2018-07-14 22:05, Baldur Norddahl wrote: I have considered OpenFlow and might do that. We have OpenFlow capable switches and I may be able to offload the work to the switch hardware. But I

Re: Linux BNG

On 2018-07-14 22:05, Baldur Norddahl wrote: I have considered OpenFlow and might do that. We have OpenFlow capable switches and I may be able to offload the work to the switch hardware. But I also consider this solution harder to get right than the idea of using Linux with tap devices. Also it

Re: Linux BNG

On 2018-07-15 06:09, Jérôme Nicolle wrote: Hi Baldur, Le 14/07/2018 à 14:13, Baldur Norddahl a écrit : I am investigating Linux as a BNG As we say in France, it's like your trying to buttfuck flies (a local saying standing for "reinventing the wheel for no practical reason"). You can say

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

I want to add one software vendor, who is major contributor to ddos attacks. Mikrotik till now shipping their quite popular routers, with wide open DNS recursor, that don't have even mechanism for ACL in it. Significant part of DNS amplification attacks are such Mikrotik recursors. They don't

Re: bloomberg on supermicro: sky is falling

On 2018-10-04 23:37, Naslund, Steve wrote: I was wondering about where this chip tapped into all of the data and timing lines it would need to have access to. It would seem that being really small creates even more problems making those connections. I am a little doubtful about the article.

Re: bloomberg on supermicro: sky is falling

On 2018-10-04 21:52, Scott Weeks wrote: --- matlock...@gmail.com wrote: From: Ken Matlock Would be remiss in our duties if we didn't also link AWS' blog, in response to the Bloomberg article. -- Every company and the Chinese gov't is saying

Re: OpenDNS CGNAT Issues

On 2018-09-12 19:40, Lee Howard wrote: On 09/11/2018 09:31 AM, Matt Hoppes wrote: So don't CGNat?  Buy IPv4 addresses at auction? Buy IPv4 addresses until CGN is cheaper. If a customer has to call, and you have to assign an IPv4 address, you have to recover the cost of that call and

Re: QFX5k question

On 2019-03-24 00:32, Thomas Bellman wrote: They do have limited feature set, though. E.g, they only look at the first 64 octets of each packet (and that includes L2 and L2.5 headers) when deciding what to do with a packet, and can't chase the IPv6 header chain; thus, if there is an extension

Facebook dropping MSS on congestion

Good day, I am writing here, as in technical support ticket I will most likely end up to the outsourcing guys, who will try to write some formal reply and close the ticket quickly to keep KPI high:) I have a faint hope that someone will read and listen. It may also be useful to colleagues. I

Re: Webzilla

On 2019-03-18 23:24, Ronald F. Guilmette wrote: In message , Eric Kuhnke wrote: Looking at the AS adjacencies for Webzilla, what would prevent them from disconnecting all of their US/Western Euro based peers and transits, and remaining online behind a mixed selection of the largest Russian

Re: BGP prefix filter list / BGP hijacks, different type

I wanted to mention one additional important point in all these monitoring discussion. Right now, for one of my subnets Google services stopped working. Why? Because it seems like someone from Russia did BGP hijack, BUT, exclusively for google services (most likely some kind of peering). Quite

Re: Free Program to take netflow

Fastnetmon have that: https://fastnetmon.com/fastnetmon-advanced-traffic-persistency/ I used it for such purposes. On 2019-05-17 17:26, Dennis Burgess via NANOG wrote: I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are. Something that

Re: Cost effective time servers

On 2019-06-21 14:19, Niels Bakker wrote: * j...@west.net (Jay Hennigan) [Fri 21 Jun 2019, 05:19 CEST]: On 6/20/19 07:39, David Bass wrote: What are folks using these days for smaller organizations, that need to dole out time from an internal source? If you want to go really cheap and don't

Re: Reflection DDoS last week

Hi, Same happened in Lebanon(country). Similar pattern: carpet bombing for multiple prefixes of specific ASN. I suspect it is a new trend in DDoS-for-hire, and ISP who did not install data scrubbing appliances will feel severe pain from such attacks, since they use SYN + ACK from legit

Re: Reflection DDoS last week

On 2019-08-28 02:23, Damian Menscher via NANOG wrote: On Wed, Aug 21, 2019 at 3:21 PM Töma Gavrichenkov wrote: On Thu, Aug 22, 2019 at 12:17 AM Damian Menscher wrote: Some additional questions, if you're able to answer them (off-list is fine if there are things that can't be shared

Re: Mx204 alternative

On 2019-09-02 17:16, Saku Ytti wrote: On Mon, 2 Sep 2019 at 16:26, Denys Fedoryshchenko wrote: or some QFX, for example, Broadcom Tomahawk 32x100G switches only do line-rate with >= 250B packets according to datasheets. Only is peculiar term here. 100Gbps is 148Mpps, give or take 100

Re: Mx204 alternative

On 2019-09-02 15:52, Baldur Norddahl wrote: Maturity is such a subjective word. But yes there are plenty of options for routing protocols on a Linux. Every internet exchange is running BGP on Linux for the route server after all. I am not recommending a server over MX204. I think MX204 is

Re: really amazon?

On 2019-07-31 23:13, Scott Christopher wrote: Valdis Klētnieks wrote: On Wed, 31 Jul 2019 16:36:08 -, Richard Williams via NANOG said: > To contact AWS SES about spam or abuse the correct email address is ab...@amazonaws.com You know that, and I know that, but why doesn't the person at

Re: Colo in Africa

Africa, Russia... You can take as example Lebanon. Capital and major city in tiny country, ~40km away from each other, and only way you can get 2 points connected over microwaves(due mountains - several hops), over "licensed" providers, DSP, who hook this points for $10-$30/mbps/month. And

Re: SFP oraganizers / storage recommendations

On 2019-10-30 15:35, Matthew Huff wrote: Any recommendations to keep track of different SFP and keep them organized? Any storage boxes / trays designed for SFPs? 3D printed some, but i have small amounts. Like this one: https://www.thingiverse.com/thing:2855165 There is many more designs, for

Re: Recommended DDoS mitigation appliance?

On 2019-11-18 04:23, Richard wrote: I would say you are making some assumptions that are not fact based. The OP is very knowledgeable and would not mince words or waste bandwidth. Let us see what he has to say in regards to your remarks. He will be able to make this more clear once he has read

Re: akamai yesterday - what in the world was that

It would be really nice if the major CDNs had virtual machines small network operators with very expensive regional transport costs could spin up. Hit rate would be very low, of course, but the ability to grab some of these mass-market huge updates and serve them on the other end of the regional

Re: TCP-AMP DDoS Attack - Fake abuse reports problem

Good luck responding to such SYN/ACK, when you get 10+Gbps of them (real case happened while ago with colleague). Sure those SYN/ACK are not from single location, and attackers might use whole /24 for SYN spoofing. On 2020-02-21 03:34, Amir Herzberg wrote: If I read your description

Re: Constant Abuse Reports / Borderline Spamming from RiskIQ

On 2020-04-13 17:25, Kushal R. wrote: From the past few months we have been receiving a constant stream of abuse reports from a company that calls themselves RiskIQ (RiskIQ.com). The problem isn’t the abuse reports themselves but the way they send them. We receive copies of the report, on our

Re: "Is BGP safe yet?" test

On 2020-04-20 19:24, Tom Beecher wrote: Technical people need to make the business case to management for RKPI by laying out what it would cost to implement (equipment, resources, ongoing opex), and what the savings are to the company from protecting themselves against hijacks. By taking this

Re: "Is BGP safe yet?" test

On 2020-04-20 22:01, Rubens Kuhl wrote: On Mon, Apr 20, 2020 at 3:37 PM Denys Fedoryshchenko wrote: There is simple use case that will prove this page is giving false positive for their "name" strategy. Any AS owner with default route only (yes it happens a lot) users will get:

Re: "Is BGP safe yet?" test

There is simple use case that will prove this page is giving false positive for their "name" strategy. Any AS owner with default route only (yes it happens a lot) users will get: "YOUR ISP TERRIBLE, HIS BGP NOT SAFE!". But he have nothing to validate! His BGP is implemented safely, its just

Re: FlowSpec

On 2020-04-23 18:13, Colton Conor wrote: Do any of the large transit providers support FlowSpec to transit customers / other carriers, or is that not a thing since they want to sell DDoS protection services? FlowSpec sounds much better than RTBH (remotely triggered blackhole), but I am not sure

Re: FlowSpec

On 2020-04-23 18:13, Colton Conor wrote: Do any of the large transit providers support FlowSpec to transit customers / other carriers, or is that not a thing since they want to sell DDoS protection services? FlowSpec sounds much better than RTBH (remotely triggered blackhole), but I am not sure

Re: FlowSpec

On 2020-04-23 19:12, Roland Dobbins wrote: On 23 Apr 2020, at 22:57, Denys Fedoryshchenko wrote: In general operators don't like flowspec Its increasing popularity tens to belie this assertion. Yes, you're right that avoiding overflowing the TCAM is very important. But as Rich notes

Re: Abuse Desks

On 2020-04-28 18:57, Mike Hammett wrote: I noticed over the weekend that a Fail2Ban instance's complain function wasn't working. I fixed it. I've noticed a few things: 1) Abusix likes to return RIR abuse contact information. The vast majority are LACNIC, but it also has kicked back a couple for

Re: mail admins? Proposal of solution

On 2020-04-30 02:43, Mark Andrews wrote: And it is still on going. Just got 4 of these. Mark Technical proposal how to solve that. At 1st of month send monthly reminder manually, to each subscriber, but encode recipient address in Reply-To: a bit special way. First, you need catch-all

Re: An appeal for more bandwidth to the Internet Archive

What about introducing some cache offloading, like CDN doing? (Google, Facebook, Netflix, Akamai, etc) I think it can be rolled pretty quickly, with minimum labor efforts, at least for heavy content. Maybe some opensource communities can help as well, and same scheme can be applied then to

Re: An appeal for more bandwidth to the Internet Archive

On 2020-05-13 11:00, Mark Delany wrote: On 13May20, Denys Fedoryshchenko allegedly wrote: What about introducing some cache offloading, like CDN doing? (Google, Facebook, Netflix, Akamai, etc) Maybe some opensource communities can help as well Surely someone has already thought thru

Re: RIPE NCC Executive Board election

On 2020-05-13 22:53, Töma Gavrichenkov wrote: Peace, On Wed, May 13, 2020 at 10:43 PM Elad Cohen wrote: For you nothing will work. Is it a personal attack? IPv6 is working good for me so far ;-) -- Töma It works for Elad as well. He is pushing others for IPv4+ suffering, while he is

Re: An appeal for more bandwidth to the Internet Archive

On 2020-05-13 13:10, Bill Woodcock wrote: On 2020-05-13 11:00, Mark Delany wrote: On 13May20, Denys Fedoryshchenko allegedly wrote: What about introducing some cache offloading, like CDN doing? (Google, Facebook, Netflix, Akamai, etc) Maybe some opensource communities can help as well Surely

Re: South Africa On Lockdown - Coronavirus - Update!

On 2020-03-24 18:59, Randy Bush wrote: He's a network operator. From North America, on the North American Network Operators mailing list. Something you are not, so please stop spouting your drivel on a list that has nothing to do with you. this is not how we should act in under pressure +1

Paid abuse desks idea? Was: Urgently need contact at Facebook of Instagram and also Omegle

On 2020-05-03 01:10, Anne P. Mitchell, Esq. wrote: There is a woman torturing animals on Omegle, she is advertising it on her Instagram account. Need to get this in front of the right people to have her traced and shut down. Please let me know if you can provide a contact for either org. Anne

Re: Apple moved from CDN, and ARIN whois

wrote: Breaking from current CDN infrastructure without reasonable accessibility to the new CDN is a problem. - Mike Hammett Intelligent Computing Solutions [1] [2] [3] [4] [5] Midwest Internet Exchange [6] [7] [8] [9] The Brothers WISP [10] [11] [12] - From: "

Apple moved from CDN, and ARIN whois

Hi, Interesting, it seems AS6185 moved traffic from all CDN to their own content network. I noticed big spikes in traffic and complaints about slowness, figured out, Apple content (especially updates) are not coming from a numerous co-hosted CDN, but became "live", congesting upstreams. So

Re: 60ms cross continent

Proprietary startups for M2M in most of cases bad idea, especially if they require custom hardware (those operate in VHF band). And with such history:

Re: 60ms cross continent

are unaware of basic rain fade and link budget methodology, do you? On Mon, Jul 6, 2020, 8:44 PM Denys Fedoryshchenko wrote: On 2020-07-07 05:04, joe mcguckin wrote: Theoretically, Starlink should be faster cross country than terrestrial fiber. Joe McGuckin ViaNet Communications j

Re: 60ms cross continent

On 2020-07-07 08:32, Eric Kuhnke wrote: "no clouds" is overstating the effect somewhat. I've operated a number of mission critical Ku band based systems that met four nines of overall link uptime. The operational effect of a cloud that isn't an active downpour of rain is negligible. Continual

Re: 60ms cross continent

On 2020-07-08 10:05, Mark Tinka wrote: On 7/Jul/20 21:58, Eric Kuhnke wrote: Watching the growth of terrestrial fiber (and PTP microwave) networks going inland from the west and east African coasts has been interesting. There's a big old C-band earth station on the hill above Freetown, Sierra

Re: netflix proxy/unblocker false detection

On 2020-06-26 01:32, Mike Hammett wrote: IPv6? - By some reason my smart TV doesn't use IPv6 for Netflix, even everything else in same network using it properly (even developed for ESP8266/ESP32 - IPv6 enabled apps). And what is worse: "Netflix Kimberly The Network settings is to

Re: netflix proxy/unblocker false detection

On 2020-06-25 19:20, Dave Temkin via NANOG wrote: If you or others are not receiving a satisfactory reply from us (Netflix) on this issue, please feel free to reach out directly and I'll make sure it gets handled. So far as we know, we handle CGNAT (and IPv6) appropriately. Sometimes ranges get

netflix proxy/unblocker false detection

Did anybody noticed that Netflix just became useless due to tons of proxy/unblocker false detection on CGNAT ranges? Even my home network is dual stack, i am absolutely sure there is no proxy/vpn/whatsoever (but ipv4 part is over CGNAT) - and i got "proxy/unblocker" message on my personal TV.

Re: understanding IPv6

On 2020-06-07 19:02, Brandon Martin wrote: On 6/7/20 6:01 AM, Denys Fedoryshchenko wrote: There are very interesting and unobvious moments on IPv4 vs IPv6, for example related to battery lifetime in embedded electronics. In ipv4, many devices are forced to send "keepalives" so th

  1   2   >