Re: Very Strange - TCP SWEEP Alerts / Inconsistent with traffic on system

On Sun, 27 Jun 2010 17:22:51 -0400 (EDT) khatfi...@socllc.net wrote: Here is an example report we received from ATT: 04:29:27 x.x.x.x 0.0.0.0 [TCP-SWEEP] (total=23,dp=1024,min=212.1.185.6,max=212.1.191.127,Jun27-04:21:01,Jun27-04:29:26) (USI-amsxaid01) 04:29:27 x.x.x.x 0.0.0.0 [TCP-SWEEP]

Re: Multicast Network Monitoring

On Tue, 20 Jul 2010 08:59:13 -0400 Robert Sager rjsa...@gmail.com wrote: Curious if anyone has any experience with tools specifically for monitoring multicast. Finds where the trees are, paths they are on, tracks all senders/receivers per group, handles PIM-SM, RPs, MSDP, MDT Tunnels over

Re: Numbering nameservers and resolvers

On Tue, 17 Aug 2010 12:11:56 + (UTC) Sven Olaf Kamphuis s...@cb3rob.net wrote: nowadays, i'd simply put them all on the same /24 which you simply announce on different pops I would raise a red flag of caution with this approach especially for services that need to be reachable outside

Real ops talking to future ops

I'm afraid this is only slightly operational and limited to a subset of the NANOG crowd. I apologize profusely in advance for abusing the list as I might, but I can't think of a more suitable group of people to approach. I think the essence of the request is in line with the spirit of NANOG. As

Re: Real ops talking to future ops

On Mon, 23 Aug 2010 20:17:53 -0400 ML m...@kenweb.org wrote: I'm just as surprised as you are. They left out AppleTalk. A few classes ago I had a student tell me they had an instructor spend two full classes (out of 10) on Token Ring. I think Token Ring is interesting and I feel a little bit

Re: Real ops talking to future ops

On Tue, 24 Aug 2010 10:33:28 +0100 (BST) Jethro R Binks jethro.bi...@strath.ac.uk wrote: Maybe there's hope for you yet: http://fcotr.org/ Hah, I am not available! :-) Someone else sent me that too. Everything old is new again. I'll see their FCoTR and raise them one EtherRing spec:

Re: RIP Justification

On Wed, 29 Sep 2010 13:20:48 -0700 Jesse Loggins jlogginsc...@gmail.com wrote: OSPF. It seems that many Network Engineers consider RIP an old antiquated protocol that should be thrown in back of a closet never to be seen or heard from again. Some even preferred using a more complex protocol

Re: Using crypto auth for detecting corrupted IGP packets?

On Fri, 1 Oct 2010 00:25:34 -0400 Jared Mauch ja...@puck.nether.net wrote: I really wish there was a good way to (generically) keep a 4-6 hour buffer of all control-plane traffic on devices. While you can do that with some, the forensic value is immense when you have a problem. Not precisely

Re: NTP Server

On Sun, 24 Oct 2010 11:34:12 -0400 Brandon Kim brandon@brandontek.com wrote: I wanted to open up this question regarding NTP server. I recalled someone had created a posting of this quite awhile back. From a service provider/ISP standpoint, does anyone think that having a local NTP

Re: FUD: 15% of world's internet traffic hijacked

On Wed, 17 Nov 2010 11:45:14 -0500 Bob Poortinga bobp+na...@webster.tsc.com wrote: This article, which quotes Dmitri Alperovitch of McAfee, is full of false data as far as I can tell. I assert that much less than 15%, probably on the order of 1% to 2% (much less in the US) was actually

Re: Jumbo frame Question

On Fri, 26 Nov 2010 15:24:57 -0500 Randy Bush ra...@psg.com wrote: the reason ieee has not allowed upping of the frame size is that the crc is at the prudent limits at 1500. yes, we do another check above the frame (uh, well, udp4 may not), but the ether spec can not count on that. I wasn't

Re: Lightning Debates at NANOG 51

On Tue, 7 Dec 2010 15:24:16 -0500 (EST) Tom Daly t...@dyn.com wrote: They are meant to be informative. Maybe you have no idea on what XFP or SFP+ is because you've been running a Gigabit based network and haven't made the jump to 10GE yet - the debate might give you the top 3-5 points on why

Announcing the Community FlowSpec trial

Friends and colleagues, At NANOG 48 I talked about a community flow-spec service we were looking at trying to make work. This is the idea of using IETF RFC 5575 to pass around flow-based rules, in this case, primarily for dropping unwanted packets. This technology is not as widely deployed as

Re: asymmetric routes/security concerns/Fortinet

On Fri, 7 Jan 2011 12:40:32 -0500 Greg Whynott greg.whyn...@oicr.on.ca wrote: we have multiple internet connections of which one is a research network where many medical institutions and universities are also connected to threw out the country. This research network (ORION) also has internet

Re: asymmetric routes/security concerns/Fortinet

On Fri, 7 Jan 2011 13:56:00 -0500 Greg Whynott greg.whyn...@oicr.on.ca wrote: the localpref is something I'll look at, thanks for that. I'm not a BGP expert by any stretch, and our requirements here are simple. we are not a transit.I've only attempted to make the config safe, not

Re: Self-referential whois queries

On Thu, 10 Feb 2011 17:27:26 -0200 Rubens Kuhl rube...@gmail.com wrote: I'm noticing an increase in getting query rate exceeded at whois services that might be connected to a symptom described by ARIN at NANOG 48/ARIN XXV and ARIN XXVI where machines ask for the whois record of their own IP

Re: Paul Baran, RIP.

On Mon, 28 Mar 2011 09:14:18 -0400 (EDT) Jay Ashworth j...@baylink.com wrote: Oh hell; now we'll *never* lay the ghost of packet switching was invented to create a nuclear-war-survivable network. Maybe you're confusing the invention of packet switching with the creation of the ARPANET?

Re: Detection of Rogue Access Points

On Sun, 14 Oct 2012 16:59:12 -0400 Jonathan Rogers quantumf...@gmail.com wrote: I'm looking for innovative ideas on how to find such a rogue device, Here is an old post that describes some techniques, while date, should still be at least partially effective and help form part of a more

NANOG 57 netops security track

Friends, colleagues, fellow operators, The network security track, formerly known as the ISP security BoF, returns at NANOG 57. One option we're considering is taking a few moments for veterans and newcomers to get up and doing a 2 minute or less security contact personal introduction, akin to

Re: DDoS Attacks Cause of Game Servers

On Thu, 31 Jan 2013 10:34:29 +0330 Shahab Vahabzadeh sh.vahabza...@gmail.com wrote: Attacks takes only 20 or 30 minutes and it happens only 4 times in two days. I could'nt capture any packet but this is out put of my show ip accounting that time: Attacks on gaming systems or at the gamers

Re: Open Resolver Problems

On Mon, 1 Apr 2013 20:33:36 +0200 (CEST) Mikael Abrahamsson swm...@swm.pp.se wrote: You're sending queries, not replies. That's why DPI is needed to do the blocking, rather than just by port. What queries are sourced from port 53 nowadays? I would expect from stubs this will be close

Re: Open Resolver Problems

On Mon, 1 Apr 2013 19:40:03 +0100 Tony Finch d...@dotat.at wrote: You should be able to get a reasonable sample of IPv6 resolvers from the query logs of a popular authoritative server. When I tried this in the past for IPv4, I missed the majority of potential open resolvers / open forwarders

Re: Open Resolver Problems

On Tue, 2 Apr 2013 18:41:17 -0400 Joe Abley jab...@hopcount.ca wrote: 26/1000 is more than zero but still quite small. Subsequent samples with bigger sizes give 332/10, 3017/100. No science here, but 2% - 3% is what it looks like, which is big enough to be a noticeable support cost

Re: Probes from root servers

On Thu, 16 Jul 2009 15:56:29 -0700 Pederson, Krishna peder...@covad.com wrote: One of our IP addresses is being probed by up to 8 of the 13 root dns servers every 15 seconds. I'm looking for input on how to contact the admins for the servers or perhaps a way to figure out if perhaps someone

Re: What is the most standard subnet length on internet

On Tue, 21 Jul 2009 14:55:24 +0800 Kanagaraj kanaga...@globaltransit.net wrote: Basically /24s are the longest prefix size accepted by providers unless you are dealing RTBH (triggered blackholing services). Another requirement to ensure acceptance of an IP block, especially smaller

finding open resolvers

Hi folks, We're interested in finding open resolvers and reporting on them. There is already a list specific to dns-ops, so I'll just point you there if this topic is of interest. I recommend follow ups go there or privately. Thank you,

Re: dealing with bogon spam ?

On Tue, 27 Oct 2009 23:44:40 -0700 Leslie les...@craigslist.org wrote: It seems to me like the best solution might be a semi-hacky solution of asking arin (and other IRR's) if i can copy its DB and creating an internal peer which null routes unallocated blocks (updated nightly?) Has anyone

Re: dealing with bogon spam ?

On Thu, 29 Oct 2009 03:24:17 +1300 Nathan Ward na...@daork.net wrote: I can't see anything on their site that provides a BGP feed of prefixes allocated by RIRs, which I think is what we're talking about here. We currently provide A BGP bogon route server feed for the asking, which are

Re: DNS query analyzer

On Mon, 30 Nov 2009 16:06:45 -0800 Joseph Jackson jjack...@aninetworks.net wrote: Anyone know of a tool that can take a pcap file from wireshark that was used to collect dns queries and then spit out statistics about the queries such as RTT and timeouts? Nothing with RTT and timeouts in this,

Re: MD5 considered harmful

On Fri, 27 Jan 2012 15:52:41 -0500 Patrick W. Gilmore patr...@ianai.net wrote: Unfortunately, Network Engineers are lazy, impatient, and frequently clueless as well. While the quantity of peering sessions I've had is far less than yours, once upon a time when I had tried to get MD5 on dozens

Re: UDP port 80 DDoS attack

On Sun, 5 Feb 2012 18:36:13 -0500 Ray Gasnick III rgasn...@milestechnologies.com wrote: Only solution thus far was to dump the victim IP address in our block into the BGP Black hole community with one of our 2 providers and completely stop advertising to the other. Drew mentioned udp.pl and I

Common operational misconceptions

Hi friends, As some of you may know, I occasionally teach networking to college students and I frequently encounter misconceptions about some aspect of networking that can take a fair amount of effort to correct. For instance, a topic that has come up on this list before is how the inappropriate

Re: Common operational misconceptions

On Wed, 15 Feb 2012 22:26:11 -0500 Charles Mills w3y...@gmail.com wrote: Not understanding RFC1918. Actually got read the riot act by someone because I worked for an organization that used 10.0.0.0/8 and that was their network and they owned it. Once upon a time, a now deservedly defunct

Re: Common operational misconceptions

On Fri, 17 Feb 2012 08:29:42 -0600 -Hammer- bhmc...@gmail.com wrote: This list is awesome. Is anyone consolidating it? I'm still catching up on the thread I'm collecting all responses, many of which have been sent to me off list. I was waiting for the thread to eventually end before

Re: Botnet Traffic

On Thu, 23 Feb 2012 18:17:38 -0400 James Smith ja...@smithwaysecurity.com wrote: Can anyone on this list provide botnet network traffic for analysis, or Ip’s which have been infected. Hi James, Normally few people are going to be unwilling to provide such a thing, at least for live or

Re: rpki vs. secure dns?

On Mon, 30 Apr 2012 11:46:06 -0400 Randy Bush ra...@psg.com wrote: We need more flexible, distributed architecture behind - no matter - which interests will be lobbied as we have got already. as i agree that there is a problem, i *very* eagerly await your proposal As Radia says in her

Re: trading bandwidth

On Tue, 29 May 2012 15:10:04 -0700 Owen DeLong o...@delong.com wrote: IIRC, the concept was first introduced by MCI and Enron to great fanfare and subsequent graphic demonstrations of the destructive power of unregulated markets controlled by people of limited moral fortitude. I thought

Re: strat-1 gps

On Tue, 26 Jun 2012 07:30:30 -1000 Randy Bush ra...@psg.com wrote: my old TymServe 2100-GPS seems to have died. would appreciate reccos for a replacement. it is in a stand-alone environment so i can avoid roof access issues. antenna already in place. thanks. I've only used their

Re: DDoS using port 0 and 53 (DNS)

On Tue, 24 Jul 2012 23:10:52 -0500 Jimmy Hess mysi...@gmail.com wrote: It should be relatively safe to drop (non-fragment) packets to/from port 0. [...] Some UDP applications will use zero as a source port when they do not expect a response, which is how many one-way UDP-based apps operate,

Real ops talking to future ops

Hello friends, I've made this call once before and the response was very positive so I thought I'd do it again. As some of you know, I occasionally teach networking classes at DePaul University in Chicago. What has gone over extremely well in the past is when I've had a real op come talk to the

Re: Ethical DDoS drone network

On Sun, 4 Jan 2009 21:06:34 -0500 Jeffrey Lyon jeffrey.l...@blacklotus.net wrote: Say for instance one wanted to create an ethical botnet, how would this be done in a manner that is legal, non-abusive toward other networks, and unquestionably used for legitimate internal security purposes?

Re: Global Blackhole Service

On Fri, 13 Feb 2009 15:57:32 +0100 Jens Ott - PlusServer AG j@plusserver.de wrote: in the last 24 hours we received two denial of service attacks with something like 6-8GBit volume. It did not harm us too much, but e.g. one of our upstreams got his Amsix-Port exploded. [...] Therefore I

Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?

On Fri, 12 Oct 2007 08:00:46 GMT Paul Ferguson [EMAIL PROTECTED] wrote: Not intentionally trying to be retarded, but I've received an enormous number of private responses. [...] This question is part reality, part surreality. Let me ask you this: What would you do when you have alerted

Re: Is anyone aware of recent by-protocol traffic data in the public domain?

On Tue, 4 Dec 2007 14:39:43 + Alexander Harrowell [EMAIL PROTECTED] wrote: However, has anyone else noticed a serious lack of data after the end of the studies summarised in Longitudinal study of Internet traffic 1998-2003, You might find some additional data of interest here:

Re: [Nanog] Anyone know how I can contact uky.edu abuse?

On Tue, 22 Apr 2008 10:44:07 -0400 Jake Matthews [EMAIL PROTECTED] wrote: I've tried from 4-5 different mail providers to send something to [EMAIL PROTECTED] Can't figure out what's wrong, as I've never seen AuthRequired anywhere before. If it is security related, I highly recommend you

Re: [NANOG] Limiting ICMP

On Sat, 17 May 2008 23:53:00 -0400 Drew Weaver [EMAIL PROTECTED] wrote: I'm wondering if anyone else has run into this/has heard of/(is responsible for)/knows the reason behind large IP providers limiting ICMP on outbound connections to the same amounts regardless of the size of the circuit?

Re: DNS problems to RoadRunner - tcp vs udp

On Fri, 13 Jun 2008 14:14:55 -0400 Jon Kibler [EMAIL PROTECTED] wrote: TCP is used for zone transfers. If my server responded to TCP queries from anyone other than a secondary server, I would be VERY concerned. I wouldn't be unless it looked like a DDoS - and it might for some that are seeing

Re: TLD servers with recursion was Re: Exploit for DNS Cache Poisoning - RELEASED

On Thu, 24 Jul 2008 10:06:25 +0100 Simon Waters [EMAIL PROTECTED] wrote: I checked last night, and noticed TLD servers for .VA and .MUSEUM are still offering recursion amongst a load of less popular top level domains. Indeed just under 10% of the authoritative name servers mentioned in the

Re: Traceroute and random UDP ports

On Wed, 13 Aug 2008 05:24:17 +0530 Glen Kent [EMAIL PROTECTED] wrote: The outgoing packets from traceroute are sent towards the destination using UDP and very high port numbers, typically in the range of 32,768 and higher. This is because no one is gernally expected to run UDP services up

Re: D/DoS mitigation hardware/software needed.

On Tue, 5 Jan 2010 04:20:51 + Dobbins, Roland rdobb...@arbor.net wrote: S/RTBH and/or flow-spec are great DDoS mitigation tools which don't require any further investment beyond the network infrastructure an operator has already purchased and deployed. These should be the first

Re: Grant Funding

On Tue, 19 Jan 2010 14:59:36 -0600 David Nguyen dav...@astate.edu wrote: Does anyone have any good suggestions on grant funding for a network refresh? NSF? You mean funding to help upgrade your network? Bail outs aside, its unlikely the NSF or similar entity is going to dole out money for a

IPv6 security ops panel and PGP key signing

Hi folks, I'm helping Barry Greene out with the ISP sec BoF this year and at least one of the items planned for that session is an IPv6 security operations panel/audience discussion. If the ISP sec BoF and IPv6 operations, particularly related to security, is of interest to you, I'd be

Re: Network Naming Conventions

On Sat, 13 Mar 2010 10:47:28 -0500 Paul Stewart pstew...@nexicomgroup.net wrote: Going forward, I'd like to examine a better method to identify the devices does anyone have published standards on what they use or that of other networks and maybe even why they chose those methods? Bottom

Re: NSP-SEC

On Fri, 19 Mar 2010 04:43:18 +0100 Guillaume FORTAINE gforta...@live.com wrote: First question : Why was I able to find this mail on the Internet if it should be kept secret ? nsp-security was originally formed out of the dissatisfaction with other so-called private collaborative channels back

Re: Auto MDI/MDI-X + conference rooms + bored == loop

On Fri, 26 Mar 2010 18:09:22 -0400 Chuck Anderson c...@wpi.edu wrote: Anyone have suggestions on Ethernet LAN loop-prevention? With the advent of Auto MDI/MDI-X ports on switches, it seems way too easy to accidentally or maliciously create loops between network jacks. We Some time ago I

Re: Books for the NOC guys...

On Fri, 02 Apr 2010 08:09:29 -0400 Robert E. Seastrom r...@seastrom.com wrote: This morning I went digging for a book to recommend that someone in our NOC read in order to understand at a high level how Internet infrastructure works (bgp, igps, etc) and discovered that the old standbys

Re: what about 48 bits?

On Tue, 06 Apr 2010 23:02:12 -0400 joel jaeggli joe...@bogus.com wrote: Ah, but what _caused_ Ethernet to become ubiquitous, given the price was initially comparable? Early standardization. In one of my other favorite books, Gigabit Ethernet, Rich Seifert says: [...] IBM was the only

Re: Carrier class email security recommendation

On Mon, 12 Apr 2010 07:09:12 -0700 todd glassey tglas...@earthlink.net wrote: Alex there are many email systems out there - but make sure that whatever you buy can support NTPv4 and not SNTP or unauthenticated NTP since this is how the GW is going to be able to put time-marks on receipts

Re: Suspecious anycast prefixes

On Thu, 5 May 2011 11:54:17 +0300 Joe Abley jab...@hopcount.ca wrote: Perhaps I'm misunderstanding the original question, but the assertion that anybody is hijacking that particular prefix seems false. Furthermore, that exchange prefixes may often appear to be anycast is not unusual. Those

Re: Suspecious anycast prefixes

On Thu, 5 May 2011 11:48:31 -0500 Yaoqing(Joey) Liu joey.li...@gmail.com wrote: Furthermore, that exchange prefixes may often appear to be anycast is not unusual.  Those prefixes are often originated by multiple disparate networks who are connected to the exchange. You mean that many

Re: Why don't ISPs peer with everyone?

On Mon, 06 Jun 2011 18:19:37 -0400 rucasbr...@hushmail.com wrote: I wouldn't consider myself a network engineer, nor do I have any formal training, but why don't ISPs peer with every other ISP? It It depends on the ISP, but there are a variety of reasons for not wanting to peer with any

Re: chargen is the new DDoS tool?

On Tue, 11 Jun 2013 19:52:02 -0400 Ricky Beam jfb...@gmail.com wrote: All of the above plus very poorly managed network / network security. (sadly a Given(tm) for anything ending dot-e-d-u.) That broad sweeping characterization, without any evidence, can be as casually dismissed without

Re: Policy-based routing is evil? Discuss.

On Fri, 11 Oct 2013 18:27:00 +0100 (BST) William Waites wwai...@tardis.ed.ac.uk wrote: I'm having a discussion with a small network in a part of the world where bandwidth is scarce and multiple DSL lines are often used for upstream links. The topic is policy-based routing, which is being

Re: ddos attacks

On Wed, 18 Dec 2013 15:12:28 -0800 cb.list6 cb.li...@gmail.com wrote: I am strongly considering having my upstreams to simply rate limit ipv4 UDP. It is the simplest solution that is proactive. I understand your willingness to do this, but I'd strongly advise you to rethink such a strategy.

Re: Oklahoma State Univ.

On Fri, 17 Jan 2014 13:25:42 -0600 J. Oquendo s...@infiltrated.net wrote: Yes I know there is UNISOG, not on it anymore. Can someone on that list either forward, or put me in touch with one in the know there (AS5078) concerning things malware related appreciated. UNISOG no longer exists.

Re: TWC (AS11351) blocking all NTP?

On Mon, 03 Feb 2014 16:49:37 +1300 Geraint Jones gera...@koding.com wrote: We block all outbound UDP for our ~200,000 Users for this very reason (with the exception of some whitelisted NTP and DNS servers). So far we have had 0 complaints I've heard this sort of absence of complaint statement

Re: TWC (AS11351) blocking all NTP?

On Mon, 3 Feb 2014 07:08:25 + Dobbins, Roland rdobb...@arbor.net wrote: There's nothing in IPv6 which makes any difference. The ultimate solution is antispoofing at the customer edge. There is at least one small thing that may change some part of this and similar problems. If the threat

Re: JunOS NTP - Re: OpenNTPProject.org

On Tue, 18 Feb 2014 09:14:59 -0500 Jared Mauch ja...@puck.nether.net wrote: prefix-list ntp-servers { apply-path system ntp server *; Some people also have a 'boot-server [server]' statement. In the off chance that address is different than those listed in the server statements,

Re: Multicast Internet Route table.

On Tue, 2 Sep 2014 04:47:37 + S, Somasundaram (Somasundaram) somasundara...@alcatel-lucent.com wrote: 1: Does all the ISP's provide Multicast Routing by default? No not all and even those that do often do not do so on the same gear, links and peers as their unicast forwarding. 2: Is

Re: Multicast Internet Route table.

On Tue, 02 Sep 2014 08:43:16 -0700 Octavio Alvarez alvar...@alvarezp.ods.org wrote: No not all and even those that do often do not do so on the same gear, links and peers as their unicast forwarding. Why would that be, are network devices not able to support multicast? That was part of

Security Track @ NANOG 62 Call for Participation

Friends, colleagues, fellow operators, The network security track, formerly known as the ISP security BoF, will be on the agenda at NANOG 62 in Baltimore and I will be the track facilitator. My good friend Krassimir (Krassi) Tzvetanov many of you may know, has also agreed to help coordinate. We

Re: Book / Literature Recommendations

On Tue, 16 Sep 2014 09:48:45 +0100 James Bensley jwbens...@gmail.com wrote: What is the single best book you have read on networking? I couldn't narrow it down to one, but since it hasn't been mentioned already, Radia Perlman's Interconnections. Her's is utterly fantastic largely in part

Re: upstream support for flowspec

On Thu, 18 Sep 2014 13:53:52 -0400 Daniel Corbe co...@corbe.net wrote: Is there anything in the air about widening the adoption base? Cisco? Brocade? I've seen some suggesting that increased support, but even at Juniper, actions seem to speak larger than words. There seems to be very little

Re: Marriott wifi blocking

On Fri, 3 Oct 2014 16:16:22 -0400 Nick Olsen n...@flhsi.com wrote: Not sure the specific implementation. But I've heard of Rouge AP detection done in two ways. Relation discussion on this topic has come up from time to time. I believe the last time was in a thread that starts here and

Unwanted Traffic Removal Service (UTRS)

Friends and colleagues, Yesterday I briefly discussed a new project we've recently launched and for which invited participation from the NANOG 62 attendees. This is a not so subtle wider request for consideration. UTRS is essentially a community RTBH that people have suggested to us would be a

Re: Unwanted Traffic Removal Service (UTRS)

On Wed, 8 Oct 2014 16:42:38 +0200 Job Snijders j...@instituut.net wrote: Just like chicory, personally I don't like it. Yes, Cymru has build a reputation as clearing house for redistribution of security related information. But... (aside from any local safety net filter), it's quite a leap to

Re: Unwanted Traffic Removal Service (UTRS)

On Thu, 09 Oct 2014 22:58:05 +0200 Christian Seitz ch...@in-berlin.de wrote: What I do not like at this UTRS idea is that I cannot announce a prefix via BGP. Somebody has to inject it for me. I would like to announce it in real time and not with delay because of manual approval. While true

Re: abuse reporting tools

On Tue, 18 Nov 2014 16:58:24 -0800 Mike mike-na...@tiedyenetworks.com wrote: I provide broadband connectivity to mostly residential users. Over the past few years, instances of DDoS against the network - specfically targeting end users - has been on the rise, and today I can qualify many

Re: How our young colleagues are being educated....

On Thu, 25 Dec 2014 19:21:34 -0500 Miles Fidelman mfidel...@meetinghouse.net wrote: Cisco as the basis of networking material? Does nobody use Comer, Stallings, or Tannenbaum as basic texts anymore? I currently use a Comer book. I've also used a Tannenbaum book in the past, but not recently.

Re: Charter ARP Leak

On Mon, 29 Dec 2014 14:23:56 -0500 (EST) Jay Ashworth j...@baylink.com wrote: From an intermediate routing standpoint, though, it would be easier to add an *adjacent* block, not one halfway across the address space, no? One never knows how the address space is carved up. Changing what were

Security Track @ NANOG 63 Call for Participation

[ Apologies if you saw this elsewhere already - jtk ] Friends, colleagues, fellow operators, The network security track, formerly known as the ISP security BoF, will be on the agenda at NANOG 63 in San Antonio and I will be the track facilitator. We not only seek your participation, but we are

Re: Last-call DoS/DoS Attack BCOP

On Wed, 25 Mar 2015 08:27:14 -0400 Rob Seastrom r...@seastrom.com wrote: John's statement was in the context of general advice to be included in a BCOP document and I felt compelled to say whoa there. My intent was for it to be taken as a DDoS mitigation response option, not as a general

Re: Last-call DoS/DoS Attack BCOP

On Mon, 23 Mar 2015 19:00:14 -0400 Yardiel D.Fuentes yard...@gmail.com wrote: Since there have been good feedback for this BCOP. The committee decided to extend the last-call period for another two weeks to give ample chance to further feedback. So, it is not late for more comments, Hi

Re: PoC for shortlisted DDoS Vendors

On Wed, 01 Apr 2015 19:51:54 +0300 Mohamed Kamal mka...@noor.net wrote: The setup will be inline. So it would be great if anyone have done this before and can help provide the appropriate tools, advices, or the testing documents for efficient PoC. Hi Mohamed, We recently introduced a

Re: UDP clamped on service provider links

On Mon, 27 Jul 2015 19:42:46 +0530 Glen Kent glen.k...@gmail.com wrote: Is it true that UDP is often subjected to stiffer rate limits than TCP? Yes, although I'm not sure how widespread this is in most, if even many networks. Probably not very widely deployed today, but restrictions and

Re: UDP clamped on service provider links

On Thu, 30 Jul 2015 21:18:10 -0500 Jason Baugher ja...@thebaughers.com wrote: In one case, when we were having an issue with a SIP trunk, we re-numbered our end to another IP in the same subnet. Same path from A to Z, but the packet loss mysteriously disappeared using the new IP. It sure

Re: Did *bufferbloat* cause the 2010 flashcrash?

On Sun, 02 Aug 2015 23:19:02 -0400 Jay Ashworth j...@baylink.com wrote: This guy seems to think so, and his arguments seem pretty convincing to me, but I don't understand the financial system as well as I might. Interesting Jay, thanks for forwarding that. I'm not convinced, but I could be.

Re: Strange traceroute result to VM in EC2, Singapore

On Thu, 6 Aug 2015 21:35:46 +0530 Glen Kent glen.k...@gmail.com wrote: Any pointers on this would be very helpful. Presumably you're doing this from a Linux host. You might try these flags to see what you get: -T, --tcp Use TCP SYN for probes -e, --extensions

Re: NTP versions in production use?

Hi Harlan, On Fri, 10 Jul 2015 13:30:15 -0700 Harlan Stenn st...@nwtime.org wrote: I know that Cisco, for example, uses NTP in around 10 different product lines, but I don't know what versions of NTP are in current use. At least with the equipment with which I'm familiar they weren't

Re: Software Defined Networking

On Fri, 4 Sep 2015 14:40:31 + Rod Beck wrote: > Can anyone provide references on this top so I can educate myself? A bit more effort will be required on your part to get the most out it, but one potentially in depth resource would be Nick Feamster's Software

Re: Ransom DDoS attack - need help!

On Thu, 3 Dec 2015 03:15:04 -0500 halp us wrote: > I would really appreciate help in a few areas (primarily with certain > provider contacts/intros) so we can execute our strategy (which I > can't reveal here for obvious reasons). If you email me off-list with > a

Re: Thank you, Comcast.

On Fri, 26 Feb 2016 07:20:28 +0100 (CET) Mikael Abrahamsson wrote: > I know historically there were resolvers that used UDP/53 as source > port for queries, but is this the case nowadays? Empirically from what I've observed, much less than there once was. Looking at a sample

Re: Multicast stream monitoring tools

On Mon, 25 Jan 2016 12:48:47 +0400 Murat Kaipov wrote: > Hello folks!We have an issue with some multicast streams. For some > reason picture is very unstable in evening, during internet usage > peak times. We have had monitor our links and uplinks and there > wasn't any

Re: BGP FlowSpec

On Thu, 21 Apr 2016 09:46:13 +0200 Martin Bacher wrote: > - Intra-AS BGP FlowSpec deployment: Who is running it? For which kind > of attacks are you using it? Are you only dropping or rate-limiting > certain traffic or are you also using the redirect/remark >

Security Track @ NANOG 67 Call for Participation

[ Apologies if you saw this elsewhere already - jtk ] Friends, colleagues, fellow operators, The network security track, formerly known as the ISP security BoF, may be on the agenda at NANOG 67 in Chicago and if we can put together a reasonable agenda I may be your track facilitator. We not

Security Track @ NANOG 68 Call for Participation

[ Apologies if you saw this elsewhere already - jtk ] Friends, colleagues, fellow operators, The network security track, formerly known as the ISP security BoF, may be on the agenda at NANOG 68 in Dallas October 17-19 and if we can put together a reasonable agenda I may be your track

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sun, 25 Sep 2016 22:59:15 + Stephen Satchell wrote: > In short, I have yet to see a "cookbook" for BGP38 filtering, for ANY > filtering system -- BSD, Linux, Cisco. There is some here for integrating Team Cymru's bogon BGP service into various router platforms:

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sun, 25 Sep 2016 14:36:18 + Ca By wrote: > As long as their is one spoof capable network on the net, the problem will > not be solved. This is not strictly true. If it could be determined where a large bulk of the spoofing came from, public pressure could be applied.

Re: OSPF vs ISIS - Which do you prefer & why?

On Wed, 9 Nov 2016 17:12:24 + Michael Bullut wrote: > Although there isn't distinct 1:1 argument, it's good we discuss it > here and figure out why one prefer one over the other *(consider a > huge flat network)**.* What say you ladies and gentlemen? I'm not sure it is

Re: List of US server providers?

On Tue, 11 Oct 2016 14:23:19 + Carlos Kamtha wrote: > Was wondering if anyone can point me to a current list of > dedicated/VPS providers in the US. That is, if such a list exists... I'm not sure such a comprehensive and regularly maintained list is available, and I'm

  1   2   >