Re: Experience on Wanguard for 'anti' DDOS solutions

hi ramy On 08/12/15 at 05:28pm, Ramy Hashish wrote: Anybody here compared Wanguard's performance with the DDoS vendors in the market (Arbor, Radware, NSFocus, A10, RioRey, Staminus, F5 ..)? wouldn't the above comparison be kinda funky comparing software solutions with hardware

Re: Data Center operations mail list?

hi ya martin On 08/16/15 at 07:57pm, Martin Hannigan wrote: On Sun, Aug 16, 2015 at 3:22 PM, Chris Boyd cb...@gizmopartners.com wrote: There seems to be some traction, with 268 members on the NADCOG list so far. good Great! It's a little more complicated than list member count.

Re: A multi-tenant firewall for an MSSP

hi On Mon, Aug 17, 2015 at 10:16 AM, Ramy Hashish ramy.ihash...@gmail.com wrote: We are planning to implement a multi-tenant FW/UTM and start providing security as a service, I would like to hear if anybody had experience on that'd be a good thing ... but ... this, and if there are any

Re: DOCSIS CMTS Systems

hi On 07/29/15 at 10:59am, Curtis Maurand wrote: Seriously nice solutions...both of them. .. -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Colton Conor Sent: Wednesday, July 29, 2015 8:27 AM To: NANOG nanog@nanog.org; Scott Helms khe...@zcorum.com

Re: DDOS Simulation

hi dovid On 07/28/15 at 02:31pm, Dovid Bender wrote: We are looking for a company that can launch a DDOS attack against the solutions we are testing. I don't want a proof of concept from the company that will be offering DDOS protection since they can simulate an easy attack and then

Re: DDOS Simulation

hi roland On 07/29/15 at 05:47am, Roland Dobbins wrote: On 29 Jul 2015, at 5:19, alvin nanog wrote: as previously noted by others, legit corp will ask you for lots of legal paperwork for their get out of jail card for DDoS'ing your servers and all the other ISP's routers along the way

Re: Quakecon: Network Operations Center tour

hi mr bugs :-) On 08/03/15 at 05:38pm, Mr Bugs wrote: The WiFi jammers have an interesting MO. They don't throw up static on the frequency, that would also block their own wifi. They spoof de-authentication packets. I've been looking for a way to detect this kind of jamming because my WiFi

Re: DDOS Simulation

knocking, the ddos attackers are in deeep kah kah, thus requiring prior legal paperwork of all those directly and indirectly involved have fun alvin On 07/30/15 at 03:05am, Roland Dobbins wrote: On 30 Jul 2015, at 2:38, alvin nanog wrote: there is no need to pay people to attack your servers

Re: Quakecon: Network Operations Center tour

hi ethan On 08/03/15 at 10:58am, Ethan wrote: Getting bandwidth into the events is a pain. Huge venues are meant for large corporate events not lower budget cons and festivals. Venue pricing I believe is 750-1500$ per megabit. 100 megabit = $75,000 for the weekend. One year I rememeber

Re: Data Center operations mail list?

hi nanog On 08/11/15 at 04:46pm, Alex Brooks wrote: With the lack of interest compared to NANOG (especially seeing how the old list simply dried up) it might be best making the list global rather than North America only to get the traffic levels up a bit. there used to be an active

Re: RES: Exploits start against flaw that could hamstring huge swaths of

hi ya On Tue, Aug 4, 2015 at 11:29 AM, Scott Helms khe...@zcorum.com wrote: With the (large) caveat that heterogenous networks are more subject to human error in many cases. coughautomate!/cough ... On 08/04/15 at 12:21pm, Christopher Morrow wrote: On Tue, Aug 4, 2015 at 11:46

Re: DDOS Simulation

hi dovid On 07/27/15 at 11:32am, Dovid Bender wrote: We are looking into a few different DDOS solutions for a client. We need a LEGITIMATE company that can simulate some DDOS attacks (the generic + specific to the clients business). Anyone have any recommendations? i've compiled a fairly

Re: DDOS Simulation

hi pavel On 07/28/15 at 12:02am, Pavel Odintsov wrote: It's poor man's traffic generator :) that's the best kind :-) as long as it gets the job done and you get to control what it does My test lab is i7 2600 with 2 port Intel X520 10GE and Intel Xeon E5 2604 witj 2 port Intel X520 10GE.

Re: Updated Ookla Speedtest Server Requirements

hi lorell On 11/09/15 at 03:27pm, Lorell Hathcock wrote: > Esteemed Legions of NANOG: > ... > Here is the link to their recommendations. > http://www.ookla.com/support/a26461638/ ... > In the mean time I will just test 1 Gbps speeds off a copper GE port, but > want the SFP+ capability so I

Re: Updated Ookla Speedtest Server Requirements

On 11/09/15 at 05:35pm, Josh Luthman wrote: > You can't get SFP+ PCI cards anyways. I don't think you can very easily > get boards with PCI on them, either. lots of vendors w/ PCIe 10gigE cards w/ copper or SFP+ interface .. very few ( almost none ) for explicitly PCI w/ 10gigE and more

Re: Long-haul 100Mbps EPL circuit throughput issue

hi eric On 11/05/15 at 04:48pm, Eric Dugas wrote: ... > Linux test machine in customer's VRF <-> SRX100 <-> Carrier CPE (Cisco > 2960G) <-> Carrier's MPLS network <-> NNI - MX80 <-> Our MPLS network <-> > Terminating edge - MX80 <-> Distribution switch - EX3300 <-> Linux test > machine in

Re: DDoS appliances reviews needed

hi ramy On 08/26/15 at 12:54pm, Aftab Siddiqui wrote: Anybody here has experienced a PoC for any anti DDoS appliance, or already using a anti DDoS appliance in production and able to share his user experience/review? only interested in appliance? why not scrubbing services? is it

Re: DDoS appliances reviews needed

? If so I would like to know more about it. you can download the free version for testing .. http://DDoS-Mitigator.net/Download On Wed, Aug 26, 2015 at 8:53 PM, alvin nanog nano...@mail.ddos-mitigator.net wrote: ... for your reviewing or collecing info from folks .. - what's

Re: Any Tool to replace Peakflow CP

hi aluisio On 09/06/15 at 02:01am, Aluisio da Silva wrote: > Hello, > > Does anyone here have a suggestion for a tool to replace Peakflow CP from > Arbor Networks? # for reference http://www.arbornetworks.com/products > Please if possible you would like hear some suggestions. - sflow based

Re: Software Defined Networking

hi valdis On 09/04/15 at 06:59pm, valdis.kletni...@vt.edu wrote: > > Does anybody have a citation that legal disclaimers attached to > publicly posted mail aren't null and void? Seems to me that > what they're trying to say is "Sorry, we're too lame to use > PGP or similar on actually

Re: Any Tool to replace Peakflow CP

Sep 6, 2015 at 6:22 AM, alvin nanog > <nano...@mail.ddos-mitigator.net> wrote: > > > > hi aluisio > > > > On 09/06/15 at 02:01am, Aluisio da Silva wrote: > >> Hello, > >> > >> Does anyone here have a suggestion for a tool

Re: root zone archive

hi On 09/17/15 at 12:33am, Joe Abley wrote: ... > I'm particularly interested in zone data that describes the build out of the > original root zone NS set to nine servers in mid-1994, the renaming under > the ROOT-SERVERS.NET domain and the subsequent assignment of J, K, L and M. wouldn't that

Re: wanted: tool for traffic generation / characteristics / monitoring

hi matthias On 10/01/15 at 03:41pm, Matthias Flittner wrote: > Dear colleagues, > > Currently we are looking for a magic tool with which it is possible to > generate specific (realistic) traffic patterns between client and server > to analyze (monitor) traffic characteristics (jitter, delay,

Re: CHP website returning 503

On 09/28/15 at 12:56am, Larry Sheldon wrote: > On 9/28/2015 00:24, Christopher Morrow wrote: > >On Mon, Sep 28, 2015 at 12:42 AM, wrote: ... > >Are telling me Eric Estrada won't have a loadbalancer deployed for > >this super critical resource? both eric and his buddy

Re: CHP website returning 503

On 09/27/15 at 09:21pm, Joe Hamelin wrote: > It is late Sunday night. When would you do maintenance? even if one was doing maintenance, there is no reason not to have at least 1 el-cheapo server replying that it's under maintenance vs being suspect of other reasons of it being down there's

Re: high latency on West Coast?

hi andrei On 09/18/15 at 11:50am, Florin Andrei wrote: > I'm seeing 250 ms between California and Oregon. Not just AWS, but also > between, say, Comcast and AWS. > > Latency from other locations, such as between N. Virginia and Oregon, is > much lower, about 72 ms in my tests. > > Anyone else

Re: DDoS auto-mitigation best practices (for eyeball networks)

On 09/19/15 at 02:54pm, Frank Bulk wrote: > Could the community share some DDoS auto-mitigation best practices for > eyeball networks, where the target is a residential broadband subscriber? o kie dough kie > I'm not asking so much about the customer communication as much as > configuration of

Re: correlation between ingress and egress traffic in case of volume-based DDoS

hi martin On 09/23/15 at 07:07pm, Martin T wrote: > volume-based DDoS attacks should often result with following bandwidth graphs: > > http://s12.postimg.org/gy3eps10t/volume_based_DDo_S_graph.png > > > This is a fabricated bps graph for 100GigE port facing an uplink when you say

Re: Ransom DDoS attack - need help!

hi ya roland On 12/04/15 at 11:09am, Roland Dobbins wrote: > On 4 Dec 2015, at 9:34, alvin nanog wrote: > >all that tcpdump jibberish > > Is entirely unnecessary, as well as being completely impractical on a > network of any size. up to a point, probing around at the

Re: Ransom DDoS attack - need help!

hi jean-f On 12/08/15 at 11:46pm, Jean-Francois Mezei wrote: > Since the OP mentioned a "ransom" demand (aka: extortion), should law > enforcement be contacted in such cases ? simply saying "these bozo's are attempting to extort $100 from me" with their email demands probably will not get the

Re: Ransom DDoS attack - need help!

hi "need help" On 12/03/15 at 03:15am, halp us wrote: > A company that shall remain anonymous has received a ransom DDoS note from > a very well known group that has been in the news lately. use an email reader that allows you to see all the received email headers to see which STMP routers

Re: Ransom DDoS attack - need help!

hi lyndon On 12/03/15 at 05:54pm, Lyndon Nerenberg wrote: > On Dec 3, 2015, at 5:00 PM, alvin nanog <nano...@mail.ddos-mitigator.net> > wrote: > > run tcpdump and/or etherreal to capture the DDoS attacks > > Of course! If we had only thought of this sooner! >

Re: Devices with only USB console port - Need a Console Server Solution

hi erik On 12/07/15 at 10:15pm, Erik Sundberg wrote: > We have one of these nice new and fancy Cisco ASR920-24SZ, just realized it > doesn't have an RJ45 Console port only USB. When we deploy devices at our pop > we wire the console port to a terminal\console server, well that doesn't work >

Re: Ransom DDoS attack - need help!

hi joe On 12/08/15 at 01:24am, Joe Morgan wrote: > We received a similar ransom e-mail yesterday :-) dont pay real $$$ ... pretend that it was paid and watch for them to come get the ransom ... never give your real banking info ask them, where do you send the "$xx,000" mastercard gift card

Re: Ransom DDoS attack - need help!

hi On 12/10/15 at 11:07am, Joe Morgan wrote: > These are the three e-mail addresses they have contacted me on so far. > armada.collect...@bk.ru > melvin.webst...@gmail.com > luciennemcglyn...@gmail.com Ian> messages came from a various bitmessage.ch addresses # i wonder if they all have the

Re: Nat

hi folkx On 12/17/15 at 10:28am, Mark Andrews wrote: > We need to make IPv4 painful to use. already is too crowded > Adding delay between SYN and SYN/ACK would be one way to achieve this. change tcp windoow size to 1 byte per packet or decrease from 1500 byte packets, more traffic they use,

Re: Fwd: port 123 reflection attacks

hi ya colin On 12/30/15 at 09:04am, Colin Johnston wrote: > Where does it say we need to contact home cert instead on your website ? because cnc...@cert.org.cn asked ? > verification of what ? i'd want to see if it's a simple port scan by a script kidddie vs a more serious upcoming DOS

Re: Bluehost.com

hi On 11/25/15 at 05:19pm, Bob Evans wrote: > For an ISP type service - it's almost impossible the make it up in volume > - all you need is one phone call to cost you $10 in support on a $3.50 > service. With that many customers you can imagine how many call to just > ask what happened or vent

Re: Detecting Attacks

hi su.. On 06/10/16 at 10:39pm, subashini hariharan wrote: > I am Subashini, a graduate student. I am interested in doing my project in > Network Security. I have a doubt related to it. duh... too broad of a subject ... you'd need to be more specific about which of the hundred's of sub

Re: Webmail / IMAPS software for end-user clients in 2016

hi ya On 06/08/16 at 06:06pm, Eric Kuhnke wrote: > If you had to put up a public facing webmail interface for people to use, > and maintain it for the foreseeable future (5-6 years), what would you use? > > Roundcube? > https://roundcube.net/ - good > Rainloop? > http://www.rainloop.net/ -

Re: Webmail / IMAPS software for end-user clients in 2016

hi yta On 06/08/16 at 06:43pm, Eric Kuhnke wrote: > openwebmail hasn't been updated since 2006... yup.. a minor/major issue > squirrelmail is ancient and barely maintained. last update ( svn ) was Jun 09, 2016 ( today ) http://squirrelmail.org/download.php if you like the "latest/greatest"

Re: Building a technical library

hi ya chris On 05/31/16 at 08:53pm, Ca By wrote: > On Tuesday, May 31, 2016, Chris Costa wrote: > > > Looking to develop a technical library for about 15 staff members all under > > the same roof. Subject matter would focus around Juniper/Junos, TCP/IP, > > dwdm,

Re: how to deal with port scan and brute force attack from AS 8075 ?

hi nanog'ers On 03/31/16 at 10:20am, valdis.kletni...@vt.edu wrote: > On Thu, 31 Mar 2016 10:02:05 +0200, "marcel.duregards--- via NANOG" said: > > > We consider port scan and brute force on ssh port as an attack, and even ... > (For the record, our border routers drop inbound SYN on port 22

Re: DDoS protection: Corero

hi On 05/12/16 at 01:21pm, Ragnar Sigurðsson Joensen wrote: > Quick question. Is there anyone on this list using Corero for DDoS > protection? If so I'd much appreciate an off-list review of it. Thanks in > advance. hummm ... just some generic comments when comparing "DDoS protection" one

Re: New Office, New Network. Questions.

hi nikolai - oops.. this got long based on my experiences/opinions :-) On 07/10/16 at 09:53pm, Nikolai Petrov wrote: > We are moving to our new offices in two months and I have access to the > building already. > My task is to set up the entire network for the company. > The previous

Re: Dyn DDoS this AM? - dns

On 10/21/16 at 03:21pm, David Birdsong wrote: > On Fri, Oct 21, 2016 at 2:58 PM, Randy Bush wrote: > > anyone who relies on a single dns provider is just asking for stuff such > > as this. :-) > I'd love to hear how others are handling the overhead of managing two dns >