On consistency and 192.0.0.0/24

As one to never let a good academic question go unasked... what is it about 192.0.0.0/24 that is or isn't a bogon. This doesn't seem so straightforward an answer to me, at least in theory. Although in practice it may already be decided whether one likes the answer or not. 192.0.0.0/24 was

Re: Why are paper LOAs still used?

On Mon, 26 Feb 2024 10:57:05 -0800 Seth Mattinen via NANOG wrote: > Why do companies still insist on, or deploy new systems that rely on > paper LOA for IP and ASN resources? How can this be considered more > trustworthy than RIR based IRR records? For routing, some have been proposing that

Re: Your Input Needed: Can ROA Replace LOA? – Short Survey (7 mins)

On Thu, 16 Nov 2023 03:47:43 + Christopher Hawker wrote: > Aftab Siddiqui is currently exploring the possibility of using Route > Object Authorisations (ROAs) as a potential replacement to LOAs. > Separate to this (and unknowing of Aftab's research), I had started a > discussion on the RPKI

Re: transit and peering costs projections

On Sat, 14 Oct 2023 16:01:54 -0700 Dave Taht wrote: > This set of trendlines was very interesting. Unfortunately the data > stops in 2015. Does anyone have more recent data? This may be of interest: Peering Costs and Fees John

Re: Traffic being directed at random infrastructure with pornhub.com host header (?)

On Wed, 13 Sep 2023 13:35:30 + Drew Weaver wrote: > Has anyone else recently seen a spike of port 80 traffic being sent > at seemingly random IP addresses that include the Pornhub host header? Yes. The source possible, hopefully being research or commercial scanners perhaps? I've seen a

Experiences with operational cost increases

Friends, Like many of you I'm sure, I'm seeing an irregular rise in prices for a variety of network services (e.g., IP addresses, connectivity, remote hands, hosting). The increases seem to be most common and pronounced in and around the European region thus far. I'm not here to talk about

Re: RFC: BOGONs over BGP, adding some ranges

On Tue, 30 Aug 2022 13:15:40 -0400 James Shank wrote: > 224/4 If any were to cause a problem, I'd think this is the one that would be most likely. While inter-domain IP multicast is practically dead and so the impact might not be so great (sorry multicast-wg and mboned friends), there may be

Re: Proposals at ITU-T for Internet Evolution Raise Serious Concerns; According to ISOC

On Thu, 11 Aug 2022 18:33:20 -0400 b...@theworld.com wrote: > (it's only 25 pages and you probably can skip to section 6, maybe look > at section 5, the rest is mostly "what a network is" padding.) On that note... I found this the following to a reasonably pragmatic and thoughtful, albeit

Re: Scanning the Internet for Vulnerabilities

On Sun, 19 Jun 2022 08:06:59 -0400 Dovid Bender wrote: > I don't know who is doing it. I just know that IL Cert contacted our > parent company which has an ISP in Israel when things were "hot". Some national government infrastructure protection organizations will relay notifications to local

Re: Free-ish Linux Netflow collector/analyser options

On Mon, 16 May 2022 18:34:29 + Matthew Crocker wrote: > I’m looking for a free-ish Linux open sources Netflow > collector/analyser. [...] There was a long thread back in January that I think will provide you many of the suggestions you're seeking. If you haven't seen it, it starts here:

Re: is it still nfsen?

On Sun, 03 Apr 2022 19:10:18 -0700 Randy Bush wrote: > i am setting up new app/port monitoring. i like nfsen because i can > zooom in and see who is sending all that port 43 tls between 11:42 and > 12:19. is there some other tool at which i should look? If you are using nfcapd/nfdump I think

Re: Let's Focus on Moving Forward Re: V6 still not supported

On Wed, 30 Mar 2022 04:47:08 -0700 John Gilmore wrote: > https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-240/ The draft touches on IANA considerations, but this seems inadequate to make any more progress and gain wider acceptance. It seems to me there has been compelling

Re: V6 still not supported

On Wed, 30 Mar 2022 18:36:24 +0200 Jared Brown wrote: > IPv4 address blocks have a fixed one-time cost, not an ongoing > $X/month cost. From an RIR perhaps, but when demand changes for your available pool, what happens downstream? When you rent servers from providers, unless you bring your

BCP 235

Pardon the netop relevant interjection... Most of you probably don't need this, but in my experience many did. DNS over TCP transport is a thing, please don't block it. kthxbye. John

Re: Making Use of 240/4 NetBlock

On Wed, 9 Mar 2022 10:38:20 -0800 David Conrad wrote: > When did squatting become a justification for not allocating > addresses? Isn't this essentially the same thing as the DNS name collision problem ICANN has been studying and discussing? Perhaps scale and potential for harm is different,

Re: CC: s to Non List Members (was Re: 202203080924.AYC Re: 202203071610.AYC Re: Making Use of 240/4 NetBlock)

On 8 Mar 2022 19:14:34 -0500 "John Levine" wrote: > I have conversations with my hosting provider in which they tell me > that nobody has ever asked for IPv6 other than me, Oh you too? I got that response all the time. Then I when I press, they usually say they've had one, two, three, maybe

Susan Harris

Friends, I regret to relay this news. So many people here knew and will remember Susan. She had been a key, and major figure in the history of NANOG as I'm sure many of you can reflect on with numerous memories of her:

Re: ASN in use, but no whois data?

On Fri, 25 Feb 2022 16:45:33 -0600 Matt Harris wrote: > I'm looking at an ASN 394183 and I can't find any whois or other > contact data. I've checked globally and then also ARIN directly and It appears like it might be https://orocktech.com/ but not clear to me what happened with the contact

Re: Flow collection and analysis

On Tue, 25 Jan 2022 11:46:14 -0400 David Bass wrote: > Wondering what others in the small to medium sized networks out there > are using these days for netflow data collection, and your opinion on > the tool? Two open source tools you might consider: nfdump

Re: Redploying most of 127/8 as unicast public

On Thu, 18 Nov 2021 08:53:53 -0800 Jonathan Kalbfeld via NANOG wrote: > If we’re going to do something that Majorly Breaks the Internet(tm), > why not talk about the 240/4 space instead? I like the proposal that suggest include a plan to reuse 224/4 (with the exception of 224.0.0.0/24, but it

Re: uPRF strict more

On Tue, 28 Sep 2021 17:47:41 -0700 Randy Bush wrote: > do folk use uPRF strict mode? Presumably you mean uRPF. As of a few months ago, the .edu I was doing netops at, Juniper's 'rpf-check' option was set on all the edge interfaces where there were only end hosts. This is strict mode. The

Re: An update on the AfriNIC situation

On Mon, 30 Aug 2021 16:29:48 -0700 Owen DeLong via NANOG wrote: > Further, the registries are not engaged in the daily operations of the > internet. Hi Owen, Your statement above I have to insist is simply incorrect. In addition to the traditional services that are relied upon in a variety

Re: Setting sensible max-prefix limits

On Wed, 18 Aug 2021 11:33:09 +0200 Lars Prehn wrote: > As I understand by now, it is highly recommended to set a max-prefix > limit for peering sessions. Yet, I can hardly find any recommendations > on how to arrive at a sensible limit. Maybe because there isn't a simple, universal approach

Re: Famous operational issues

On Wed, 17 Feb 2021 14:07:54 -0500 John Curran wrote: > I have no idea what outages were most memorable for others, but the > Stanford transfer switch explosion in October 1996 resulted in a much > of the Internet in the Bay Area simply not being reachable for > several days. Thanks John.

Famous operational issues

Friends, I'd like to start a thread about the most famous and widespread Internet operational issues, outages or implementation incompatibilities you have seen. Which examples would make up your top three? To get things started, I'd suggest the AS 7007 event is perhaps the most notorious and

Re: Hurricane Electric AS6939

On Tue, 13 Oct 2020 23:29:55 + Aaron Gould wrote: > Do y’all like HE for Internet uplink? I’m thinking about using them > for 100gig in Texas. It would be for my eyeballs ISP. We currently > have Spectrum, Telia and Cogent. The price is usually amongst the lowest you'll find. I've found

Re: CIDR cleanup

On Thu, 1 Oct 2020 13:32:53 + John Von Essen wrote: > I tried to write my code to do this, and its not trivial, just > lookinh for a shortcurt. I did a breif glance at some CIDR related > Perl cpan modules, and nothing has jumped out. I wrote the code below some time ago. I've not used it

Re: TCP and UDP Port 0 - Should an ISP or ITP Block it?

On Tue, 25 Aug 2020 12:40:43 + Pim van Stam wrote: > Ohter opinions on this? IETF RFC 768 - User Datagram Protocol weighs in: "Source Port is an optional field, when meaningful, it indicates the port of the sending process, and may be assumed to be the port to which a reply

Re: RPKI for dummies

On Mon, 24 Aug 2020 13:01:15 + Robert Raszuk wrote: > I would not say that either S-BGP nor so-BGP were precursors to BGP > origin validation ( I am assuming this is what you are referring to > as "system we have today"). I would consider origin validation as just one application of the

Re: RPKI for dummies

On Sun, 23 Aug 2020 12:40:19 + Dovid Bender wrote: > Ok. So here is another n00b question. Why don't we have something > where when we advertise IP space we also pass along a cert [...] Take a look at: Stephen Kent, Charles Lynn, and Karen Seo. 2000. Secure border gateway protocol

Re: RPKI for dummies

On Thu, 20 Aug 2020 13:20:53 + Dovid Bender wrote: > How do ISP's that receive my advertisement (either directly from me, > meaning my upstreams or my upstreams upstream) verify against the > cert that the advertisement is coming from me? Nothing about your BGP announcements needs to

Re: RPKI TAs

On Sun, 2 Aug 2020 18:52:11 + Randy Bush wrote: > not to mention the ARIN stupidity Notwithstanding the RPA, downloading ARIN's TAL is straightforward: As documented here: One can wget, curl, or whatever this:

Re: Don Smith, RIP.

On Thu, 23 Jul 2020 23:22:45 + "Dobbins, Roland" wrote: > It is with a heavy heart that I must relate the news that Don Smith, > formerly of CenturyLink and more lately of Netscout Arbor, passed > away in his sleep last night. Thanks again for this Roland. We have lost one of the giants of

Re: ROV Deployment (was LDPv6 Census Check)

On Sun, 14 Jun 2020 18:09:24 + Randy Bush wrote: > thanks to a few vendor engineers who implemented as skunkworks, > to jay, you, and other large ops who have deployed, and to job > who has taken over waving the pom poms, i am rather optimistic. I concur. I asked our four major networks we

IGMPv3/MLDv2 implementation and deployment survey

[ Apologies if you've seen this already - jtk ] Friends, Those of you with knowledge, interest, or deployment experience with IP multicast in real networks should consider taking the survey linked to below. Forwarded with knowledge and permission of the original email author. The survey

Re: Sunday traffic curiosity

On Sun, 22 Mar 2020 19:17:59 + Grant Taylor via NANOG wrote: > What was wrong with Internet scale multicast? Why did it get abandoned? There are about 20 years of archives to weed through, and some of our friends are still trying to make this happen. I expect someone (Hi Lenny) to appear

Re: Sunday traffic curiosity

On Sun, 22 Mar 2020 19:08:24 + Owen DeLong wrote: > Maybe it’s time to revisit inter-domain multicast? Uhmm... no thank you. :-) John

Re: Poor mans TAP

On Mon, 7 Oct 2019 14:16:31 + Dovid Bender wrote: > Funds at my 9-5 are limited. Has anyone tried this and how well does > it work? We plan on mirroring about 800 megs of traffic at peak. > https://www.amazon.com/Dualcomm-1000Base-T-Ethernet-Regeneration-Network/dp/B0055M5JL8?ref_=ast_bbp_dp

Re: Weekly Routing Table Report

On Sat, 31 Aug 2019 10:35:39 + Masataka Ohta wrote: > If you can't accept the following principle of the End to End > argument: I think it is better to stick with what the paper refers to them e2e as, an argument. The e2e paper is by far one of the closest things we have to network canon

Re: CenturyLink/Level 3 combined AS

On Sat, 8 Jun 2019 14:40:23 + Filip Hruska wrote: > their pricing is (if you push hard enough) simply unbeatable. bps pricing is rarely apples to apples, Cogent will happily tell you that. However, you may want more than just apples. I've seen at least three serious providers offer as

Re: BGP prefix filter list

On Mon, 20 May 2019 23:09:02 + Seth Mattinen wrote: > A good start would be killing any /24 announcement where a covering > aggregate exists. I wouldn't do this as a general rule. If an attacker knows networks are 1) not pointing default, 2) dropping /24's, 3) not validating the

Re: NTP for ASBRs?

On Wed, 8 May 2019 07:56:33 + Lars Prehn wrote: > do you NTP sync your AS boundary routers? If so, what are incentives for > doing so? Are there incentives, e.g. security considerations, not to do it? In addition to what others have mentioned, if these systems are to perform route origin

Re: Best practices for BGP Communities

On Mon, 4 Mar 2019 01:42:02 + Joshua Miller wrote: > A while back I read somewhere that transit providers shouldn't delete > communities unless the communities have a specific impact to their > network, but my google-fu is failing me and I can't find any sources. Perhaps you're referring to

Re: [EXTERNAL] Re: RTBH no_export

On Mon, 4 Feb 2019 09:01:20 + i3D.net - Martijn Schmidt wrote: > Cogent does let you use RTBH, but on a separate BGP session to a > blackhole server. So it's a bit more hassle to set it up policy-wise, > because it deviates from the standard. Same story for "former > GlobalCrossing", now

Re: Announcing Peering-LAN prefixes to customers

On Wed, 16 Jan 2019 16:39:32 + Christoffer Hansen wrote: > You could do the same trick. But with data fetched from PeeringDB via > the public API. Works well. I think that is essentially what the service does, but in a BGP feed and maintained for you, kind of like the bogons service. John

Re: Announcing Peering-LAN prefixes to customers

On Wed, 16 Jan 2019 12:20:39 + Randy Bush wrote: > slide 8 of http://archive.psg.com/970210.nanog.pdf In Randy's presentation there is the suggestion to develop an IX filter list. Nearly 20 years later that actually happened. This wasn't a popular

Security Track @ NANOG 75 Call for Participation

[ Apologies if you saw this elsewhere already - jtk ] Friends, colleagues, fellow operators, The network security track, formerly known as the ISP security BoF, has plans to return at NANOG 75 in San Francisco February 18-20. I will be your track facilitator. I have a small handful of topics

Cogent and HE feedback [was Re: Whats going on at Cogent]

[ I've largely ignored this thread based on the Subject, but saw this so I'll change the subject to better reflect where I'm taking it. Sorry if this is a rehashing things others my have already said. - jtk ] On Tue, 23 Oct 2018 15:32:34 + Ross Tajvar wrote: > I am also interested in

Re: NANOG Security Track: Route Security

On Mon, 1 Oct 2018 03:27:49 + Ryan Hamel wrote: > Just like how all the email threads on NANOG are archived, all talks > should be archived as well. Whether to record a session or not is up to the presenter and track coordinator. The security track, originally called the ISP Security BoF

Re: tcp md5 bgp attacks?

On Tue, 14 Aug 2018 21:38:35 + Randy Bush wrote: > we would be interested in data from others. My data is coarse, but with 'show system statistics tcp | match auth' I see sometimes thousands of rcv packets dropped on BGP routers. I doubt they are attacks, but simply badly configured or

Re: Dedicated Server and IP anycast provider recommendation

On Mon, 13 Aug 2018 12:31:44 + Étienne via NANOG wrote: > Not sure you're still looking for something, but there's this > spreadsheet that has a few pointers: http://bgp.services/ Thanks again. This is at least the third time someone has pointed this web page out to me. :-) To

Re: Multicast traffic % in enterprise network ?

On Wed, 8 Aug 2018 18:49:52 + "Mankamana Mishra (mankamis) via NANOG" wrote: > * If there is any data which can provide what % of traffic is > multicast traffic. And if multicast is removed, how much unicast > traffic it would add up? Good question about the volume (and frequency). I

Dedicated Server and IP anycast provider recommendation

Friends, For those that may have used or know of a service like this. I know some exist, but it doesn't seem to be that popular or widely advertised as a standard service. I'm interested in pointers to a hosting/network provider that leases dedicated servers and can provide an anycast IP

Re: Confirming source-routed multicast is dead on the public Internet

On Wed, 1 Aug 2018 15:45:44 + Adam Davenport wrote: > I can confirm that GTT does indeed filter IP sourced from 224.0.0.0/4 at its > edge. Do you mean sent to 224/4 or literally anything with a source address of 224/4? For those that are or are considering filtering, you might also want

Re: Confirming source-routed multicast is dead on the public Internet

On Wed, 1 Aug 2018 02:43:10 + "Mankamana Mishra (mankamis) via NANOG" wrote: > other than billing problem, is there any other reasons why multicast > would not be viable for public internet ? Two other significant contributing factors stem from complexity and security issues. Here are

Re: Confirming source-routed multicast is dead on the public Internet

On Tue, 31 Jul 2018 21:28:31 + Sean Donelan wrote: > I did all the google searches, check all the usual CAIDA and ISP > sites. IP Multicast is used on private enterprise networks, and some > ISPs use it for some closed services. More anecdotal evidence. Probably the best place to know what

Re: Security team objectives

On Mon, 30 Jul 2018 04:43:35 + Ramy Hashish wrote: > If you are going to start a security team in a newly founded IT > organization, what will the objectives/results be? Hello Ramy, Management and organization buy-in is important. Initially I would say it would be helpful to do some

Re: Time to add 2002::/16 to bogon filters?

On Mon, 18 Jun 2018 21:08:05 + Job Snijders wrote: > TL;DR: Perhaps it is time to add 2002::/16 to our EBGP bogon filters? Hi Job, I've been asking people about this recently. I don't particularly like having misdirected traffic or badly configured hosts sending junk to those who happen

Re: RFC 1918 network range choices

On Thu, 5 Oct 2017 15:03:58 + "Jay R. Ashworth" wrote: > The answer seems to be "no, Jon's not answering his email anymore". You might get a better answer over on the internet-history list. Lots of people are still around that could probably shed some light on it.

Re: 10G switch drops traffic for a split second

On Tue, 29 Nov 2016 09:06:00 + TJ Trout wrote: > Could this be MTU? I've tried flow control, hard code duplex, stp on/off etc > I'm at a loss any ideas? This sounds like a common problem that certain data center environments run into with 10 Gb/s and higher loads. In a

Re: OSPF vs ISIS - Which do you prefer & why?

On Wed, 9 Nov 2016 17:12:24 + Michael Bullut wrote: > Although there isn't distinct 1:1 argument, it's good we discuss it > here and figure out why one prefer one over the other *(consider a > huge flat network)**.* What say you ladies and gentlemen? I'm not sure it is

Re: List of US server providers?

On Tue, 11 Oct 2016 14:23:19 + Carlos Kamtha wrote: > Was wondering if anyone can point me to a current list of > dedicated/VPS providers in the US. That is, if such a list exists... I'm not sure such a comprehensive and regularly maintained list is available, and I'm

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sun, 25 Sep 2016 22:59:15 + Stephen Satchell wrote: > In short, I have yet to see a "cookbook" for BGP38 filtering, for ANY > filtering system -- BSD, Linux, Cisco. There is some here for integrating Team Cymru's bogon BGP service into various router platforms:

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sun, 25 Sep 2016 14:36:18 + Ca By wrote: > As long as their is one spoof capable network on the net, the problem will > not be solved. This is not strictly true. If it could be determined where a large bulk of the spoofing came from, public pressure could be applied.

Security Track @ NANOG 68 Call for Participation

[ Apologies if you saw this elsewhere already - jtk ] Friends, colleagues, fellow operators, The network security track, formerly known as the ISP security BoF, may be on the agenda at NANOG 68 in Dallas October 17-19 and if we can put together a reasonable agenda I may be your track

Re: BGP FlowSpec

On Thu, 21 Apr 2016 09:46:13 +0200 Martin Bacher wrote: > - Intra-AS BGP FlowSpec deployment: Who is running it? For which kind > of attacks are you using it? Are you only dropping or rate-limiting > certain traffic or are you also using the redirect/remark >

Security Track @ NANOG 67 Call for Participation

[ Apologies if you saw this elsewhere already - jtk ] Friends, colleagues, fellow operators, The network security track, formerly known as the ISP security BoF, may be on the agenda at NANOG 67 in Chicago and if we can put together a reasonable agenda I may be your track facilitator. We not

Re: Thank you, Comcast.

On Fri, 26 Feb 2016 07:20:28 +0100 (CET) Mikael Abrahamsson wrote: > I know historically there were resolvers that used UDP/53 as source > port for queries, but is this the case nowadays? Empirically from what I've observed, much less than there once was. Looking at a sample

Re: Multicast stream monitoring tools

On Mon, 25 Jan 2016 12:48:47 +0400 Murat Kaipov wrote: > Hello folks!We have an issue with some multicast streams. For some > reason picture is very unstable in evening, during internet usage > peak times. We have had monitor our links and uplinks and there > wasn't any

Re: Ransom DDoS attack - need help!

On Thu, 3 Dec 2015 03:15:04 -0500 halp us wrote: > I would really appreciate help in a few areas (primarily with certain > provider contacts/intros) so we can execute our strategy (which I > can't reveal here for obvious reasons). If you email me off-list with > a

Re: Software Defined Networking

On Fri, 4 Sep 2015 14:40:31 + Rod Beck wrote: > Can anyone provide references on this top so I can educate myself? A bit more effort will be required on your part to get the most out it, but one potentially in depth resource would be Nick Feamster's Software

Re: Did *bufferbloat* cause the 2010 flashcrash?

On Sun, 02 Aug 2015 23:19:02 -0400 Jay Ashworth j...@baylink.com wrote: This guy seems to think so, and his arguments seem pretty convincing to me, but I don't understand the financial system as well as I might. Interesting Jay, thanks for forwarding that. I'm not convinced, but I could be.

Re: Strange traceroute result to VM in EC2, Singapore

On Thu, 6 Aug 2015 21:35:46 +0530 Glen Kent glen.k...@gmail.com wrote: Any pointers on this would be very helpful. Presumably you're doing this from a Linux host. You might try these flags to see what you get: -T, --tcp Use TCP SYN for probes -e, --extensions

Re: UDP clamped on service provider links

On Thu, 30 Jul 2015 21:18:10 -0500 Jason Baugher ja...@thebaughers.com wrote: In one case, when we were having an issue with a SIP trunk, we re-numbered our end to another IP in the same subnet. Same path from A to Z, but the packet loss mysteriously disappeared using the new IP. It sure

Re: UDP clamped on service provider links

On Mon, 27 Jul 2015 19:42:46 +0530 Glen Kent glen.k...@gmail.com wrote: Is it true that UDP is often subjected to stiffer rate limits than TCP? Yes, although I'm not sure how widespread this is in most, if even many networks. Probably not very widely deployed today, but restrictions and

Re: NTP versions in production use?

Hi Harlan, On Fri, 10 Jul 2015 13:30:15 -0700 Harlan Stenn st...@nwtime.org wrote: I know that Cisco, for example, uses NTP in around 10 different product lines, but I don't know what versions of NTP are in current use. At least with the equipment with which I'm familiar they weren't

Re: PoC for shortlisted DDoS Vendors

On Wed, 01 Apr 2015 19:51:54 +0300 Mohamed Kamal mka...@noor.net wrote: The setup will be inline. So it would be great if anyone have done this before and can help provide the appropriate tools, advices, or the testing documents for efficient PoC. Hi Mohamed, We recently introduced a

Re: Last-call DoS/DoS Attack BCOP

On Wed, 25 Mar 2015 08:27:14 -0400 Rob Seastrom r...@seastrom.com wrote: John's statement was in the context of general advice to be included in a BCOP document and I felt compelled to say whoa there. My intent was for it to be taken as a DDoS mitigation response option, not as a general

Re: Last-call DoS/DoS Attack BCOP

On Mon, 23 Mar 2015 19:00:14 -0400 Yardiel D.Fuentes yard...@gmail.com wrote: Since there have been good feedback for this BCOP. The committee decided to extend the last-call period for another two weeks to give ample chance to further feedback. So, it is not late for more comments, Hi

Security Track @ NANOG 63 Call for Participation

[ Apologies if you saw this elsewhere already - jtk ] Friends, colleagues, fellow operators, The network security track, formerly known as the ISP security BoF, will be on the agenda at NANOG 63 in San Antonio and I will be the track facilitator. We not only seek your participation, but we are

Re: How our young colleagues are being educated....

On Thu, 25 Dec 2014 19:21:34 -0500 Miles Fidelman mfidel...@meetinghouse.net wrote: Cisco as the basis of networking material? Does nobody use Comer, Stallings, or Tannenbaum as basic texts anymore? I currently use a Comer book. I've also used a Tannenbaum book in the past, but not recently.

Re: Charter ARP Leak

On Mon, 29 Dec 2014 14:23:56 -0500 (EST) Jay Ashworth j...@baylink.com wrote: From an intermediate routing standpoint, though, it would be easier to add an *adjacent* block, not one halfway across the address space, no? One never knows how the address space is carved up. Changing what were

Re: abuse reporting tools

On Tue, 18 Nov 2014 16:58:24 -0800 Mike mike-na...@tiedyenetworks.com wrote: I provide broadband connectivity to mostly residential users. Over the past few years, instances of DDoS against the network - specfically targeting end users - has been on the rise, and today I can qualify many

Re: Unwanted Traffic Removal Service (UTRS)

On Thu, 09 Oct 2014 22:58:05 +0200 Christian Seitz ch...@in-berlin.de wrote: What I do not like at this UTRS idea is that I cannot announce a prefix via BGP. Somebody has to inject it for me. I would like to announce it in real time and not with delay because of manual approval. While true

Unwanted Traffic Removal Service (UTRS)

Friends and colleagues, Yesterday I briefly discussed a new project we've recently launched and for which invited participation from the NANOG 62 attendees. This is a not so subtle wider request for consideration. UTRS is essentially a community RTBH that people have suggested to us would be a

Re: Unwanted Traffic Removal Service (UTRS)

On Wed, 8 Oct 2014 16:42:38 +0200 Job Snijders j...@instituut.net wrote: Just like chicory, personally I don't like it. Yes, Cymru has build a reputation as clearing house for redistribution of security related information. But... (aside from any local safety net filter), it's quite a leap to

Re: Marriott wifi blocking

On Fri, 3 Oct 2014 16:16:22 -0400 Nick Olsen n...@flhsi.com wrote: Not sure the specific implementation. But I've heard of Rouge AP detection done in two ways. Relation discussion on this topic has come up from time to time. I believe the last time was in a thread that starts here and

Re: upstream support for flowspec

On Thu, 18 Sep 2014 13:53:52 -0400 Daniel Corbe co...@corbe.net wrote: Is there anything in the air about widening the adoption base? Cisco? Brocade? I've seen some suggesting that increased support, but even at Juniper, actions seem to speak larger than words. There seems to be very little

Re: Book / Literature Recommendations

On Tue, 16 Sep 2014 09:48:45 +0100 James Bensley jwbens...@gmail.com wrote: What is the single best book you have read on networking? I couldn't narrow it down to one, but since it hasn't been mentioned already, Radia Perlman's Interconnections. Her's is utterly fantastic largely in part

Security Track @ NANOG 62 Call for Participation

Friends, colleagues, fellow operators, The network security track, formerly known as the ISP security BoF, will be on the agenda at NANOG 62 in Baltimore and I will be the track facilitator. My good friend Krassimir (Krassi) Tzvetanov many of you may know, has also agreed to help coordinate. We

Re: Multicast Internet Route table.

On Tue, 2 Sep 2014 04:47:37 + S, Somasundaram (Somasundaram) somasundara...@alcatel-lucent.com wrote: 1: Does all the ISP's provide Multicast Routing by default? No not all and even those that do often do not do so on the same gear, links and peers as their unicast forwarding. 2: Is

Re: Multicast Internet Route table.

On Tue, 02 Sep 2014 08:43:16 -0700 Octavio Alvarez alvar...@alvarezp.ods.org wrote: No not all and even those that do often do not do so on the same gear, links and peers as their unicast forwarding. Why would that be, are network devices not able to support multicast? That was part of

Re: JunOS NTP - Re: OpenNTPProject.org

On Tue, 18 Feb 2014 09:14:59 -0500 Jared Mauch ja...@puck.nether.net wrote: prefix-list ntp-servers { apply-path system ntp server *; Some people also have a 'boot-server [server]' statement. In the off chance that address is different than those listed in the server statements,

Re: TWC (AS11351) blocking all NTP?

On Mon, 03 Feb 2014 16:49:37 +1300 Geraint Jones gera...@koding.com wrote: We block all outbound UDP for our ~200,000 Users for this very reason (with the exception of some whitelisted NTP and DNS servers). So far we have had 0 complaints I've heard this sort of absence of complaint statement

Re: TWC (AS11351) blocking all NTP?

On Mon, 3 Feb 2014 07:08:25 + Dobbins, Roland rdobb...@arbor.net wrote: There's nothing in IPv6 which makes any difference. The ultimate solution is antispoofing at the customer edge. There is at least one small thing that may change some part of this and similar problems. If the threat

Re: Oklahoma State Univ.

On Fri, 17 Jan 2014 13:25:42 -0600 J. Oquendo s...@infiltrated.net wrote: Yes I know there is UNISOG, not on it anymore. Can someone on that list either forward, or put me in touch with one in the know there (AS5078) concerning things malware related appreciated. UNISOG no longer exists.

Re: ddos attacks

On Wed, 18 Dec 2013 15:12:28 -0800 cb.list6 cb.li...@gmail.com wrote: I am strongly considering having my upstreams to simply rate limit ipv4 UDP. It is the simplest solution that is proactive. I understand your willingness to do this, but I'd strongly advise you to rethink such a strategy.

Re: Policy-based routing is evil? Discuss.

On Fri, 11 Oct 2013 18:27:00 +0100 (BST) William Waites wwai...@tardis.ed.ac.uk wrote: I'm having a discussion with a small network in a part of the world where bandwidth is scarce and multiple DSL lines are often used for upstream links. The topic is policy-based routing, which is being

Re: chargen is the new DDoS tool?

On Tue, 11 Jun 2013 19:52:02 -0400 Ricky Beam jfb...@gmail.com wrote: All of the above plus very poorly managed network / network security. (sadly a Given(tm) for anything ending dot-e-d-u.) That broad sweeping characterization, without any evidence, can be as casually dismissed without

Re: Open Resolver Problems

On Mon, 1 Apr 2013 20:33:36 +0200 (CEST) Mikael Abrahamsson swm...@swm.pp.se wrote: You're sending queries, not replies. That's why DPI is needed to do the blocking, rather than just by port. What queries are sourced from port 53 nowadays? I would expect from stubs this will be close

  1   2   >