Re: Mitigating HTTP DDoS attacks?
On Mon, Mar 24, 2008 at 6:02 PM, Mike Lyon [EMAIL PROTECTED] wrote: Howdy all, So, i'm kind of new to this so please deal with my ignorance. But, what is common practice these days for HTTP DDoS mitigation during an attack? You can of course route every offending ip address to null0 at your border. But, if it's a botnet or trojan or something, It's coming from numerous different source IPs and Null0 routes can get very cumbersome. obviously. How do you folk usually deal with this? Any input would be greatly appreciated. Cheers, Mike They're a few companies that specialize in DDOS protection type services one company that comes to mind is Prolexic and their IPN infrastructure protection service. Prolexic will basically absorbs all attacks filter out the bad data and then deliver clean traffic back to your network. Its completly transparent to you're clients. Its not cheap but i've worked with a few internet based trading companies who used this service to litigate DDOS attacks on their network infrastructure. -- [ Rodrick R. Brown ] http://www.rodrickbrown.com http://www.linkedin.com/in/rodrickbrown
Re: AboveNet Global Routing issue
On Thu, Feb 28, 2008 at 1:54 PM, Ross Vandegrift [EMAIL PROTECTED] wrote: Hi Everyone, Just received a light-up of calls about general connectivity, a call to AboveNet got us the answer that they are having global routing issues. Has anyone received any more details? Seeing issues here traceroute to www.mailstreet.com (69.25.50.243), 30 hops max, 40 byte packets 6 fe-6-0-900.cr.nyc1.ny.towerstream.com (69.38.136.113) 15.806 ms 15.788 ms 15.845 ms 7 221.ge-1-3-2.mpr1.lga5.us.above.net (64.124.195.98) 17.005 ms 9.708 ms 10.229 ms 8 so-1-2-0.mpr1.dca2.us.above.net (64.125.26.101) 9.972 ms 9.345 ms 9.426 ms 9 * * * 10 xe-1-1-0.er2.iad10.above.net (64.125.26.242) 12.020 ms 9.822 ms 10.848 ms 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * -- Ross Vandegrift [EMAIL PROTECTED] The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell. --St. Augustine, De Genesi ad Litteram, Book II, xviii, 37 -- Rodrick R. Brown http://www.rodrickbrown.com http://www.linkedin.com/in/rodrickbrown
Re: Windows based DDNS gslb tracker/updater product
The first product that comes to mind is Resonate. I could be wrong http://www.resonate.com/prod_glob_disp.html On 3/18/07, Joe Maimon [EMAIL PROTECTED] wrote: Hey all, I am looking for a product I have seen in the past but dont recall its name or anyother information other than - it was windows based - it tracked which services were up on which ip address with rules/policies - it performed DDNS updates based on tracking results. With the obvious goal of performing DNS/GSLB without utilizing any specialty hardware. I understand I can write all kinds of scripts -- but this is for a customer, whom for obvious reasons would prefer something productized. Replies off-list welcome and I will summarize any usefull information. Thanks in advance, Joe -- Rodrick R. Brown
Re: Time Series databases
On 2/8/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Going back to this thread, http://www.kx.com/ deals in financial transaction databases where they store millions of ticks. They appear to have a transactional based language with a solution that appears to be robust and fail resistant. hmm, that is quite interesting. and apparently people out there _are_ using it for things like counter values and what not - based on their FAQ. I'd absolutely love to know more about the algorithms and math behind something like kdb+ KX publish a bunch of information about their product. Their lineage goes back to APL and the J language, both of which found most of their users in financial services. However, the general issue of time-series databases is more interesting. Google will take you to lots of research using keywords like: time-series database delta wavelet search indexing maxima Of course, don't use them all at once. To give you a flavor of the stuff that people have done, here is a slide presentation on compression and indexing that does not use averages like RRD does: http://www.cs.cmu.edu/~eugene/research/talks/major-extrema.ppt In addition to Google, it is a good idea to search CiteSeer http://citeseer.ist.psu.edu/ because it allows you to quickly track down references to other papers so you can read them all as a set. I don't think there are any full-blown open-source implementations that you could integrate into your own systems. There is stuff like Metakit http://www.equi4.com/metakit.html which stores data by column rather than by row. And people who have thought about how to efficiently store time-series probably cobbled together their own systems using bsddb or HDF5. If you are stuck in the SQL world, then check out these articles on star and snowflake schemas. http://en.wikipedia.org/wiki/Snowflake_schema http://en.wikipedia.org/wiki/Star_schema and follow up the references at the bottom of the page. There have been numerous technical discussions over at EliteTrader.com about tick database implementations using a variety of technologies from with various pros and cons of SQL, KX, Vhayu, Times Ten, Hibernate, and HDF5 a must read for anyone interested. The threads can be found on elite trader automated trading forums http://www.elitetrader.com/vb/showthread.php?s=threadid=81345perpage=6pagenumber=1 -- Rodrick R. Brown
Re: Google wants to be your Internet
On 1/20/07, Mark Boolootian [EMAIL PROTECTED] wrote: Cringley has a theory and it involves Google, video, and oversubscribed backbones: http://www.pbs.org/cringely/pulpit/2007/pulpit_20070119_001510.html The following comment has to be one of the most important comments in the entire article and its a bit disturbing. Right now somewhat more than half of all Internet bandwidth is being used for BitTorrent traffic, which is mainly video. Yet if you surveyed your neighbors you'd find that few of them are BitTorrent users. Less than 5 percent of all Internet users are presently consuming more than 50 percent of all bandwidth. -- Rodrick R. Brown
Re: analyse tcpdump output
On 11/22/06, Stefan Hegger [EMAIL PROTECTED] wrote: Hi, I wonder if someone knows a tool to use a tcpdump output for anomaly dedection. It is sometimes really time consuming when looking for identical patterns in the tcpdump output. It would be helpful to get a diff between SYN and ACK's e.g. Or look for a pattern in a URL. Or just get some timediffs e.g. when an ACK is send but client is waiting for data etc. We would like to decrease time to investigate the cause for an unusual network behaviour. Best Stefan -- Stefan Hegger Internet System Engineer [EMAIL PROTECTED] Tel: +49 5241 8071 334 Lycos Europe GmbH Carl-Bertelsmann Str. 29 Postfach 315 33311 Gütersloh http://www.wireshark.org -- Rodrick R. Brown http://groups.yahoo.com/group/wallstandtech
Re: DNS Based Load Balancers
On 7/4/06, Sam Stickland [EMAIL PROTECTED] wrote: Matt, A few quick questions for you, if you got the time to answer it would be appreciated (questions inline): -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Ghali Sent: 04 July 2006 07:21 To: Patrick W. Gilmore Cc: nanog@merit.edu Subject: Re: DNS Based Load Balancers On Sun, 2 Jul 2006, Patrick W. Gilmore wrote: Would you mind giving us a little more to go on than the love of god before making strategic architectural decisions? Just in case we like to decide things for ourselves. :) Patrick, I am sorry if I have hit a nerve with you- it seems you've got a vested interest in the answer to this question, and I appreciate your position. For instance, was F5's implementation flawed, or do you have a reason to dislike the basic idea? And why? For the record, what I _should_ have advised the OP was for the love of god, don't try to do this yourself with an appliance. I wholeheartedly encourage him to give his local Akamai sales rep a call. I am sorry for the confusion and angst my brevity has caused. We work with a couple of different technologies here - our own GSS's, cache farms and also external CDNs (for overflow). This is currently and area that is currently under evaluation for a quite significant expansion. Are you able to give some kind of description as to the problems you experienced whilst using your own appliances? It would be very useful to be able to avoid making the same mistakes. Sam As someone who has also deployed GSLB's with hardware applicances I would also like to know real world problems and issues people are running into today on modern GSLB implementations and not theoretical ones, as far as I can tell our GSLB deployment was very straight forward and works flawlessly. -- Rodrick R. Brown