Re: FW: DNS TTL adherence
:: So, if you, or the original poster, is going to move
:: ${important_resource}
:: around ip-wise keep in mind that your ${important_thing} may have to
:: answer to more than 1 ip address for a period much longer than your
:: tuned
:: TTL :(
::
:: Thanks all for the responses. I do understand we may need to support the
:: old IP addresses for sometime. I was hoping someone had performed a
:: study out there to determine what a ratio maybe for us supporting an old
:: IP address (I know our traffic profile will be unique for us thus it
:: would only give us a general idea).
::
:: For example if we change ip addresses will we need to plan on 20%
:: traffic at old site on day1, 10% day2, 5%, day3, and so on...? There are
:: also issues related to proxy servers and browser caching that are
:: independent of DNS we will need to quantify to understand full risk. The
:: more data we have will drive some of our decisions.
In my not-so-scientific studies with changind IPs for a fairly large
volume site, I found that 90% of the people will use the new ip within an
hour of TTL expiration, 99.999% of the people within 3 days, and that
remaining .001% may take years
As someone said earlier, some parts of the 'net are just broken beyond
your control...
-igor
The Cidr Report
This report has been generated at Fri Mar 17 21:53:43 2006 AEST.
The report analyses the BGP Routing Table of an AS4637 (Reach) router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/as4637 for a current version of this report.
Recent Table History
Date PrefixesCIDR Agg
10-03-06179922 119096
11-03-06180083 119168
12-03-06180226 119072
13-03-06180168 119005
14-03-06180219 119126
15-03-06180443 119233
16-03-06180409 119319
17-03-06180528 119297
AS Summary
21686 Number of ASes in routing system
9021 Number of ASes announcing only one prefix
1486 Largest number of prefixes announced by an AS
AS7018 : ATT-INTERNET4 - ATT WorldNet Services
91272960 Largest address span announced by an AS (/32s)
AS721 : DLA-ASNBLOCK-AS - DoD Network Information Center
Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').
--- 17Mar06 ---
ASnumNetsNow NetsAggr NetGain % Gain Description
Table 180458 1192786118033.9% All ASes
AS4323 1226 241 98580.3% TWTC - Time Warner Telecom,
Inc.
AS18566 9209 91199.0% COVAD - Covad Communications
Co.
AS4134 983 257 72673.9% CHINANET-BACKBONE
No.31,Jin-rong Street
AS721 1010 311 69969.2% DLA-ASNBLOCK-AS - DoD Network
Information Center
AS22773 638 48 59092.5% CCINET-2 - Cox Communications
Inc.
AS6197 1004 476 52852.6% BATI-ATL - BellSouth Network
Solutions, Inc
AS7018 1486 964 52235.1% ATT-INTERNET4 - ATT WorldNet
Services
AS19916 563 65 49888.5% ASTRUM-0001 - OLM LLC
AS855545 64 48188.3% CANET-ASN-4 - Aliant Telecom
AS7757 473 19 45496.0% CCCH-AS4 - Comcast Cable
Communications Holdings, Inc
AS17488 516 78 43884.9% HATHWAY-NET-AP Hathway IP Over
Cable Internet
AS3602 536 109 42779.7% AS3602-RTI - Rogers Telecom
Inc.
AS812438 28 41093.6% ROGERS-CABLE - Rogers Cable
Inc.
AS9498 561 155 40672.4% BBIL-AP BHARTI BT INTERNET
LTD.
AS4755 723 344 37952.4% VSNL-AS Videsh Sanchar Nigam
Ltd. Autonomous System
AS17676 484 107 37777.9% JPNIC-JP-ASN-BLOCK Japan
Network Information Center
AS11492 636 279 35756.1% CABLEONE - CABLE ONE
AS15270 379 34 34591.0% AS-PAETEC-NET - PaeTec.net -a
division of
PaeTecCommunications, Inc.
AS4766 644 304 34052.8% KIXS-AS-KR Korea Telecom
AS6467 392 53 33986.5% ESPIRECOMM - Xspedius
Communications Co.
AS6198 579 242 33758.2% BATI-MIA - BellSouth Network
Solutions, Inc
AS18101 319 27 29291.5% RIL-IDC Reliance Infocom Ltd
Internet Data Centre,
AS14654 301 14 28795.3% WAYPORT - Wayport
AS22047 372 89 28376.1% VTR BANDA ANCHA S.A.
AS3352 307 31 27689.9% TELEFONICA-DATA-ESPANA
Internet Access Network of
TDE
AS6167 340 65 27580.9% CELLCO-PART - Cellco
Partnership
AS19262 618 345 27344.2% VZGNI-TRANSIT - Verizon
Internet Services Inc.
AS9583 867 595 27231.4% SIFY-AS-IN Sify Limited
AS5668 522 252 27051.7% AS-5668 - CenturyTel Internet
Holdings,
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. Daily listings are sent to [EMAIL PROTECTED] If you have any comments please contact Philip Smith [EMAIL PROTECTED]. Routing Table Report 04:00 +10GMT Sat 18 Mar, 2006 Analysis Summary BGP routing table entries examined: 184375 Prefixes after maximum aggregation: 102184 Unique aggregates announced to Internet: 89838 Total ASes present in the Internet Routing Table: 21772 Origin-only ASes present in the Internet Routing Table: 18926 Origin ASes announcing only one prefix:8989 Transit ASes present in the Internet Routing Table:2846 Transit-only ASes present in the Internet Routing Table: 69 Average AS path length visible in the Internet Routing Table: 4.5 Max AS path length visible: 22 Prefixes from unregistered ASNs in the Routing Table:76 Special use prefixes present in the Routing Table:0 Prefixes being announced from unallocated address space: 11 Number of addresses announced to Internet: 1511349856 Equivalent to 90 /8s, 21 /16s and 94 /24s Percentage of available address space announced: 40.8 Percentage of allocated address space announced: 60.2 Percentage of available address space allocated: 67.8 Total number of prefixes smaller than registry allocations: 90192 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes:38802 Total APNIC prefixes after maximum aggregation: 16257 Prefixes being announced from the APNIC address blocks: 36601 Unique aggregates announced from the APNIC address blocks:17814 APNIC Region origin ASes present in the Internet Routing Table:2508 APNIC Region origin ASes announcing only one prefix:704 APNIC Region transit ASes present in the Internet Routing Table:387 Average APNIC Region AS path length visible:4.5 Max APNIC Region AS path length visible: 17 Number of APNIC addresses announced to Internet: 217698272 Equivalent to 12 /8s, 249 /16s and 207 /24s Percentage of available APNIC address space announced: 68.1 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911 APNIC Address Blocks 58/7, 60/7, 121/8, 122/7, 124/7, 126/8, 202/7 210/7, 218/7, 220/7 and 222/8 ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes: 96511 Total ARIN prefixes after maximum aggregation:57019 Prefixes being announced from the ARIN address blocks:75675 Unique aggregates announced from the ARIN address blocks: 28886 ARIN Region origin ASes present in the Internet Routing Table:10591 ARIN Region origin ASes announcing only one prefix:3954 ARIN Region transit ASes present in the Internet Routing Table: 972 Average ARIN Region AS path length visible: 4.3 Max ARIN Region AS path length visible: 19 Number of ARIN addresses announced to Internet: 291281408 Equivalent to 17 /8s, 92 /16s and 154 /24s Percentage of available ARIN address space announced: 72.3 ARIN AS Blocks 1-1876, 1902-2042, 2044-2046, 2048-2106 (pre-ERX allocations) 2138-2584, 2615-2772, 2823-2829, 2880-3153 3354-4607, 4865-5119, 5632-6655, 6912-7466 7723-8191, 10240-12287, 13312-15359, 16384-17407 18432-20479, 21504-23551, 25600-26591, 26624-27647, 29696-30719, 31744-33791 35840-36863 ARIN Address Blocks24/8, 63/8, 64/6, 68/7, 70/6, 74/7, 76/8, 198/7, 204/6, 208/7 and 216/8 RIPE Region Analysis Summary Prefixes being announced by RIPE Region ASes: 36599 Total RIPE prefixes after maximum aggregation:24490 Prefixes being announced from the RIPE address blocks:33620 Unique aggregates announced from the RIPE address blocks: 22716 RIPE Region origin ASes present in the Internet Routing Table: 7783 RIPE Region origin ASes announcing only one prefix:4072 RIPE Region transit ASes present in the Internet Routing Table:1295 Average RIPE Region AS path length visible: 5.0 Max RIPE Region AS path length visible: 19 Number of RIPE addresses
mail.chartercom.com operators
hello, i'm trying to troubleshoot some issues i'm having sending messages to chartercom.com users via mail.chartercom.com. every time i try to make a smtp connection to mail.chartercom.com the remote end sends a RST before the connection is even setup. if someone w/ knowledge of chartercom.com's mail server policies could get back to me, i'd appreciate it. i've already attempted to contact chartercom.com on my own to no avail. thanks, -g -- Greg Albrecht ([EMAIL PROTECTED]) http://undef.net
DNS Amplification Attacks
In this paper we address in detail how the recent DNS DDoS attacks work. How they abuse name servers, EDNS, the recursive feature and UDP packet spoofing, as well as how the amplification effect works. Our study is based on packet captures (we provide with samples) and logs from attacks on different networks reported to have a volume of 2.8Gbps. One of these networks indicated some attacks have reached as high as 10Gbps and used as many as 140,000 exploited name servers. In the conclusions we also discuss some remediation suggestions. Given recent events, we have been encouraged to make this text available at this time. URL: http://www.isotf.org/news/DNS-Amplification-Attacks.pdf Please note that this version of this paper is prior to submission for publication and that the final version may see significant revisions. Thanks, Randy Vaughn and Gadi Evron.
Re: DNS Amplification Attacks
That ISPs still do not filter inbound traffic from their customers to prevent source spoofing is amazing. Done closer to the ingress edge this filtering shouldnt be that expensive. Not everyone will do it, but atleast it will limit the places from where source address spoofing attacks originate.The administrative burden arguments dont fly - a list of routes and IP address assignments per customer is already maintained both by ISPs and the customers -and route filters access lists are routinely automated. So beyond laziness - are there any technical reasons why this causes problems for anyone ?Gadi Evron [EMAIL PROTECTED] wrote: In this paper we address in detail how the recent DNS DDoS attacks work.How they abuse name servers, EDNS, the recursive feature and UDP packet spoofing, a s well as how the amplification effect works.Our study is based on packet captures (we provide with samples) and logs from attacks on different networks reported to have a volume of 2.8Gbps. One of these networks indicated some attacks have reached as high as 10Gbps and used as many as 140,000 exploited name servers.In the conclusions we also discuss some remediation suggestions.Given recent events, we have been encouraged to make this text available at this time.URL: http://www.isotf.org/news/DNS-Amplification-Attacks.pdfPlease note that this version of this paper is prior to submission for publication and that the final version may see significant revisions.Thanks,Randy Vaughn and Gadi Evron.
Re: XO Connectivity
On Thu, 16 Mar 2006, David Coulson wrote: Is anyone seeing issues with XO? We've been seeing some strange BGP resets over night and only about 10% of our routes are best pathed through them (usually more like 40%), even after we reset sessions to other carriers... Not out here, things seem normal. I'm on a Verizon DSL line but have had no trouble getting to any of our biggest clients' sites, most of which sit on XO broadband (either DSL or T1). -- Steve Sobol, Professional Geek 888-480-4638 PGP: 0xE3AE35ED Company website: http://JustThe.net/ Personal blog, resume, portfolio: http://SteveSobol.com/ E: [EMAIL PROTECTED] Snail: 22674 Motnocab Road, Apple Valley, CA 92307
