Re: Mitigating HTTP DDoS attacks?
On 3/25/08, Peter Dambier [EMAIL PROTECTED] wrote: proc2pl might get you ideas, from the ISAON tools on You know, for the last year or two I've heard you go on and on about IASON. A few months ago I actually did download it and the only thing I can find in it is an assortment of scripts to manage DNS zone files. I don't see anything in there about auto detecting the network, automatically blocking DDoS or any of the other artificial intelligence you purport it has. Peter and Karin Dambier I'm not sure how to interpret this. Are Peter Karin the same person? You be the judge. http://wiki.piratenpartei.de/images/3/39/KarinPeter.jpg Cesidian Root - Radice Cesidiana Google searches on Cesidian Root reveal a rather scruffy man running this alternative root out of Long Island, fighting for secession from the United States. I'm sure Most Rev. Dr. Cesidio Tallini, BS, PhD hc, CPC, RH-INHA, APP, AMBCS, MMPR, OEMTDV will get there, one day. http://www.cesidianroot.com/ You might want to have the reverend doctor contact customer care, as the website suggests. It seems the website is down.
Re: Qwest desires mesh to reduce unused standby capacity
On Wed, Feb 27, 2008 at 9:37 PM, Frank Bulk - iNAME [EMAIL PROTECTED] wrote: http://telephonyonline.com/access/news/ofc-qwest-optical-0226/ To keep this OT as much as possible, my question is if a mesh-configuration of backup routes (where one link could provide 'protection' for many) would be considered a sufficient replacement for SONET rings, or if the Qwest CTO is really trying to get out of providing sub 50-msec protected loops and encouraging L3 and above protection schemes, so that they can even further over-subscribe their network. Frank UU/MFS tried running IP on the 'protect' path of their SONET rings 10 years ago. It didn't work then. More seriously, you *can* avoid using protected links for IP (which is what Qwest seems to suggest) easily, and allegedly using MPLS/FRR you could have sub-second reroute times without having full dedicated protect path. Building your network on preemptable links (the protect-side) as UU did back in the day is probably of the I encourage my competitors to do this solutions. Paul Selling more grillz than George Foreman Wall
Re: YouTube IP Hijacking
On Sun, 24 Feb 2008, Sargun Dhillon wrote: I don't know how large Pakistani Telecom is, but it I bet its not large enough that PCCW should be allowing it to advertise anything. I think you're failing to take into account how multihoming generally works. The real fallacy here is that PCCW/BTN refuses to prefix-list filter their customers, as evidenced by this and past leaks. If something productive can come from today's outage, it would be PCCW beginning to do their part as responsible Internet citizens, given (excuse the pun) peer pressure. I'd also focus on the lessons learned from the un-official IP Hijacking BOF held in San Jose, during which engineers and researchers studied the extent to which obviously-bogus route advertisements propagated across the public Internet. At these events, prefixes such as 1/8 and 100/7 were advertised, and, by Renesys/bgplay/route-views/etc data, accepted by 99% (?) of the internet. IP blocks that were hijacked before (like 146.20/16) were announced with similar outcome. Results were planned to be presented at the next NANOG, but they shouldn't be a surprise to anyone in the industry: nobody filters. Paul Wall