Re: Bringing spouse/significant other to Dallas for NANOG?
On Thu, Feb 09, 2006 at 11:49:55PM -0600, brokaw price said something to the effect of: > > If you're considering bringing your sweetie to NANOG and you're worried > about how she might not be so keen on 4 days of acronyms and alphabet soup, Hey! I presume you weren't meaning to alienate the females on this list by insinuating that all list-sweeties were shes and all NANOG-associated shes were sweeties... ;) This "she" happens to love alphabet soup, and my sweetie is a "he". Whatever shall I do with his fragile little mind?!?! (Kidding...he's a geek, too.) > this link might come in handy! > http://www.nanog.org/mtg-0602/valentines.html > My commendations to the actual purveyor of the linked page's contents, where the communication suggests that spouses of NANOGers may come in one of 2 genders--collect them both! I am woman, hear me route, --ra ;) > We're looking forward to seeing everyone in Dallas. > Cheers, > -- Brokaw > > > -- rachael treu gomes[EMAIL PROTECTED] ..quis custodiet ipsos custodes?.. (this email has been brought to you by the letters 'v' and 'i'.)
Re: SAVVIS and Global Crossing Loss on West Coast
Um...I've heard that the latter *hasn't* suffered a loss... Sorry. --ra On Tue, Jan 10, 2006 at 10:29:40AM -0700, Flint Barber said something to the effect of: > > Has anyone seen heard about network loss on the west coast for SAVVIS > and Global Crossing?? > -Flint > -- rachael treu gomes[EMAIL PROTECTED] ..quis custodiet ipsos custodes?.. (this email has been brought to you by the letters 'v' and 'i'.)
Re: quest
do you mean...qwest? ;) On Fri, Sep 23, 2005 at 04:26:02PM -0400, Joseph Nuara said something to the effect of: > > Is there something going on over at quest (the proverbial network > slowness issue). I am seeing varied results for transit over there > network. Attached are the traceroutes from 2 different routers. > > Router with the problem > 6 qwest.ewr02.atlas.cogentco.com (154.54.12.78) 1.607 ms 1.713 ms > 2.101 ms > 7 205.171.17.125 (205.171.17.125) 2.030 ms 2.001 ms 1.791 ms > 8 205.171.5.138 (205.171.5.138) 161.786 ms * 161.343 ms > 9 205.171.253.30 (205.171.253.30) 161.502 ms 163.892 ms 161.101 ms > 0 msfc-02.apa.qwest.net (63.150.160.26) 362.710 ms * 160.986 ms > 1 66.77.32.211 (66.77.32.211) 161.477 ms 161.526 ms 161.906 ms > > Router w/o the problem > 5 ge-6-0-0-51.gar3.NewYork1.Level3.net (4.68.97.4) 9.636 ms 10.009 ms > 9.714 > ms > 6 205.171.1.97 (205.171.1.97) 9.754 ms 10.016 ms 15.535 ms > 7 205.171.17.125 (205.171.17.125) 10.057 ms 10.205 ms 9.979 ms > 8 205.171.5.138 (205.171.5.138) 59.738 ms 59.802 ms 59.676 ms > 9 205.171.253.30 (205.171.253.30) 59.820 ms 59.899 ms 59.581 ms > 10 msfc-02.apa.qwest.net (63.150.160.26) 60.219 ms 59.589 ms 59.827 ms > 11 66.77.32.211 (66.77.32.211) 60.033 ms 59.798 ms 59.993 ms -- rachael treu gomes[EMAIL PROTECTED] ..quis custodiet ipsos custodes?.. (this email has been brought to you by the letters 'v' and 'i'.)
Re: Cisco mulls buying Nokia?
Strange... Explicit reference to how this would enable Cisco to gain purchase into the wireless space, but no mention of the impact on the popularity of Nokia platforms with a competing firewall vendor, Check Point. Any thoughts on VoIP? ymmv, --ra On Sun, Aug 07, 2005 at 08:11:13PM +, Fergie (Paul Ferguson) said something to the effect of: > > I had to check the date to make sure it wasn't really > April 1st > > A Reuters newswire article, via Yahoo! News, reports that: > > [snip] > > Cisco Systems Inc. is considering buying the world's top mobile handset maker > Nokia in a bid to gain its wireless infrastructure technology, the Business > newspaper reported on Sunday. > > The paper, which did not reveal the source of its information, said > U.S.-based Cisco had traditionally concentrated on acquisitions of niche > technology players, but its Chief Executive John Chambers is believed to be > interested in merging with a wireless infrastructure company. > > "Nokia has been identified as the most likely target," the paper said. > > Cisco, the largest maker of Internet equipment, is worth around $123 billion, > while Nokia's market value is around $71 billion. > > The paper said Cisco's mainstay networking market was fast changing with the > convergence of fixed-line and wireless networks, and Cisco needed a merger to > acquire the technology to create intelligent wireless applications, which > Finnish-based Nokia could provide. > > Cisco was not immediately available for comment. A Nokia spokeswoman in > Helsinki declined to comment. > > [snip] > > http://news.yahoo.com/s/nm/20050807/bs_nm/telecoms_cisco_nokia_dc > > - ferg > > > -- > "Fergie", a.k.a. Paul Ferguson > Engineering Architecture for the Internet > [EMAIL PROTECTED] or [EMAIL PROTECTED] > ferg's tech blog: http://fergdawg.blogspot.com/ -- rachael treu gomes [EMAIL PROTECTED] ..quis custodiet ipsos custodes?.. (this email has been brought to you by the letters 'v' and 'i'.)
Re: GBLX congestion in Dallas area
On Tue, Jun 07, 2005 at 12:34:33PM -0400, Joel Perez said something to the effect of: > > I totally agree with you Richard. So do I, but probably more so with his encouraging your patience than you appear to. > But, in this case all im getting is the run-around from GBLX when > calling them about it. I managed to open up a trouble ticket with them > but their Techs weren't telling me anything other than they will look > into it and call me back. Just out of curiosity, why did you phrase the above as "*managed* to open a trouble ticket"? Did GBLX's unwillingness to describe the nature of the outage that you allege also extend to their willingness to help you in general? What you're saying sounds as though they were both relucatant to open a ticket for you *and* to tell you why they wouldn't and, frankly, I find that difficult to believe. I haven't (and I wouldn't want to either, as I've seen how much interference they have to run and how much ebb and flow is involved in the climate and the info they receive), but If you have ever been in the employ of a provider's customer-facing NOC during an outage, you know the following: while it is standard practice to give at least short-but-informative answers to customer questions in those situations, it is imperitive that task priority also be lent to remediation of the problem and managing call volume, particularly in the early stages of an incident. (By my estimations based on when you started querying this list, you called GBLX within an hour of the fiber cut, when it stands to reason that the providers are doing their own recon on what happened and are less likely to be able or willing to disseminate what may amount to misinformation.) Also, are you aware that the groups handling customer circuits and calls is often disparate from the one managing the state of a backbone outage? > Even though I am a customer, im not getting any answers so I tried the > list as a last ditch effort to get some info. How last ditch, by the way? How many people did you talk to? By no means am I trying to antagonize you with these questions, but am taking the opportunity to conduct my own study on the average customer threshold for information gathering and return on investment in informational resources made available to them. > Good luck, --ra > > > > Joel Perez| Network Engineer > 305.914.3412 | Ntera > > > > -Original Message- > From: Richard A Steenbergen [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 07, 2005 12:28 PM > To: Joel Perez > Cc: nanog@merit.edu > Subject: Re: GBLX congestion in Dallas area > > On Tue, Jun 07, 2005 at 12:09:26PM -0400, Joel Perez wrote: > > > > Is anybody seeing any congestion in the Dallas area for Global > Crossing? > > > > I'm seeing packet loss to some of my equipment up there. > > There is a large fiber cut in the area (somewhere between Dallas and > Houston), affecting a lot of capacity coming out of Dallas on several > carriers (including GX and Qwest at the very least). Two of our OC48s on > > this path have been down since around 14:57 UTC. > > That said, this isn't the proper place to whine about congestion. > Normally > I would say that is what customer support numbers are for, but since > there > is nothing they can do to splice it any faster, I'm going to recommend a > > healthy dose of suck it up and deal. :) > > -- > Richard A Steenbergen <[EMAIL PROTECTED]> > http://www.e-gerbil.net/ras > GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 > 2CBC) -- rachael treu gomes[EMAIL PROTECTED] ..quis custodiet ipsos custodes?.. (this email has been brought to you by the letters 'v' and 'i'.)
Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations
On Mon, Apr 18, 2005 at 03:05:55PM -0400, Jason Frisvold said something to the effect of: > > On 4/18/05, Daniel Golding <[EMAIL PROTECTED]> wrote: > > > > > > Aside from individual OS behavior, doesn't this seem like very bad advice? > > I think this is more of a question of who to trust. Caching, in > general, isn't a bad thing provided that TTL's are adhered to. If the > poisoning attack were to inject a huge TTL value, then that would > compromise that cache. (Note, I am no expert on dns poisoning, so I'm > not sure if the TTL is "attackable") > > However, on the flip side, if nothing is ever cached, then I would > expect a huge amount of bandwidth to be eaten up by DNS queries. You are right. Time spent in security for an ISP yielded many DoS-against-the-DNS-server complaints that turned out to be some query-happy non-cachers pounding away at the server. The solution: block the querying IP from touching the DNS server. Somehow, I think that might have hampered their name resolution efforts...? ;) cache me if you can, --ra > > I think a seasoned op knows when to use caching and when to not use > caching, but the everyday Joe User has no idea what caching is. If > they see a technical article telling them to turn off caching because > it will help stop phishing attacks (which they know are bad because > everyone says so), then they may try to follow that advice. Aside > from the "I broke my computer" syndrome, I expect they'll be very > disappointed when their internet access becomes visibly slower because > everything requires a new lookup... > > Is it possible to "prevent" poisoning attacks? Is it beneficial, or > even possible, to prevent TTL's from being an excessively high value? > > -- > Jason 'XenoPhage' Frisvold > [EMAIL PROTECTED] -- rachael treu gomes[EMAIL PROTECTED] ..quis custodiet ipsos custodes?.. (this email has been brought to you by the letters 'v' and 'i'.)
Re: "Intel calls for Internet overhaul"
Indeed. So would this be...IP over IP? And tunnels in tunnels in tunnels... I see some deep recursion fun here. (Now...to keep the underlying carrier networks up. Perhaps we need an Undernet for the Internet to support this Overnet and its valid mode of delivery.) Follow the white rabbit... heh, --ra On Thu, Sep 09, 2004 at 08:22:10PM +, Fergie (Paul Ferguson) said something to the effect of: > > > Layer 8. > > - ferg > > > -- Paul Vixie <[EMAIL PROTECTED]> wrote: > > update SAN FRANCISCO--The Internet needs to be upgraded with a new layer > of abilities that will deal with imminent problems of capacity, security > and reliability, Intel Chief Technology Officer Pat Gelsinger said > Thursday. > > Gelsinger pointed to PlanetLab, an experimental network that sits on top > of the Internet, as a step in the right direction. Hewlett-Packard and > Intel have begun work trying to commercialize the project, which was > started in 2002, in order to overlay the Internet with intelligence and > adaptability. [...] > > http://news.com.com/Intel+calls+for+Internet+overhaul/2100-1006_3-5359743.html?tag=nl > > -- > "Fergie", a.k.a. Paul Ferguson > Engineering Architecture for the Internet > [EMAIL PROTECTED] or > [EMAIL PROTECTED] -- rachael treu-gomes [EMAIL PROTECTED] ..quis costodiet ipsos custodes?..
Re: handling ddos attacks
The dearth of comprehensive BCP asserting the end-all-be-all for DDoS is likely and largely due to the lack of an end-all-be-all DDoS. The range of variants, strains, chewy fillings and flavors of fuxor out there beg different techniques for alleviation, so prescribing a single poultice for blanket application does not seem to be in wide practice outside marketing stratagem and other blustering. The resources requiring protection and receiving priority, as well as the trade-off in exacting reactive measures, also have a say in how things are managed. In general, however, yeah...identifying the source or target is a must. Or a source port or destination port or protocol type or packet size or point of ingress/egress...the list of signature-worthy candidates is significant and also determines how a DDoS is triaged. The only thing that can be said for certain is that *some* unifying factor must be discovered. :P Furthermore, how you do that and what you do with that is a fluid thing, and further refinement or definition of the type of DDoS you are seeking to relieve may be required before you will be able to root out an attack management template that is worth its salt. Blackhole servers, sinkhole routers, IDS, extrusion detection, heuristic baselining, and definitely bigger routers never hurt this effort either. ;) If you are able to elaborate on what you might be seeking to accomplish on- or off-list, I will try to proffer any appropriate resources I have available. Good luck. --ra -- Rachael Treu-Gomes, CISSP [EMAIL PROTECTED] ..quis costodiet ipsos custodes?.. On Thu, May 20, 2004 at 11:52:01AM -0700, Mark Kent said something to the effect of: > > I've been trying to find out what the current BCP is for handling ddos > attacks. Mostly what I find is material about how to be a good > net.citizen (we already are), how to tune a kernel to better withstand > a syn flood, router stuff you can do to protect hosts behind it, how > to track the attack back to the source, how to determine the nature of > the traffic, etc. > > But I don't care about most of that. I care that a gazillion > pps are crushing our border routers (7206/npe-g1). > > Other than getting bigger routers, is it still the case that the best > we can do is identify the target IP (with netflow, for example) and > have upstreams blackhole it? > > Thanks, > -mark