Re: Over a decade of DDOS--any progress yet?

[Loránd Jakab]

The thread made it to both NetworkWorld:
http://www.networkworld.com/news/2010/120910-wikileaks-ddos-attacks.html

and Slashdot:
http://tech.slashdot.org/story/10/12/12/2120254/Has-Progress-Been-Made-In-Fighting-DDoS-Attacks
with the usual set of comments :)

-Lorand Jakab

On 12/12/2010 08:58 AM, Christopher Morrow wrote:
> On Sun, Dec 12, 2010 at 12:42 AM, Aaron Glenn  wrote:
>> On Sun, Dec 12, 2010 at 12:05 AM, Christopher Morrow
>>  wrote:
>>> verizon's ddos service was/is 3250/month flat... not extra if there
>>> was some sort of incident, and completely self-service for the
>>> customer(s). Is 3250/month a reasonable insurance against loss?
>>> (40k/yr or there abouts)
>> reasonable, but 'completely self-service' ?
>> how much to have an engineer pump my gas for me (full service)? does
>> that include a windshield wipe down, tire pressure and oil check (old
>> timey full service extras)?
> end customer sends the right community and mitigation happens...
> remove the community it stops. no need to call someone and make it
> happen, just have the NOC/etc at your network follow a simple
> procedure.
>
> you are funny though :) (and I think you can call for free, 1-800
> number, and get an engineer to make things happen for you as well...)
>
> -Chris
>

RE: Over a decade of DDOS--any progress yet?

[Drew Weaver]

verizon's ddos service was/is 3250/month flat... not extra if there
was some sort of incident, and completely self-service for the
customer(s). Is 3250/month a reasonable insurance against loss?
(40k/yr or there abouts)

-chris
>>>

That doesn't sound too unreasonable as long as you are in a market Verizon 
services and you can find the right Verizon rep who isn't trying to sell 
transit at $25/mbps.

thanks,
-Drew

RE: Over a decade of DDOS--any progress yet?

[Drew Weaver]

I'm certain there are thresholds to that. Carrier grade mitigation
solutions will start low and ramp up to 5, 6, 7, etc. figures
depending on the attack and amount of bandwidth to be filtered among
other variables.

>>>

My point was, if you "mitigate" the attack vs. null routing the target you have 
to pay for the transit that the attack consumes between your network and the 
upstream network(s).

thanks,
-Drew

Re: Over a decade of DDOS--any progress yet?

[Jared Mauch]

On Dec 12, 2010, at 12:05 AM, Christopher Morrow wrote:

> verizon's ddos service was/is 3250/month flat... not extra if there
> was some sort of incident, and completely self-service for the
> customer(s). Is 3250/month a reasonable insurance against loss?
> (40k/yr or there abouts)

Or just buy a gig-e from cogent at 3$/meg/mo (or is it $4 this month?) to burn 
for ddos.

The problem I've found is that some of the vendors of ddos gear still have 
significant problems they are working to address.  The Cisco (riverhead) guard 
would have a 1 second delay (for example) for each configuration line one would 
add.  If you dealt with a wildcard rule, it would be 1 second per underlying 
rule to make the configuration change.

The ability to 'paste' something in to a device and have a predictable output 
seemed to be too high of a bar for them to solve, this could be one of the 
reasons the product went to the wayside.

I'm also not sure that anyone else is much better in this regard.

Of course everyone is willing to sell you a seven-figure "solution" for your 
problems, but once you actually start talking about the usability, ease of 
provisioning, and the customer education about the caveats most people start to 
glaze quickly.

Even with the right gear, technology, etc.. the vendors don't make it easy to 
deliver these solutions.

- Jared

Re: LOIC tool used in the "Anonymous" attacks

[mikea]

On Sat, Dec 11, 2010 at 11:59:07AM -0800, andrew.wallace wrote:
> I was reading about this- yeah really "anonymous".
> 
> http://praetorianprefect.com/archives/2010/12/anonymous-releases-very-unanonymous-press-release/
> 
> Also:
> 
> http://www.boingboing.net/2010/12/11/anonymous-isnt-loic.html

All we know with certainty is that there is *a* name in the metadata.
Why would anyone conclude that it is definitely the name of the author?

-- 
Mike Andrews, W5EGO
mi...@mikea.ath.cx
Tired old sysadmin 

Re: Over a decade of DDOS--any progress yet?

[Christopher Morrow]

On Mon, Dec 13, 2010 at 8:49 AM, Drew Weaver  wrote:
>
> verizon's ddos service was/is 3250/month flat... not extra if there
> was some sort of incident, and completely self-service for the
> customer(s). Is 3250/month a reasonable insurance against loss?
> (40k/yr or there abouts)
>
> -chris

>
> That doesn't sound too unreasonable as long as you are in a market Verizon 
> services and you can find the right Verizon rep who isn't trying to sell 
> transit at $25/mbps.
>

if you find that guy, maybe they'll also be the mythical unicorn of a
sales person who will sell you ipv6 transit too?

-chris

Wholesale DSL implementation in Canada

[James Smith]

We're looking at implementing a DSL private network in various provinces in 
Canada.  There seems to be two main ways to do this: build the network yourself 
by creating relationships with the local DSL providers (Bell, Telus, MTS, etc) 
; or build the network using a third-party that already has a DSL 
infrastructure in place.  The third-party DSL infrastructure is a sure thing, 
since they've been doing it for a while.  However, we're looking at a large 
number of locations so the cost of implementing the DSL internally seems to be 
more compelling.

Not having implemented a DSL infrastructure before, I'm wondering if anyone on 
NANOG has any advice on this?  What technical or political issues might we run 
into?  What is the best choice of hardware? (Juniper or Cisco)?  Feel free to 
contact me off-list if you'd prefer.

James 

Re: Over a decade of DDOS--any progress yet?

[Christopher Morrow]

On Mon, Dec 13, 2010 at 8:52 AM, Drew Weaver  wrote:
> I'm certain there are thresholds to that. Carrier grade mitigation
> solutions will start low and ramp up to 5, 6, 7, etc. figures
> depending on the attack and amount of bandwidth to be filtered among
> other variables.
>

>
> My point was, if you "mitigate" the attack vs. null routing the target you 
> have to pay for the transit that the attack consumes between your network and 
> the upstream network(s).
>

so... with a carrier managed solution (or the one ATT/Sprint/VZB sold)
the transit of the attack happens inside their networks and isn't
charged to the end-customer (the destination, obviously contributing
customers get charged :) )

-chris

Re: Wholesale DSL implementation in Canada

[TR Shaw]

On Dec 13, 2010, at 10:10 AM, James Smith wrote:

> 
> We're looking at implementing a DSL private network in various provinces in 
> Canada.  There seems to be two main ways to do this: build the network 
> yourself by creating relationships with the local DSL providers (Bell, Telus, 
> MTS, etc) ; or build the network using a third-party that already has a DSL 
> infrastructure in place.  The third-party DSL infrastructure is a sure thing, 
> since they've been doing it for a while.  However, we're looking at a large 
> number of locations so the cost of implementing the DSL internally seems to 
> be more compelling.
> 
> Not having implemented a DSL infrastructure before, I'm wondering if anyone 
> on NANOG has any advice on this?  What technical or political issues might we 
> run into?  What is the best choice of hardware? (Juniper or Cisco)?  Feel 
> free to contact me off-list if you'd prefer.
> 
> James   

James,

You need to be sure that there is DSL coverage everywhere you are looking at.  
Just as in rural and non metropolitan US there are lots of places in Canada not 
yet serviced by DSL because they are too far from a POP and/or the 
infrastructure is not up to snuff.

Tom

RE: Wholesale DSL implementation in Canada

[Erik Soosalu]

I'm using a third party for about 15 sites of Private DSL across Canada.

Others may have different issues, but mine so far have been:
- SaskTel apparently doesn't connect with anybody (or so I have been
told) so I'm stuck with VPN.
- My connections in Telus country have only been ADSL PVC (not PPPoE
Private).  Apparently, PPPoE private is coming in the new year.  I'm
looking forward to this to bring my costs down.

I'm running Cisco 800s of various levels with no real issues.

I like the one neck to choke thing of the third party (but then again
I'm an enterprise guy)

Thanks,
Erik Soosalu

-Original Message-
From: James Smith [mailto:thepacketmas...@hotmail.com] 
Sent: Monday, December 13, 2010 10:11 AM
To: nanog@nanog.org
Subject: Wholesale DSL implementation in Canada


We're looking at implementing a DSL private network in various provinces
in Canada.  There seems to be two main ways to do this: build the
network yourself by creating relationships with the local DSL providers
(Bell, Telus, MTS, etc) ; or build the network using a third-party that
already has a DSL infrastructure in place.  The third-party DSL
infrastructure is a sure thing, since they've been doing it for a while.
However, we're looking at a large number of locations so the cost of
implementing the DSL internally seems to be more compelling.

Not having implemented a DSL infrastructure before, I'm wondering if
anyone on NANOG has any advice on this?  What technical or political
issues might we run into?  What is the best choice of hardware? (Juniper
or Cisco)?  Feel free to contact me off-list if you'd prefer.

James 

Re: Wholesale DSL implementation in Canada

[Mike Tancsa]

On 12/13/2010 10:10 AM, James Smith wrote:
> 
> We're looking at implementing a DSL private network in various provinces in 
> Canada.  There seems to be two main ways to do this: build the network 
> yourself by creating relationships with the local DSL providers (Bell, Telus, 
> MTS, etc) ; or build the network using a third-party that already has a DSL 
> infrastructure in place.  The third-party DSL infrastructure is a sure thing, 
> since they've been doing it for a while.  However, we're looking at a large 
> number of locations so the cost of implementing the DSL internally seems to 
> be more compelling.
> 
> Not having implemented a DSL infrastructure before, I'm wondering if anyone 
> on NANOG has any advice on this?  What technical or political issues might we 
> run into?  What is the best choice of hardware? (Juniper or Cisco)?  Feel 
> free to contact me off-list if you'd prefer.

For regulations, start with http://www.crtc.gc.ca/

How you can lease copper loops, how you can colo in CO etc are all laid
out in various tariffs

---Mike

Wake on LAN in the enterprise

[Berry Mobley]

Hello...

I'm trying to get a handle on implementation of wake-on-lan in an 
enterprise environment.  Cisco gear, lots of subnets.  I've made it 
work with directed broadcasts, but I'd really rather not have 40 or 
50 'ip helper-address x.x.x.bcastaddr' statements on the vlans with 
the SMS servers.


Are there any enterprises that are doing this for large (100+) 
numbers of subnets?  I can't find a single example anywhere with more 
than 2 networks.


I've searched the Cisco-NSP archives as well with no luck, but maybe 
I didn't go back far enough.


Thanks for any help you can provide.

Berry Mobley

Re: Over a decade of DDOS--any progress yet?

[Jack Bates]

On 12/13/2010 8:32 AM, Jared Mauch wrote:

Or just buy a gig-e from cogent at 3$/meg/mo (or is it $4 this
month?) to burn for ddos.


*cough* 10G burstable with 1-2G commit. Still cheaper than anything else
I have or can get, and more likely to handle those large DDOS cases,
where you can just reroute the effected network through the 10G and
mitigate with whatever hardware you have.


Of course everyone is willing to sell you a seven-figure "solution"
for your problems, but once you actually start talking about the
usability, ease of provisioning, and the customer education about the
caveats most people start to glaze quickly.

Even with the right gear, technology, etc.. the vendors don't make it
easy to deliver these solutions.


True, but they often will dedicate some time and effort during an attack 
to make things work. There are many in-house custom solutions you can 
use, and we've seen public blacklists use many of them over the years. 
If you want the extra support during the crisis, you pay the 3rd party 
for their product to get it.



Jack

Internap FCP

[Mark Wall]

Greetings Nanog,

Looking for some off-list reviews/insight on the FCP, We are looking into
the device for purchase over the next few months, We are in the 10G range of
products.


Thank you

Re: Wake on LAN in the enterprise

[Owen DeLong]

WOL is unfortunately terribly deficient in that the spec. never envisioned the 
possibility
of a need for wake on WAN.

Bottom line, it's a non-routeable layer 2 protocol. Your choices boil down to 
the
helper address nightmare you describe or proxy servers on every subnet.

Owen

On Dec 13, 2010, at 8:08 AM, Berry Mobley wrote:

> Hello...
> 
> I'm trying to get a handle on implementation of wake-on-lan in an enterprise 
> environment.  Cisco gear, lots of subnets.  I've made it work with directed 
> broadcasts, but I'd really rather not have 40 or 50 'ip helper-address 
> x.x.x.bcastaddr' statements on the vlans with the SMS servers.
> 
> Are there any enterprises that are doing this for large (100+) numbers of 
> subnets?  I can't find a single example anywhere with more than 2 networks.
> 
> I've searched the Cisco-NSP archives as well with no luck, but maybe I didn't 
> go back far enough.
> 
> Thanks for any help you can provide.
> 
> Berry Mobley
> 

Re: Wake on LAN in the enterprise

[Jack Bates]

On 12/13/2010 10:20 AM, Owen DeLong wrote:

WOL is unfortunately terribly deficient in that the spec. never envisioned the 
possibility
of a need for wake on WAN.

Bottom line, it's a non-routeable layer 2 protocol. Your choices boil down to 
the
helper address nightmare you describe or proxy servers on every subnet.



I would suspect that proxy servers being the better deal, though my 
experience with Cisco is that you may have to use ASR type gear to get a 
nicer layout (similar to service providers) where you can backend 
everything to a radius server (I'm still waiting to test this myself, 
but IOS is really weak on DHCP support).



Jack

Re: Wake on LAN in the enterprise

[Lamar Owen]

On Monday, December 13, 2010 11:20:20 am Owen DeLong wrote:
> WOL is unfortunately terribly deficient in that the spec. never envisioned 
> the possibility
> of a need for wake on WAN.

Use case I can think of: 'green' data center running VMware VI3 or vSphere with 
DRS and dynamically bringing blades online through WoL to handle load peaks and 
still stay green (when a host is empty, using the VMware API you can take it to 
maintenance mode and shut it down; use WoL to boot it back up when you need it).
 
> Bottom line, it's a non-routeable layer 2 protocol. Your choices boil down to 
> the
> helper address nightmare you describe or proxy servers on every subnet.

In the use case I mention it wouldn't be a problem, since under VMware DRS 
(which relies on VMotion) you have to have layer 2 transparency anyway.  Would 
this not be a use case also for something like VPLS or EoMPLS?

Re: Over a decade of DDOS--any progress yet?

[Jared Mauch]

On Dec 13, 2010, at 11:15 AM, Jack Bates wrote:

> On 12/13/2010 8:32 AM, Jared Mauch wrote:
>> Or just buy a gig-e from cogent at 3$/meg/mo (or is it $4 this
>> month?) to burn for ddos.
>> 
> *cough* 10G burstable with 1-2G commit. Still cheaper than anything else
> I have or can get, and more likely to handle those large DDOS cases,
> where you can just reroute the effected network through the 10G and
> mitigate with whatever hardware you have.

my point is, there is this 'middle' space where it's hard to justify spending 
money on something that isn't used.  Of course it's easy to view as "insurance" 
and easier to justify *after* an attack (or loss).  it is hard to proactively 
justify this type of expense.  If for every 10g of capacity, you had a 40k/year 
"Security" surcharge, at what point do you factor this in as part of your 
regular bandwidth costs vs the current "down and to the right" pricing trend.

Delivering these services is something I have observed it is difficult to ask 
someone to pay for unless they have experience with it.  Most are willing to 
start off with the "self-insure" premise until it is too much to bear, then 
immediately they are willing to pay 'something' to allow capital cost recovery.

>> Of course everyone is willing to sell you a seven-figure "solution"
>> for your problems, but once you actually start talking about the
>> usability, ease of provisioning, and the customer education about the
>> caveats most people start to glaze quickly.
>> 
>> Even with the right gear, technology, etc.. the vendors don't make it
>> easy to deliver these solutions.
> 
> True, but they often will dedicate some time and effort during an attack to 
> make things work. There are many in-house custom solutions you can use, and 
> we've seen public blacklists use many of them over the years. If you want the 
> extra support during the crisis, you pay the 3rd party for their product to 
> get it.

I am talking about those purporting to offer ddos solution hardware either 
past, present or future.

If it's 2010 or 2011 and you experience flow-control like issues with your CLI 
interface, either slow interactive response or garbled processing (over 
telnet/ssh) there is something not quite right IMHO.  Then again, I'm known for 
being a bit of an odd character.

- Jared

Re: Wake on LAN in the enterprise

[Patrick Giagnocavo]

On 12/13/2010 11:08 AM, Berry Mobley wrote:
> Hello...
> 
> I'm trying to get a handle on implementation of wake-on-lan in an
> enterprise environment.  Cisco gear, lots of subnets.  I've made it work
> with directed broadcasts, but I'd really rather not have 40 or 50 'ip
> helper-address x.x.x.bcastaddr' statements on the vlans with the SMS
> servers.
> 

Assuming you are talking servers and not desktops, you will probably end
up doing this with IPMI, which most servers have on-motherboard these days.

Cordially

Patrick

Re: Wake on LAN in the enterprise

[Jack Bates]

On 12/13/2010 10:43 AM, christopher.mar...@usc-bt.com wrote:

Jack Bates:

I would suspect that proxy servers being the better deal, though
my experience with Cisco is that you may have to use ASR type gear
to get a nicer layout (similar to service providers) where you can
backend everything to a radius server (I'm still waiting to test
this myself, but IOS is really weak on DHCP support).


I hope someone will please clarify the problem statement?



My problem is lack of WOL experience and associating dhcp-helper address 
with DHCP; ie, speaking without knowledge. I'm bad about that. :)



The only router/switch configuration required was to permit directed
broadcasts from the systems doing the waking.  On by default, I
believe, but locked down in my environment.



IOS specific, I believe. Some have it on; some have it off.


Jack

[no subject]

[Atticus]

Cc

Re:

[Alexander Harrowell]

On Monday 13 December 2010 17:02:59 Atticus wrote:
> Cc

I presume this is some sort of spam-test?

-- 
The only thing worse than e-mail disclaimers...is people who send e-mail to 
lists complaining about them


signature.asc
Description: This is a digitally signed message part.

Re:

[Jack Bates]

On 12/13/2010 11:07 AM, Alexander Harrowell wrote:

On Monday 13 December 2010 17:02:59 Atticus wrote:

Cc


I presume this is some sort of spam-test?



I got 3 emails from Atticus. one quoting data only, one saying just Z, 
and another carboned to x...@gamil.com with just


"zzsxexz
On Dec 13, 2010 11:34 AM, "Jack Bates"  wrote:"


In the body and none of the other quotes.

So I'm thinking the same thing.

Re:

[Brielle Bruns]

On 12/13/10 10:12 AM, Jack Bates wrote:

On 12/13/2010 11:07 AM, Alexander Harrowell wrote:

On Monday 13 December 2010 17:02:59 Atticus wrote:

Cc


I presume this is some sort of spam-test?



I got 3 emails from Atticus. one quoting data only, one saying just Z,
and another carboned to x...@gamil.com with just

"zzsxexz
On Dec 13, 2010 11:34 AM, "Jack Bates"  wrote:"


In the body and none of the other quotes.

So I'm thinking the same thing.




I can has training wheels?

--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org

Re: Wake on LAN in the enterprise

[Atticus]

Appologies to all that got a quote email from me. My phone decided to
pocket-reply to you.

Re: Wake on LAN in the enterprise

[Daniel Hagerty]

Owen DeLong  writes:

> WOL is unfortunately terribly deficient in that the spec. never =
> envisioned the possibility
> of a need for wake on WAN.
> 
> Bottom line, it's a non-routeable layer 2 protocol. Your choices boil =
> down to the
> helper address nightmare you describe or proxy servers on every subnet.

WoL works just fine over routed networks; the magic packet format
doesn't preclude it.  I send WoL over routed networks several times a
day.  The only gotcha is that you need some kind of arrangement for
either directed broadcast, or hardcode ndp/arp entries.

Perl code snippet below:

my $wolhost = "wolhost.example.com";
my $wolhost_mac = "de:ad:be:ef:ca:fe";

my $mac = $wolhost_mac;
$mac =~ s/[: ]//g;

# Use socat to build a wakeonlan packet inside a udp6 datagram.

my $packed_bcast = pack("H12", "f" x 12);
my $packed_mac = pack("H12", $mac);
my $dgram = $packed_bcast . ( $packed_mac x 16);

# 9 is the discard port.  For whatever reason, the wrong thing
# happens when the port is referenced by name, despite having the
# name in /etc/services.

open(SOCAT, "|-",
 (qw(socat -u STDIN),
  "UDP6-DATAGRAM:$wolhost:9"))
|| die "popen: $!";
print SOCAT $dgram || die "print: $!";
close(SOCAT);

That thing the USG keeps sending people to OECD meetings to try to obfuscate:

[Bill Woodcock]

http://tech.slashdot.org/submission/1416250/68-of-US-broadband-connections-arent-broadband

-Bill






PGP.sig
Description: This is a digitally signed message part

Новое сообщение

[Vovan]

http://samec.org.ua/

Re: Over a decade of DDOS--any progress yet?

[Bill Bogstad]

FYI,

A single data point on current DDOS traffic levels.

An Akamai press release says they handled DDOS attacks peaking at
14Gbps in the Nov. 30 to Dec 2nd time frame.

http://finance.yahoo.com/news/Akamai-Shields-Leading-prnews-2768453391.html

"The majority of attack traffic against the five retailers initiated
from distributed IP addresses out of Thailand, Mexico, Philippines,
and Brazil and reached peeks of up to 14 Gbps, with some websites
experiencing up to 10,000 times above normal daily traffic. "


Bill Bogstad

Re: Over a decade of DDOS--any progress yet?

[Dobbins, Roland]

On Dec 14, 2010, at 2:04 AM, Bill Bogstad wrote:

> A single data point on current DDOS traffic levels.

In the 2009 Arbor WWISR, the largest attack reported was 49gb/sec.  We're 
currently wrapping up the 2010 WWISR, and the largest attack report was 
considerably larger.

---
Roland Dobbins  // 

   Sell your computer and buy a guitar.

Re: Wake on LAN in the enterprise

[Berry Mobley]

Thanks, everyone, for the replies - looks like I need to get my 
server team interested in knowing broadcast addresses for hosts, and 
making SMS send to those addresses.


I do have the 'ip directed-broadcast ' in place, but the servers 
are currently sending the magic packets to the all-1's 
address.  Maybe I can get that changed.


Berry

Re: Over a decade of DDOS--any progress yet?

[Jeffrey Lyon]

The largest attacks we have solid proof on are 20+ Gbps. The only
larger ones that i've seen were in company's marketing collateral vs.
real life.

Jeff

On Mon, Dec 13, 2010 at 2:11 PM, Dobbins, Roland  wrote:
>
> On Dec 14, 2010, at 2:04 AM, Bill Bogstad wrote:
>
>> A single data point on current DDOS traffic levels.
>
> In the 2009 Arbor WWISR, the largest attack reported was 49gb/sec.  We're 
> currently wrapping up the 2010 WWISR, and the largest attack report was 
> considerably larger.
>
> ---
> Roland Dobbins  // 
>
>               Sell your computer and buy a guitar.
>
>
>
>
>
>



-- 
Jeffrey Lyon, Leadership Team
jeffrey.l...@blacklotus.net | http://www.blacklotus.net
Black Lotus Communications - AS32421
First and Leading in DDoS Protection Solutions

Re: peering, derivatives, and big brother

[Laurent GUERBY]

On Sun, 2010-12-12 at 19:36 -0800, George Bonser wrote:
> (...) The financial derivatives market isn't, in my opinion, a good analogy of
> the peering market.  A data packet is "perishable" and must be moved
> quickly.  The destination network wants the packet in order to keep
> their customer happy and the originating network wants to get it to that
> customer as quickly and cheaply as possible.  The proliferation of these
> peering points means that today there is more traffic going directly
> from content network to eyeball network.  To use a different analogy, it
> is almost like the market is going to a series of farmer's markets
> rather than supermarkets in the distribution channel.  Sure, there are
> still the "supermarkets" out there, but increasingly they are selling
> their "store brand" by becoming content hosting networks themselves.  (...)

Hi,

The electricity spot market is close to your definition of "perishable":

http://en.wikipedia.org/wiki/Electricity_market

It has a derivative market, google for "electricity derivatives" will
give you some papers and models.

I'm pretty sure electricity and bandwidth share some patterns.

Now who wants to be the Enron of the bandwidth market? :)

Sincerely,

Laurent
http://guerby.org/blog

RE: peering, derivatives, and big brother

[George Bonser]

> The electricity spot market is close to your definition of
> "perishable":
> 
> http://en.wikipedia.org/wiki/Electricity_market
> 
> It has a derivative market, google for "electricity derivatives" will
> give you some papers and models.
> 
> I'm pretty sure electricity and bandwidth share some patterns.
> 
> Now who wants to be the Enron of the bandwidth market? :)



Enron actually WAS dealing in bandwidth at one point:

http://www.internetnews.com/xSP/article.php/253861/Enron-Opens-Bandwidth
-Commodity-Trading-Service.htm

Re: Over a decade of DDOS--any progress yet?

[Kevin Oberman]

> Date: Mon, 13 Dec 2010 10:09:16 -0500
> From: Christopher Morrow 
> 
> On Mon, Dec 13, 2010 at 8:49 AM, Drew Weaver  wrote:
> >
> > verizon's ddos service was/is 3250/month flat... not extra if there
> > was some sort of incident, and completely self-service for the
> > customer(s). Is 3250/month a reasonable insurance against loss?
> > (40k/yr or there abouts)
> >
> > -chris
> 
> >
> > That doesn't sound too unreasonable as long as you are in a market Verizon 
> > services and you can find the right Verizon rep who isn't trying to sell 
> > transit at $25/mbps.
> >
> 
> if you find that guy, maybe they'll also be the mythical unicorn of a
> sales person who will sell you ipv6 transit too?

Unless VZB has started accepting prefixes longer than /32, they really
don't have real IPv6 transit to sell.
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: ober...@es.net  Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751

Re: Over a decade of DDOS--any progress yet?

[Christopher Morrow]

On Mon, Dec 13, 2010 at 3:29 PM, Kevin Oberman  wrote:
>> Date: Mon, 13 Dec 2010 10:09:16 -0500
>> From: Christopher Morrow 
>> if you find that guy, maybe they'll also be the mythical unicorn of a
>> sales person who will sell you ipv6 transit too?
>
> Unless VZB has started accepting prefixes longer than /32, they really
> don't have real IPv6 transit to sell.

I did say 'mythical unicorn of a sales person' didn't I? :)

-chris

Re: Over a decade of DDOS--any progress yet?

[Dobbins, Roland]

On Dec 14, 2010, at 2:40 AM, "Jeffrey Lyon"  wrote:

> The only larger ones that i've seen were in company's marketing collateral vs.
> real life.

Here's a link to last year's Report (previous editions may be downloaded, as 
well):



The WWISR is the result of a survey we perform every year of network operators; 
survey participants fill in their own answers, & we collect the data, collate 
it, analyze it, & publish it.  

We've observed packet-flooding attacks which are considerably larger than 
what's reported in the WWISR via ATLAS; but as the WWISR is about what 
operators see and share, we vet, relay & comment upon the observations of 
survey respondents. 

-

Roland Dobbins  // 

  Sell your computer and buy a guitar. 

Re: peering, derivatives, and big brother

[Dorn Hetzel]

Yeah, well, sorta. sorta not so much :)

On Mon, Dec 13, 2010 at 3:28 PM, George Bonser  wrote:

> > The electricity spot market is close to your definition of
> > "perishable":
> >
> > http://en.wikipedia.org/wiki/Electricity_market
> >
> > It has a derivative market, google for "electricity derivatives" will
> > give you some papers and models.
> >
> > I'm pretty sure electricity and bandwidth share some patterns.
> >
> > Now who wants to be the Enron of the bandwidth market? :)
>
>
>
> Enron actually WAS dealing in bandwidth at one point:
>
> http://www.internetnews.com/xSP/article.php/253861/Enron-Opens-Bandwidth
> -Commodity-Trading-Service.htm
>
>
>
>

RE:

[Gavin Pearce]

-Original Message-
From: Atticus [mailto:grobe...@gmail.com] 
Sent: 13 December 2010 17:24
To: nanog@nanog.org
Subject: Re: Wake on LAN in the enterprise

Appologies to all that got a quote email from me. My phone decided to
pocket-reply to you.


-Original Message-
From: Brielle Bruns [mailto:br...@2mbit.com] 
Sent: 13 December 2010 17:18
To: nanog@nanog.org
Subject: Re:

On 12/13/10 10:12 AM, Jack Bates wrote:
> On 12/13/2010 11:07 AM, Alexander Harrowell wrote:
>> On Monday 13 December 2010 17:02:59 Atticus wrote:
>>> Cc
>>
>> I presume this is some sort of spam-test?
>>
>
> I got 3 emails from Atticus. one quoting data only, one saying just Z,
> and another carboned to x...@gamil.com with just
>
> "zzsxexz
> On Dec 13, 2010 11:34 AM, "Jack Bates"  wrote:"
>
>
> In the body and none of the other quotes.
>
> So I'm thinking the same thing.
>


I can has training wheels?

-- 
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org

Some truth about Comcast - WikiLeaks style

[Backdoor Santa]

Ever wonder what Comcast's connections to the Internet look like? In the 
tradition of WikiLeaks, someone stumbled upon these graphs of their TATA links. 
For reference, TATA is the only other IP transit provider to Comcast after 
Level (3). Comcast is a customer of TATA and pays them to provide them with 
access to the Internet.

1 day graphs:

Image #1: http://img149.imageshack.us/img149/78/ntoday.gif
Image #1 (Alternate Site): 
http://www.glowfoto.com/viewimage.php?img=13-224638L&rand=6673&t=gif&m=12&y=2010&srv=img4

Image #2: http://img707.imageshack.us/img707/749/sqnday.gif
Image #2 (Alternate Site): 
http://www.glowfoto.com/static_image/13-205526L/4331/gif/12/2010/img6/glowfoto

Notice how those graphs flat-line at the top? That's because they're completely 
full for most of the day. If you were a Comcast customer attempting to stream 
Netflix via this connection, the movie would be completely unwatchable. This is 
how Comcast operates: They intentionally run their IP transit links so full 
that Content Providers have no other choice but to pay them (Comcast) for 
access. If you don't pay Comcast, your bits wont make it to their destination. 
Though they wont openly say that to anyone, the content providers who attempt 
to push bits towards their customers know it. Comcast customers however have no 
idea that they're being held hostage in order to extort money from content.

Another thing to notice is the ratio of inbound versus outbound. Since Comcast 
is primarily a broadband access network provider, they're going to have 
millions of eyeballs (users) downloading content. Comcast claims that a good 
network maintains a 1:1 with them, but that's simply not possible unless you 
had Comcast and another broadband access network talking to each other. In the 
attached graphs you can see the ratio is more along the lines of 5:1, which 
Comcast was complaining about with Level (3). The reality is that the ratio 
argument is bogus. Broadband access networks are naturally pull-heavy and it's 
being used as an excuse to call foul of Level (3) and other content heavy 
networks. But this shoulnd't surprise anyone, the ratio argument has been used 
for over a decade by many of the large telephone companies as an excuse to deny 
peering requests. Guess where most of Comcasts senior network executive people 
came from? Sprint and AT&T. Welcome to the new monopoly of the 21st century.

If you think the above graph is just a bad day or maybe a one off? Let us look 
at a 30 day graph...

Image #3: http://img823.imageshack.us/img823/8917/ntomonth.gif
Image #3 (Alternate Site): 
http://www.glowfoto.com/static_image/13-205958L/4767/gif/12/2010/img6/glowfoto

Comcast needs to be truthful with its customers, regulators and the public in 
general. The Level (3) incident only highlights the fact that Comcast is 
pinching content and backbone providers to force them to pay for uncongested 
access to Comcast customers. Otherwise, there's no way to send traffic to 
Comcast customers via the other paths on the Internet without hitting congested 
links.

Remember that this is not TATA's fault, Comcast is a CUSTOMER of TATA. TATA 
cannot force Comcast to upgrade its links, Comcast elects to simply not 
purchase enough capacity and lets them run full. When Comcast demanded that 
Level (3) pay them, the only choice Level (3) had was to give in or have its 
traffic (such as Netflix) routed via the congested TATA links. If Level (3) 
didn't agree to pay, that means Netflix and large portions of the Internet to 
browse would be simply unusable for the majority of the day for Comcast 
subscribers.


Love,

Backdoor Santa
  

Re: Some truth about Comcast - WikiLeaks style

[Jack Bates]

On 12/13/2010 11:07 PM, Backdoor Santa wrote:

Ever wonder what Comcast's connections to the Internet look like? In the 
tradition of WikiLeaks, someone stumbled upon these graphs of their TATA links.


Forgive me for being the skeptic, but I presume there is at least a 
traceroute  with rDNS mentioning one of the 3 10G interfaces on 
gin-nto-icore1 from comcast?


It's not like the image lists the customer name on it; disregarding 
photoshop concerns. At least wikileaks documents look like they came 
from the government and have lots of details. :)



Jack

Re: Some truth about Comcast - WikiLeaks style

[Justin M. Streiner]

On Tue, 14 Dec 2010, Jack Bates wrote:


On 12/13/2010 11:07 PM, Backdoor Santa wrote:

 Ever wonder what Comcast's connections to the Internet look like? In the
 tradition of WikiLeaks, someone stumbled upon these graphs of their TATA
 links.


Forgive me for being the skeptic, but I presume there is at least a 
traceroute  with rDNS mentioning one of the 3 10G interfaces on 
gin-nto-icore1 from comcast?


It's not like the image lists the customer name on it; disregarding photoshop 
concerns. At least wikileaks documents look like they came from the 
government and have lots of details. :)


Agreed.  There's no independently verifiable detail to lend any credence 
to the source(s) of the data.  It just shows some 10G links flat-topping 
due to saturation.  There's not enough here to get particularly excited.


jms

Re: TCP congestion control and large router buffers

[Mikael Abrahamsson]

On Mon, 13 Dec 2010, Sam Stickland wrote:


Ironically though, wouldn't smaller buffers cost less thus making the CPEs


1 megabyte of buffer (regular RAM) isn't really expensive.

cheaper still? I believe the argument made in the blog post is that 
cheaper RAM been causing the CPE manufacturers to mistakenly provision 
too much buffer space, which in turn apparently means that TCP can't 
stabilize at a rate less than available bandwidth (I.e. It's the old 
1980's congestion collapse problem all over again). Of course, you'll 
only see this if a single TCP stream is actually capable of saturating 
the link. Sam


I would guess they're running standard OSes and haven't tuned the buffers 
at all. Implementing WRED or fair-queue (even if it just means turning it 
on) requires validation which the CPE manufacturers want to minimize.


Also it's our fault as a business, how many ISPs have included AQM in 
their RFPs for CPEs and actually would pay USD5 more per device for this 
feature? I'm not very surprised at the lack of this though, it's hard to 
explain to the end customer with some kind of marketing, both for the ISP 
and the CPE vendor if they're selling to end customers.


It's one of those "in the black box" things that should just work, but 
there is little upside in having it because it's hard to charge for.


--
Mikael Abrahamssonemail: swm...@swm.pp.se

Re: Some truth about Comcast - WikiLeaks style

[Mikael Abrahamsson]

On Mon, 13 Dec 2010, Backdoor Santa wrote:

Another thing to notice is the ratio of inbound versus outbound. Since 
Comcast is primarily a broadband access network provider, they're going 
to have millions of eyeballs (users) downloading content.


Actually, there are plenty of access providers with 2:1 ratio (more ul 
than dl). It's not a matter if you're access provider or not, it's a 
matter if you offer decent upstream speed or not.


In my experience, someone with 10/10 megabit/s ETTH compared to someone 
with 24/1 ADSL will download the same amount of data on average, but the 
10/10 will have four (4) times more upload usage, bringing the ratio from 
2:1 (Dl:Ul) on ADSL to 1:2 (Dl:Ul) on ETTH.


So because Comcast is offering low upload speeds, they'll have low 
outgoing amount of traffic compared to incoming. With more and more ISPs 
offering more symmetric dl/ul speeds, we'll approach 1:1 ratio more and 
more...


--
Mikael Abrahamssonemail: swm...@swm.pp.se

RE: Some truth about Comcast - WikiLeaks style

[Rettke, Brian]

I don't see anything listed that indicates operation that is at all different 
from any other service provider network.

The "capacity" issue listed is not an issue at all. It's simply inciting anger 
and the same rhetoric that pollutes the legitimate discussion of backbone 
network constraints.

When you shout "conspiracy" without offering verifiable facts, and not 
accounting for the cost (and time) it takes to upgrade networks (much less the 
fact that it requires capacity upgrades on both sides, in this case between 
TATA and Comcast), it makes the whole argument invalid in my opinion.

That and the "backdoor santa" thing makes me believe the whole thread is 
designed to flame rather than promote the discourse that is the hallmark of 
NANOG. I really hope that there are moderators about to verify this: With these 
kinds of people about I'm less likely to post anything of substance.

Sincerely,

Brian

-Original Message-
From: Mikael Abrahamsson [mailto:swm...@swm.pp.se]
Sent: Monday, December 13, 2010 11:45 PM
To: nanog@nanog.org
Subject: Re: Some truth about Comcast - WikiLeaks style

On Mon, 13 Dec 2010, Backdoor Santa wrote:

> Another thing to notice is the ratio of inbound versus outbound. Since
> Comcast is primarily a broadband access network provider, they're going
> to have millions of eyeballs (users) downloading content.

Actually, there are plenty of access providers with 2:1 ratio (more ul
than dl). It's not a matter if you're access provider or not, it's a
matter if you offer decent upstream speed or not.

In my experience, someone with 10/10 megabit/s ETTH compared to someone
with 24/1 ADSL will download the same amount of data on average, but the
10/10 will have four (4) times more upload usage, bringing the ratio from
2:1 (Dl:Ul) on ADSL to 1:2 (Dl:Ul) on ETTH.

So because Comcast is offering low upload speeds, they'll have low
outgoing amount of traffic compared to incoming. With more and more ISPs
offering more symmetric dl/ul speeds, we'll approach 1:1 ratio more and
more...

--
Mikael Abrahamssonemail: swm...@swm.pp.se

Re: Some truth about Comcast - WikiLeaks style

[Jeffrey Lyon]

gin-nto-icore1 is a Tata router at Equinix in NY. Whether or not that
port belongs to Comcast is anyone's guess.

Jeff



On Tue, Dec 14, 2010 at 1:39 AM, Justin M. Streiner
 wrote:
> On Tue, 14 Dec 2010, Jack Bates wrote:
>
>> On 12/13/2010 11:07 PM, Backdoor Santa wrote:
>>>
>>>  Ever wonder what Comcast's connections to the Internet look like? In the
>>>  tradition of WikiLeaks, someone stumbled upon these graphs of their TATA
>>>  links.
>>
>> Forgive me for being the skeptic, but I presume there is at least a
>> traceroute  with rDNS mentioning one of the 3 10G interfaces on
>> gin-nto-icore1 from comcast?
>>
>> It's not like the image lists the customer name on it; disregarding
>> photoshop concerns. At least wikileaks documents look like they came from
>> the government and have lots of details. :)
>
> Agreed.  There's no independently verifiable detail to lend any credence to
> the source(s) of the data.  It just shows some 10G links flat-topping due to
> saturation.  There's not enough here to get particularly excited.
>
> jms
>
>



-- 
Jeffrey Lyon, Leadership Team
jeffrey.l...@blacklotus.net | http://www.blacklotus.net
Black Lotus Communications - AS32421
First and Leading in DDoS Protection Solutions