Re: watch your domain
Keep your ip address blocks close, and your domains closer. -- -Barry Shein Software Tool & Die| b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
watch your domain
tl;dr: control the domains you use the domain rain.net was on since the early '90s. it used to be the domain of the isp which became verio which became ntt. lots of local portland folk had subdomains, email, ... well, with zero notice, ntt seems to have flogged it off to someone who does not give a damn, and a lot of folk's email and so forth is dead dead dead. packets and smtp falling on the floor. a friend once gave me a tee shirt which says "god helps those who own a majority share." the corollary is that the goddess helps those who own, or otherwise control, the domains on which they rely. randy
Re: Netflix - wide ranges of wrongly blocked IP ranges
geosupp...@netflix.com are the right folks to help you with this. In the unlikely event that doesn't get you what you need, or if you otherwise need to reach someone at Netflix on the CDN side, please use cdnet...@netflix.com Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, Sep 4, 2018 at 5:32 AM, Jürgen Jaritsch wrote: > Dear list, > > > > is anyone else experiencing massive issues with Netflix caused by wrongly > blocked IP ranges? Looks like Netflix started to block wide ranges of > Colt’s IP assignments (EU & Switzerland). > > > > I’m in touch with ~400 affected customers which are no longer able to play > any video on the website (“Ooops, something went wrong - Streaming error. > Looks like you’re using a Proxy blablabla”). > > > > Is someone from Netflix’s NOC on the list? Offnet feedback is welcome - > I’m able to provide IPs for verification and I’m able to provide proof for > no proxy configuration from Colt J. They do not use any type of CGNAT … > > > > > > thanks & best regards > > JJ > > > > > > >
Re: Service provider story about tracking down TCP RSTs
I think it would be a good idea to repost this is reddit.com/r/networking Tim Sent from ProtonMail mobile Original Message On Sep 2, 2018, 10:43 PM, Tarko Tikan wrote: > hey, > >> But why did the TLS Hello has a TTL lower that the TCP Syn ? >> >> Do you have any information on that ? > > Consumer CPEs are typically some BCM reference design where initial TCP > handshake is handled by linux kernel and everything following (including > NAT) is handled in SOC. > > I've seen those systems not decrement TTL at all, decrement TTL before > checking if packet is destined to itself etc. This case is weird as > typically the hardware part is faulty, not the kernel. > > -- > tarko
Re: automatic rtbh trigger using flow data
On Fri, Aug 31, 2018 at 11:09:19AM +0200, H I Baysal wrote: > My personal view is, as long as you can store your flow info in a > timeseries database (like influxdb and NOT SQL LIKE!!!) you can do > whatever you want with the (raw) data. And create custom triggers for > different calculations. For one of our customers I've deployed good old pmacct + MySQL (using memory engine) backend for DDoS detection purposes. It has some drawbacks (e.g. one has to frequently delete old records to keep tables fit and fast) but it allows asking complex SQL queries against these short term data (e.g. different detection logic per subnets) or precompute with triggers. > Flows are on the fly and are coming in constantly, you could have a > calculation like group by srcip and whatever protocol you want or just > srcip, Beware of high cardinality issues when facing random src IP floods. BTW, once again pmacct (with some glue) is nice for feeding flow data into time series database. It can pre aggregate and pre filter low volume flows to reduce storage requirements. -- Paweł Małachowski
Netflix - wide ranges of wrongly blocked IP ranges
Dear list, is anyone else experiencing massive issues with Netflix caused by wrongly blocked IP ranges? Looks like Netflix started to block wide ranges of Colts IP assignments (EU & Switzerland). Im in touch with ~400 affected customers which are no longer able to play any video on the website (Ooops, something went wrong - Streaming error. Looks like youre using a Proxy blablabla). Is someone from Netflixs NOC on the list? Offnet feedback is welcome - Im able to provide IPs for verification and Im able to provide proof for no proxy configuration from Colt J. They do not use any type of CGNAT thanks & best regards JJ
