Bind 9 vulnerability
https://www.isc.org/node/474
Equifax is experiencing a system wide outage tix #8015791
Ben wrote: > Try this address or you could try calling: > > Administrative,Technical Contact: > Equifax J42M > Domain Admin > P.O. Box 740006 > Atlanta, GA 30374-0006 > US > Phone: +1.4048858000 > Email: hostmas...@equifax.com > > HTH > --bc > > On Apr 26, 2009, at 4:37 PM, John Martinez wrote: > >> Their site is down. >> Thanks. >> >
Re: Looking for Support Contact at Equifax
Thank you. Ben wrote: > Try this address or you could try calling: > > Administrative,Technical Contact: > Equifax J42M > Domain Admin > P.O. Box 740006 > Atlanta, GA 30374-0006 > US > Phone: +1.4048858000 > Email: hostmas...@equifax.com > > HTH > --bc > > On Apr 26, 2009, at 4:37 PM, John Martinez wrote: > >> Their site is down. >> Thanks. >> >
Looking for Support Contact at Equifax
Their site is down. Thanks.
Re: google noc
issue has been resolved. Thanks to all that responded. Stephen Stuart wrote: >> Anyone have any contact information for the google noc or adsense noc? >> Thanks in advance. > > Did you send email ?
google noc
Anyone have any contact information for the google noc or adsense noc? Thanks in advance.
Re: [outages] fibre cut near 200 Paul, San Francisco
Quick search on Google. Looks like there is a colo at 200 Paul Ave. San Francisco, CA 94124 --- Selected businesses at this address: BT Americas? Core 180 Inc? Day & Nite Trade Bindery? Facebook Inc? - 1 review Hallo Communications? Minute Factory The? Net Logic? Network Information Mexico? Pacific Internet Exchange? T-Mobile? Telx SF LLC? UnitedLayer, LLC? - 1 review Universal Access Inc? ---
Re: [outages] fibre cut near 200 Paul, San Francisco
has anyone been able to pin point the cut? There have been mentions of Redwood City, San Carlos, San Francisco. Where exactly is the cut? William R. Lorenz wrote: > On Thu, 9 Apr 2009, Joe Abley wrote: > >> I am hearing from multiple people about connectivity problems in the >> bay area, and they all seem to have 200 Paul in common. ISC is >> reporting a fibre cut between 529 Bryant, Palo Alto and 200 Paul, SF. >> At least one Unitedlayer customer in 200 Paul seems to be off the air. > > We're showing spikes in latency out in LAX on Cogent, as well as a few > other interesting anomalies that are consistent with shifts in traffic in > a number of different locations. Has anyone noticed any network routing > issues outside of the immediately-effected area, as a result of this? > > 9 gi0-0-0.core01.lax05.atlas.cogentco.com (154.54.6.185) > 65.447 ms 65.449 ms 65.434 ms > 10 xo.lax05.atlas.cogentco.com (154.54.11.242) > 127.708 ms 127.683 ms 127.680 ms > > > > -- > William R. Lorenz >
Re: Fiber cut on Irish Sea + Verizon fiber cut
The two might be related since it was reported that both happened Sunday Morning. Ken Gilmour wrote: > Hi Isabel, > > It hasn't been confirmed to me yet but some people have mentioned that > it is most likely to belong to Global Crossing. > > Regards, > > Ken > > 2009/3/29 isabel dias : >> ken, who's fiber on the ground was it after all? >> >> Roderick Beck wrote: >>> Probably Global Crossing. >>> >>> A very strong wager. >>> >>> -R. >>> --Original Message-- >>> From: Ken Gilmour >>> To: isabeldi...@yahoo.com >>> Cc: nanog@nanog.org >>> Subject: Re: Fiber cut on Irish Sea >>> Sent: 29 Mar 2009 16:04 >>> >>> We received the report from Packet Exchange, however they are not the >>> owners of the cable. I assume they just rent spectrum. >>> >>> 2009/3/29 isabel dias : affecting whom? and who's network? --- On Sun, 3/29/09, Ken Gilmour wrote: > From: Ken Gilmour > Subject: Fiber cut on Irish Sea > To: nanog@nanog.org > Date: Sunday, March 29, 2009, 4:55 PM > Hi There, > > Since we use a vendor of "the vendor" of two > Irish sea submarine > cables I am wondering if anyone has first hand information > on the > fiber cut this morning? Does anyone have a status update on > what is > happening? I am getting some Chinese whispers going on > here. > > Thanks! > > Ken >>> >>> >>> Sent wirelessly via BlackBerry from T-Mobile. >> >> >> >> >
speakeasy connectivity
Anyone having issues with speakeasy dsl connectivity?
Re: XO peering.
Do you have the XO ticket number? Jake Mertel wrote: > We had a number of issues in the Seattle area this morning, seemed to be > isolated to traffic transiting via Level 3. We were forced to turn off the > connection, and it's still disabled until we get an update from XO. > > > -- > Regards, > > Jake Mertel > Nobis Technology Group, L.L.C. > > > > Web: http://www.nobistech.net/ > Phone: (312) 281-5101 ext. 401 > Fax: (808) 356-0417 > > Mail: 201 West Olive Street > Second Floor, Suite 2B > Bloomington, IL 61701 > > > -Original Message- > From: John Martinez [mailto:jmarti...@zero11.com] > Sent: Tuesday, March 10, 2009 11:23 AM > To: nanog@nanog.org > Subject: Re: XO peering. > > We saw an issue with Level 3 hand off to XO in Chicago. > > Stefan Molnar wrote: >> There was a peering issue in San Jose with XO, that impacted our >> operations this morning. But looks like a side effect is after the hand >> off to NTT. >> >> Anyone who has an XO link can reach areas insdie NTT? >> >> As an example our route to Salesforce /21 is via NTT and it is not happy >> right now. >> >> Thanks, >> Stefan >> > > >
Re: XO peering.
We saw an issue with Level 3 hand off to XO in Chicago. Stefan Molnar wrote: > > There was a peering issue in San Jose with XO, that impacted our > operations this morning. But looks like a side effect is after the hand > off to NTT. > > Anyone who has an XO link can reach areas insdie NTT? > > As an example our route to Salesforce /21 is via NTT and it is not happy > right now. > > Thanks, > Stefan >
Re: Charter.net email routing issues
Yup, I knew that, sorry. Ryan Rawdon wrote: > You may want to try the mailop mailing list, which was created to try > and shift mail operations traffic volume from NANOG: http://www.mailop.org/ > > Good luck with your issue, > Ryan > > John Martinez wrote: >> Is anyone else seeing a high rejection rate from charter.net email >> clients? >> >> >> >
Charter.net email routing issues
Is anyone else seeing a high rejection rate from charter.net email clients?
Re: Comcast - No complaints! [was: Re: Craptastic Service!
So the most constructive answer that I received related to this thread is that someone is using Comcast Ethernet services for $5.25/MB for a 500MB pipe. I wonder how much 10MB synchronous would cost? JC Dill wrote: > Jim Popovitch wrote: >> But that doesn't really equate to network traffic (IMHO). > > No, it doesn't. I didn't make the analogy to airlines, I responded to > the analogy made by someone else. > >> If your >> upstream has an outage, it is more akin to a delayed departure rather >> than an airline bump or flight cancellation. You reach your >> destination later than planned (latency) and you may have to take a >> different route, but your packet^Wbutt gets through. Neither of >> those situations involve cash compensation, or penalties paid, by >> major airlines. At most you might get a few loyalty points. > When overbooking results in a passenger being bumped to a flight that > departs 2 hours later, your packet^Wbutt gets through too, but you also > get compensation for the delay. An argument could be made that > extensive outage/network problems (longer than 2 hours?) are similar in > duration/effect, and that similar compensation should be due. > > I'm not saying that I expect this to happen, I'm just saying that > there's plenty of precedent for other types of businesses compensating > customers beyond merely giving refunds. > > jc >
comcast price check
Does any one here use comcast's ethernet services? If so, what is their price range? Thanks in advance.
cogent issues
Has anyone opened a ticket with Cogent? Their packet loss is reaching ~10%. http://www.internetpulse.net
Re: Paypal DNS Problems?
B C wrote: > As the subject says really, paypal's DNS servers don't appear to be > responding for me... > > > [r...@oracle1 oracle]# dig @a.gtld-servers.net paypal.com > > ; <<>> DiG 9.2.4 <<>> @a.gtld-servers.net paypal.com > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38254 > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 4 > > ;; QUESTION SECTION: > ;paypal.com.IN A > > ;; AUTHORITY SECTION: > paypal.com. 172800 IN NS ppns1.den.paypal.com. > paypal.com. 172800 IN NS ppns1.phx.paypal.com. > paypal.com. 172800 IN NS ppns2.den.paypal.com. > paypal.com. 172800 IN NS ppns2.phx.paypal.com. > > ;; ADDITIONAL SECTION: > ppns1.den.paypal.com. 172800 IN A 216.113.188.121 > ppns1.phx.paypal.com. 172800 IN A 66.211.168.226 > ppns2.den.paypal.com. 172800 IN A 216.113.188.122 > ppns2.phx.paypal.com. 172800 IN A 66.211.168.227 > > ;; Query time: 32 msec > ;; SERVER: 192.5.6.30#53(a.gtld-servers.net) > ;; WHEN: Thu Jan 29 21:34:58 2009 > ;; MSG SIZE rcvd: 180 > > [r...@oracle1 oracle]# dig @216.113.188.121 paypal.com ns > > ; <<>> DiG 9.2.4 <<>> @216.113.188.121 paypal.com ns > ;; global options: printcmd > ;; connection timed out; no servers could be reached > [r...@oracle1 oracle]# > [r...@oracle1 oracle]# dig @66.211.168.226 paypal.com ns > > ; <<>> DiG 9.2.4 <<>> @66.211.168.226 paypal.com ns > ;; global options: printcmd > ;; connection timed out; no servers could be reached > I'm not seeing any issues. Is anyone else?
Re: cogent issues?
Ryan Werber wrote: > That ticket was opened yesterday, and we have been hit very hard with > it. This problem started on Monday night - I don't know what they did, > but we lost all of our Toronto sites in the middle of the night for a > good bit - so I assume maintenance - Then all h*ll broke loose over the > last couple days. > >> https://puck.nether.net/pipermail/outages/2009-January/001101.html > > -wil > > On Jan 28, 2009, at 12:27 PM, John Martinez wrote: > >> http://www.internetpulse.net/ >> > > Ryan Werber > Sr. Network Engineer > Epik Networks > > Seems like that packet loss is decreasing.
Re: cogent issues?
Ryan Werber wrote: > That ticket was opened yesterday, and we have been hit very hard with > it. This problem started on Monday night - I don't know what they did, > but we lost all of our Toronto sites in the middle of the night for a > good bit - so I assume maintenance - Then all h*ll broke loose over the > last couple days. > >> https://puck.nether.net/pipermail/outages/2009-January/001101.html > > -wil > > On Jan 28, 2009, at 12:27 PM, John Martinez wrote: > >> http://www.internetpulse.net/ >> > > Ryan Werber > Sr. Network Engineer > Epik Networks > We saw the issue starting to show up in our monitors at 8:55 EST.
Re: cogent issues?
Wil Schultz wrote: > https://puck.nether.net/pipermail/outages/2009-January/001101.html > > -wil > > On Jan 28, 2009, at 12:27 PM, John Martinez wrote: > >> http://www.internetpulse.net/ >> > Thank you all.
cogent issues?
http://www.internetpulse.net/
Re: Tightened DNS security question re: DNS amplification attacks.
Mark Andrews wrote:
> In message <6.2.3.4.2.20090127162808.02d4a...@imap.ameslab.gov>, "Douglas C.
> St
> ephens" writes:
>> At 03:16 PM 1/27/2009, Nate Itkin wrote:
>>> On Tue, Jan 27, 2009 at 03:04:19PM -0500, Matthew Huff wrote:
< ... snip ... >
dns queries to the . hint file
are still occuring and are not being denied by our servers. For example:
27-Jan-2009 15:00:22.963 queries: client 64.57.246.146#64176: view
external-in: query: . IN NS +
< ... snip ... >
since you can't put a "allow-query { none; };" in a hint zone,
>>> what can I do
to deny the query to the . zone file?
>>>
>>> AFAIK, that's about the best you can do with the DNS configuration. You've
>>> mitigated the amplification value, so hopefully the perpetrator(s) will drop
>>> you. If you're willing to keep up with the moving targets, the next level
>>> is an inbound packet filter. Add to your inbound ACL:
>>>
>>> deny udp host 64.57.246.146 neq 53 any eq 53
>>>
>>> Also on this topic:
>>> Coincident with this DNS DOS, I started seeing inbound PTR queries from
>>> various hosts on 10.0.0.0/8 (which are blackholed by my DNS servers).
>>> They receive no response, yet they persist. Anyone have thoughts on their
>>> part in the scheme?
>>>
>>> Best wishes,
>>> Nate Itkin
>> I'm not seeing those PTR queries for 10.0.0.0/8, but then my perimeter
>> ingress/egress filters (BCP 38) toss most of that kind of junk before my
>> DNS servers ever see it.
>>
>> I agree that is as far as one can go with BIND, right now. However, that
>> isn't making the perpetrators cease and desist. I am seeing ongoing query
>> attempts coming in and refusal packets going back out, and the targets
>> don't seem to change until I do something to block them. So mitigating
>> the amplification factor does not seem of interest to these perpetrators.
>> On the contrary, even REFUSED responses can aggregate with some amplified
>> responses to enhance the apparent DoS goal. Thus BCP 140 seems to be
>> less than completely effective because it is less than universally applied
>> (i.e., older versions of BIND or misconfigured BIND.) I think the same
>> situation is true with BCP 38: less than universally applied. So do I wait
>> for universal application of these BCPs, or do I take responsibility for
>> doing what I can to make my network resources less appealing for abuse?
>>
>> I choose the latter, and that is why went to the effort of blocking this
>> abusive traffic before it reaches my authoritative-only DNS servers.
>> Nevertheless, I also agree with a point made last week that trying to keep up
>> with the changing targets is a game of whack-a-mole that is and will continue
>> to be a drain on network management resources -- if the detection and respons
>> e
>> continues to be deployed manually. This is why I wrote some Perl for my
>> authoritative-only servers to automate detection and response at the server
>> level. Granted it isn't a permanent solution, but at least it is a place
>> to start. I appended that code below for those who are interested in it.
>
> Which will just make the attacks evolve. It's pretty easy
> to design a amplifing DNS attack which is almost indetectable
> unless you know which addresses are being targeted. This
> one is highly visible in the logs.
>
> A much more productive task would be to trace back the
> offending traffic and to put into place policies which
> require BCP 38 deployment by those you connect to.
>
> Mark
Are we still seeing DNS DDoS attack?
Re: ATT Contact
Jeff Rooney wrote: > Does anyone have an ATT contact that might be able to help with a Business > Class DSL issue? We are seeing pretty major packet loss across their > network, but since their tests are not registering any problems they will > not escalate the the issue: > > Host > Loss% Snt Last Avg Best Wrst StDev > 1. 216.x.x.x >0.0%150.9 1.8 0.9 11.6 2.8 > 2. 64.14.x.x >0.0%151.3 1.6 1.3 4.5 0.8 > 3. hr2-ge-11-46.Elkgrovech3.savvis.net > 0.0%140.7 0.7 0.6 1.5 0.2 > 4. cr2-tengig-0-7-5-0.chicago.savvis.net > 0.0%141.9 2.1 1.8 3.2 0.4 > 5. 204.70.200.90 > 0.0%14 18.6 18.8 18.5 19.3 0.2 > 6. 204.70.197.241 >0.0%14 19.3 19.5 19.3 19.9 0.2 > 7. ex1-g4-0-1.eqabva.sbcglobal.net > 15.4%14 22.3 22.1 21.8 23.2 0.4 > 8. dist1-g1-3.chcgil.ameritech.net > 21.4%14 24.5 24.6 24.0 24.8 0.2 > 9. Se20-g5-2.chcgil.sbcglobal.net >0.0%14 23.9 24.0 23.7 24.1 0.1 > 10. adsl-76-193-193-214.dsl.chcgil.sbcglobal.net >7.1%14 32.0 35.3 32.0 54.0 6.1 > 11. adsl-76-193-193-210.dsl.chcgil.sbcglobal.net >7.1%14 32.9 34.1 32.9 39.8 1.8 > > > > Jeff Rooney > jtroo...@nexdlevel.com there is packet loss between sbc (att) and Savvis. http://www.internetpulse.net/Main.aspx?xAxis=Destination&yAxis=Origin&zAxis=Metric&nAxis=Period
