Re: Time Warner Cable issues in Ohio ?
Sounds very much like an issue with a link aggregation. Seen this a couple of times with various carriers...apparently monitoring lag's isnt a top priority nowadays. Try to find out which hop is causing the problems (do multiple traceroute's or use mtr on affected and unaffected servers) and drop TWC a mail. Am Dienstag, den 28.02.2012, 18:22 -0500 schrieb Randy Carpenter: We're seeing some strange issues with our fiber connection to TWC in Ohio. Intermittent packet loss to/from some IPs. It gets as specific as from a certain IP outside our network, packets to a.b.c.10 are fine, but pings to a.b.c.50 (same subnet of same netblock) lose ~75% of the packets. Likewise, from one of our IPs, connections are fine to a particular remote host, but not to another host on the same network. Connections to/from some other IPs (and some whole networks) are totally fine. It almost seems that some piece of gear somewhere is barfing on packets that have a particular set of bits in the source and/or destination address. We have manually failed over to a backup connection, and are 100% fine now. I just want to see if anyone has seen anything similar, or has any info. I am on hold now waiting for someone at TWC. thanks, -Randy
Saudi Telecom sending route with invalid attributes 212.118.142.0/24
Hello, anyone else getting a route for 212.118.142.0/24 with invalid attributes? Seems this is (again) causing problems with some (older) routers/software. Announcement bits (4): 0-KRT 3-KRT 5-Resolve tree 1 6-Resolve tree 2 AS path: 6453 39386 25019 I Unrecognized Attributes: 39 bytes AS path: Attr flags e0 code 80: 00 00 fd 88 40 01 01 02 40 02 04 02 01 5b a0 c0 11 04 02 01 fc da 80 04 04 00 00 00 01 40 05 04 00 00 00 64 Accepted Multipath -Jonas signature.asc Description: This is a digitally signed message part
Re: Over a decade of DDOS--any progress yet?
Besides having *alot* of bandwidth theres not really much you can do to mitigate. Once you have the bandwidth you can filter (w/good hardware). Even if you go for 802.3ba with 40/100 Gbps...you'll need alot of pipes. Spoofed attacks have reduced significally probably because the use of RPF. However we still see these from time to time. TCP SYN attacks are still quite frequent...these can push alot of pps at times. The attack vectors have changed. Years ago people used hacked *nix boxes with big pipes to start their attacks as only these had enough bandwidth. Nowadays the consumers have alot more bandwidth and its easier than ever to setup your own botnet by infecting users with malware and alike. Even tho end users usually have less than 2mbps upstream the pure amount of infected users makes it worse than ever. Most of the time (depending on the attack) its also hard to differentiate which IP addresse are attacking and which are legitimate users. I do not see a real solution to this problem right now...theres not much you can do about the unwilligness of users to keep their software/OS up2date and deploy anti-virus/anti-malware software (and keep it up2date). Some approaches have been made like cutting of internet access for users which have been identified by ISPs for beeing member of some botnet/beeing infected. This might be the only long-term solution to this probably. There is just no patch for human stupidity. Am Montag, den 06.12.2010, 02:50 -0500 schrieb Sean Donelan: February 2000 weren't the first DDOS attacks, but the attacks on multiple well-known sites did raise DDOS' visibility. What progress has been made during the last decade at stopping DDOS attacks? SMURF attacks creating a DDOS from directed broadcast replies seems to have been mostly mitigated by changing defaults in major router OS's. TCP SYN attacks creating a DDOS from leaving many half-open connections seems to have been mostly mitigated with SYN Cookies or similar OS changes. Other than buying lots of bandwidth and scrubber boxes, have any other DDOS attack vectors been stopped or rendered useless during the last decade? Spoofing? Bots? Protocol quirks? signature.asc Description: This is a digitally signed message part
Re: Only 5x IPv4 /8 remaining at IANA
How do you want to do that without IPv6 connectivity? :-) -Jonas Am Montag, den 18.10.2010, 18:42 +0430 schrieb Jeffrey Lyon: Only if you're prepared for the bloody onslaught of DDoS. Jeff On Mon, Oct 18, 2010 at 6:27 PM, Patrick W. Gilmore patr...@ianai.net wrote: On Oct 18, 2010, at 9:39 AM, Jeffrey Lyon wrote: My clients can't use IPv6 when my infrastructure and carriers don't support it. Smells like a business opportunity to steal your customers. Thanx! -- TTFN, patrick On Mon, Oct 18, 2010 at 5:52 PM, Franck Martin fra...@genius.com wrote: Nah... Get IPv6 for your clients today, think about your servers for later... Then you will be able to ask all the right questions and apply the right pressure to your vendors, carriers, etc - Original Message - From: Jeffrey Lyon jeffrey.l...@blacklotus.net To: Jens Link li...@quux.de Cc: nanog@nanog.org Sent: Tuesday, 19 October, 2010 1:15:16 AM Subject: Re: Only 5x IPv4 /8 remaining at IANA I'll listen, but I need my vendors, carriers, etc. to all get on board first. Jeff On Mon, Oct 18, 2010 at 5:11 PM, Jens Link li...@quux.de wrote: Jeroen Massar jer...@unfix.org writes: So, if your company is not doing IPv6 yet, you really are really getting late now. They won't listen. -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications - AS32421 First and Leading in DDoS Protection Solutions signature.asc Description: This is a digitally signed message part
