Re: Looking Glass software - what's the current state of the art?
Thomas Kernen wrote: On 2/21/10 7:41 PM, Joel M Snyder wrote: We are migrating our web server from platform A to mutually incompatible platform B and as a result the 7-year-old DCL script I wrote that does Looking Glass for us needs to be replaced. (from my comments, looks like I stole the idea from e...@digex.net...) I'm guessing that someone else has done a better job and I should be just downloading and using an open source tool. What's the current thinking on a good standalone Looking Glass that can be opened to the Internet-at-large? jms If you want to try other Looking Glass sources, I've listed a few of the more recent implementations here: http://www.traceroute.org/#source%20code HTH, Thomas If you are looking for something fancy with a graphical interface that not only represents the current state of your routing but also history of routechanges you might want to look at ibgplay http://www.ibgplay.org/lookingGlass.html Link is not included in the www.traceroute.org website, so if some maintainer is reading along.... Grtz Johan
Re: Level 3 issues
2008/12/28 marco > Paul wrote: > > Same issue here from Chicago and Montreal. Seems anything routing > > through Washington.Level3 is going to null. The rest of the level3 > > network seems to be ok. > > 6 ae-32-52.ebr2.Chicago1.Level3.net (4.68.101.62) 0.976 ms 10.344 > > ms 0.866 ms > > 7 ae-5.ebr2.Chicago2.Level3.net (4.69.140.194) 1.245 ms 0.991 ms > > 0.978 ms > > 8 ae-2-2.ebr2.Washington1.Level3.net (4.69.132.70) 18.608 ms 18.961 > > ms 18.583 ms > > 9 * * * > > 10 * * * > > 11 * * * > > 12 * * * > > 13 * * * > > 14 * * * > > 15 * * * > > 16 * * * > > > > ... > > 4 car1.Montreal2.Level3.net (67.215.0.146) 0.657 ms 0.791 ms 0.699 > ms > > 5 ae-5-5.ebr4.NewYork1.Level3.net (4.69.141.6) 17.764 ms 8.490 ms > > 18.197 ms > > 6 ae-94-94.csw4.NewYork1.Level3.net (4.69.134.126) 15.541 ms 8.286 > > ms 17.098 ms > > 7 ae-93-93.ebr3.NewYork1.Level3.net (4.69.134.109) 11.384 ms > > ae-61-61.ebr1.NewYork1.Level3.net (4.69.134.65) 9.100 ms 8.614 ms > > 8 ae-3-3.ebr4.Washington1.Level3.net (4.69.132.93) 13.840 ms 15.584 > > ms 17.443 ms > > 9 ae-94-94.csw4.Washington1.Level3.net (4.69.134.190) 23.420 ms > > 25.569 ms 18.042 ms > > 10 ae-4-99.edge2.Washington4.Level3.net (4.68.17.211) 14.052 ms > > 14.028 ms 13.610 ms > > 11 * * * > > 12 * * * > > 13 * * * > > 14 * * * > > 15 * > > > > > > Paul Stewart wrote: > >> Ahh.. yes seeing that now here from Toronto ON - didn't see this > >> issue when the original poster sent the first message... it's now > >> happening here too... > >> > >> Shutting down their session until something looks "better" > >> > >> -Original Message- > >> From: Pierre-Henri [mailto:phac...@gmail.com] Sent: December 28, 2008 > >> 1:06 PM > >> To: marco > >> Cc: nanog@nanog.org > >> Subject: Re: Level 3 issues > >> > >> marco a écrit : > >> > >>> is anyone having issues with Level3? > >>> > >>> > >> hi, > >> theplanet.com and many websites (cnn.com ; amazon.com ; ... ) have > >> not been accessible from France (Orange, home connection) for about > >> 30 minutes. > >> Don't know if there is a link with your question, but it's strange... > >> > >> > >> Pierre-Henri > >> > >> > >> > >> > >> > >> > > >> > >> > >> "The information transmitsted is intended only for the person or > >> entity to which it is addressed and contains confidential and/or > >> privileged material. If you received this in error, please contact > >> the sender immediately and then destroy this transmission, including > >> all attachments, without copying, distributing or disclosing same. > >> Thank you." > >> > >> > >> > > > According to L3, this issue should be fixed and we should start seeing > the traffic normalizing. > Can anyone confirm? > > Everything seems to be back to normal in France -- Johan Denoyer jde...@jdlabs.fr JD Labs Linkedin: www.linkedin.com/in/jdenoy
Re: Disney+ geolocation error for 213.134.224.0/19
I had a similar issue here in Sweden. The contact point listed at http://thebrotherswisp.com/index.php/geo-and-vpn/ <http://thebrotherswisp.com/index.php/geo-and-vpn/> (netad...@disneystreaming.com <mailto:netad...@disneystreaming.com>) helped me with this pretty quickly. — Johan Hedberg > On 25 Oct 2020, at 11:48, Sander Steffann wrote: > > Hi, > > Anybody around from Disney+? my main customer (Solcon) is an ISP in the > Netherlands. One of our ranges is 213.134.224.0/19 and it seems to be > classified as non-Netherlands. The official support channel doesn't get any > further than "you must be using a VPN" even though we are the ISP and it's > our own address space... > > Any assistance would be much appreciated! > > Cheers, > Sander >
Re: Netflow collector that can forward flows to another collector based on various metrics.
I've been using samplicator for a few years for this, it can be configured to forward based on sender ip/net, but it does not have an API. I'm using it because it's small, simple and does only one thing. https://github.com/sleinen/samplicator //JH On 2021-01-21 15:39, Karsten Thomann via NANOG wrote: Hi, I don't know if pmacct has an API for it, but it can replicate netflow and also filter what it is forwarding. https://github.com/pmacct/pmacct/blob/master/QUICKSTART Beginning line 2093 Kind regards Karsten Am Donnerstag, 21. Januar 2021, 14:31:36 schrieb Drew Weaver: > Good morning everyone, > > I am looking for a Netflow collector that can forward flows based on src > ip/src net dst ip/dst net to another collector in either real or near time. > > If it can be configured via an API that is even better than having to edit > configuration files. > > If anyone has any suggestions I would appreciate it. > > Thanks, > -Drew
Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation
Interesting project, Pavel. I'll most certainly give this a trial run. On Tue, Jun 2, 2015 at 10:16 PM, Pavel Odintsov wrote: > Hello, Nanog! > > I'm very pleased to present my open source DoS/DDoS attack monitoring > toolkit here! > > We have spent about 10 months for development of FastNetMon and could > present huge feature list now! :) > > Stop! What is FastNetMon? > > It's really very fast toolkit which could find attacked host in your > network and block it (or redirect to filtering appliance) > > This solution could save your network and your sleep :) > > Our site located here: https://github.com/FastVPSEestiOu/fastnetmon > > We support following engines for traffic capture: > - Netflow (v5, v9 and IPFIX) > - sFLOW v5 > - port mirror/SPAN (PF_RING and netmap supported) > > Also we have deep integration with ExaBGP (huge thanks to Thomas > Mangin) for triggering blackhole on the Core Router or upstream. > > Since 1.0 version we have added support for following features: > - Ability to detect most popular attack types: syn_flood, icmp_flood, > udp_flood, ip_fragmentation_flood > - Add support for Netmap for Linux (we have prepared special driver > for ixgbe users: https://github.com/pavel-odintsov/ixgbe-linux-netmap) > and FreeBSD. > - Add support for PF_RING ZC (very fast but need license from ntop folks) > - Add ability to collect netflow v9/IPFIX data from multiple devices > with different templates set > - Basic support for IPv6 (we could receive netflow data over IPv6) > - Add plugin support for capture engines > - Add support of L2TP decapsulation (important for DDoS attack > detection inside tunnel) > - Add ability to store attack details in Redis > - Add Graphite/Grafana integration for traffic visualization > - Add systemd unit file > - Add ability to unblock host after some timeout > - Introduce support of moving average for all counters > - Add ExaBGP integration. We could announce attacked host with BGP to > border router or uplink > - Add so much details in attack report > - Add ability to store attack fingerprint in file > > We have complete support for following platforms: > - Fedora 21 > - Debian 6, 7, 8 > - CentOS 6, 7 > - FreeBSD 9, 10, 11 > - DragonflyBSD 4 > - MacOS X 10.10 > > From network equipment side we have tested solution with: > - Cisco ASR > - Juniper MX > - Extreme Summit > - ipt_NETFLOW Linux > > We have binary packages for this operation systems: > - CentOS 6: > https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS6 > - CentOS 7: > https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS7 > - Fedora 21: > https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/Fedora21 > - FreeBSD: > https://github.com/FastVPSEestiOu/fastnetmon/tree/master/src/FreeBSD_port > > For any other operation systems we recommend automatic installer > script: > https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/INSTALL.md > > Please join to our mail list or ask about anything here > https://groups.google.com/forum/#!forum/fastnetmon > > Thank you for your attention! > > -- > Sincerely yours, Pavel Odintsov > -- Met vriendelijke groeten / With kind regards, Johan Kooijman
