On 17 Mar 2018, at 2:33, Aaron Gould wrote:
> I see udp/tcp listening on 111 on MX960, but not on MX104 nor on ACX5048...
This definitely should be reported to JSIRT.
---
Roland Dobbins
___
juniper-nsp mailing l
't
on the hypervisor host?
If not, definitely seems like a bug which should be reported to JSIRT.
-------
Roland Dobbins
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
a link to a .pdf preso which talks about network infrastructure
self-protection. It's Cisco-centric because that's my background, but
the concepts are universal:
<https://app.box.com/s/osk4po8ietn1zrjjmn8b>
--------
lude completing the attack on
behalf of the miscreants.
-------
Roland Dobbins
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
S/RTBH lots of other attack
sources.
I've been using S/RTBH operationally for many years, and helping others
do the same. It's another tool in the toolbox, and can be a very useful
one, when utilized appropriately.
--------
On 16 Apr 2016, at 19:22, Satish Patel wrote:
> also in DDoS S/RTBH not handy.
Incorrect.
---
Roland Dobbins
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
On 16 Apr 2016, at 3:51, Payam Chychi wrote:
its all a very basic concept
Concur 100%.
And don't concentrate solely on D/RTBH, which completes the attack for
the attacker - look at S/RTBH and flowspec, too.
---
Roland Do
s far more scalable, and gives you
traceback to the ingress point. There're several open-source flow
collection/analysis tools out there to help you get started.
-------
Roland Dobbins
___
juniper-nsp mailing l
wspec (supported on Juniper platforms for a
long time, now finally supported on some Cisco platforms) in your
toolkit.
There are other .pdf presos related to DDoS defense which may be of
interest here:
<https://app.box.com/s/4h2l6f4m8is6jnwk28cg>
---------
can't send packets
of any type, including GRE packets, to your router IPs.
-------
Roland Dobbins
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
On 4 Jan 2016, at 18:15, Roland Dobbins wrote:
Have you checked the configuration to ensure that there is in fact no
tunnel on those FPCs? And have you analyzed the traffic to/from that
box to ensure that it isn't speaking GRE on the relevant IP(s)?
And have you deployed iACLs to e
that it isn't speaking GRE on the relevant IP(s)?
-------
Roland Dobbins
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
On 29 Jul 2015, at 21:02, Jeff Haas wrote:
I don't have a clean answer, but it's leading me to ponder some.
Just origin and/or destination AS would be useful in and of themselves,
irrespective of further pathing options. . .
-------
Rola
f your capacity is going unused . . .
Also, why multihome into the same upstream transit provider? A higher degree
of resiliency is achieved by multihoming with multiple transit providers.
--
Roland Dobbins // <http://www.arbornet
ny of you contributed to the survey which forms the foundation of the report;
as always, we're grateful for your insight and participation, and welcome your
feedback and comments.
Thanks much!
------------
Roland Dobbins // <
US.pdf>
Or on the Arbor web site (reg required):
<http://www.arbornetworks.com/report>
Thanks in advance for your participation!
-----------
Roland Dobbins // <http://www.arbornetworks.com>
Sorry, sometimes I mistak
one for Js, as well.
-------
Roland Dobbins // <http://www.arbornetworks.com>
Sorry, sometimes I mistake your existential crises for technical
insights.
-- xkcd #625
___
juniper-nsp mailing list juniper
17 matches
Mail list logo
