http://www.mosnews.com/news/2005/05/25/blackout.shtml
Regional internet exchange "M9" affected. Most RU networks
lost from full view.
--
Dmitry Kiselev
Dmitry Kiselev wrote:
>
> http://www.mosnews.com/news/2005/05/25/blackout.shtml
>
> Regional internet exchange "M9" affected. Most RU networks
> lost from full view.
I suppose it's time to introduce the concept of a UPS.
Gadi.
Or maybe one of those upteen bazillion Generators that Soviet Government
touted a year or so ago.
-Original Message-
From: Gadi Evron [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 25, 2005 5:30 AM
To: Dmitry Kiselev
Cc: [EMAIL PROTECTED]
Subject: Re: Moscow: global power outage
Dmi
On 5/25/05, Jerry Dixon <[EMAIL PROTECTED]> wrote:
>
> Whelp, can't recall who said it at one of the NANOG presentations
> last week but to recap, get involved to help point people in the
> right direction in USG or at least provide enough "ops perspective"
Not really regulation. The FTC did th
I've been debating whether the TOS header information must be left
untouched by an ISP, or if it's ok to zero/(or modify) it for internet
traffic. Does anyone know of a BCP that touches on this?
My thoughts was otherwise to zero TOS information incoming on IXes,
transits and incoming from c
> Or maybe one of those upteen bazillion Generators
Upteen bazillion is not a number. And if you check this BBC
news story http://news.bbc.co.uk/2/hi/europe/4578599.stm
you will see that generators are available because they
used them to get the underground trains into the nearest
station in ord
Something went really, really wrong :-(
http://www.msk-ix.ru/rus/tech/stat.shtml
./Carlos
--http://www.ip6.fccn.pt/nativeRCTS2.html
Wide Area Network (WAN) Workgroup, CMF8-RIPE, CF596-ARIN
FCCN - Fundacao para a Computacao Cientifica Nacional http://w
> And if you check this BBC
> news story http://news.bbc.co.uk/2/hi/europe/4578599.stm
> you will see that generators are available because they
> used them to get the underground trains into the nearest
> station in order to evacuate in an orderly fashion
If you can read Russian, there is a lot
I’m wondering if there is such an animal
out there? All of the ones I have seen are made for the multi-gigabit service
provider there aren’t any for the smaller mid-rangers out there. Can
anyone suggest anything that we can put in place? The attacks we’re
seeing are just a huge
Any firewall/router that supports ratelimiting
should suffice for most DDoS mitigation tactics. A program called
snort (layer 7 content filtering) should take care of
most of your IDS needs as well.
"Drew Weaver"
<[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
05/25/2005 10:45 AM
To
On Wed, May 25, 2005 at 10:45:15AM -0400, Drew Weaver wrote:
> I'm wondering if there is such an animal out there? All of
> the ones I have seen are made for the multi-gigabit service provider
> there aren't any for the smaller mid-rangers out there. Can anyone
> suggest anything that
Cisco routers and switches export network accounting information
you can write a software that reads these flows and report to you who is the Top Talker/DDoS
or you can get an open-source one (flow-tools, ntop,..)
or you can buy one (Arbor, lancope, crannog,...)
On 5/25/05, Drew Weaver <[EMAIL PRO
More from MosNews:
UES Management Faces Criminal Investigation After Moscow Power Cut
Russian prosecutors on Wednesday opened a criminal case against the management
of power monopoly Unified Energy System (UES) after a major power outage in
Moscow, agencies reported Wednesday.
The case was o
On Wed, 25 May 2005 13:08:29 +0200, Mikael Abrahamsson said:
> My thoughts was otherwise to zero TOS information incoming on IXes,
> transits and incoming from customers, question is if customers expect this
> to be transparent or not.
Out of curiosity, what did you hope to accomplish by zeroin
On (2005-05-25 11:49 -0400), [EMAIL PROTECTED] wrote:
> Out of curiosity, what did you hope to accomplish by zeroing that field?
IMHO only reason not to zero TOS byte on AS ingress border is that you
explicitly agreed with your neighbour how it is used (what traffic it
can contain, what is th
On 23.05 22:13, Tony Li wrote:
> ... We,
> as responsible operators/architects/vendors/coders need to pick a
> solution and field it. It may well be an interim solution, but we MUST
> act, and soon. We are already seeing the stress patterns, without
> reinforcement it is only a matter of time be
On 5/25/2005 7:08 AM, Mikael Abrahamsson wrote:
>
> I've been debating whether the TOS header information must be left
> untouched by an ISP, or if it's ok to zero/(or modify) it for internet
> traffic. Does anyone know of a BCP that touches on this?
>
> My thoughts was otherwise to zero TOS
On Wed, 25 May 2005, Eric A. Hall wrote:
On 5/25/2005 7:08 AM, Mikael Abrahamsson wrote:
I've been debating whether the TOS header information must be left
untouched by an ISP, or if it's ok to zero/(or modify) it for internet
traffic. Does anyone know of a BCP that touches on this?
My tho
> Date: Wed, 25 May 2005 12:35:56 -0400
> From: "Eric A. Hall" <[EMAIL PROTECTED]>
> Sender: [EMAIL PROTECTED]
>
>
>
> On 5/25/2005 7:08 AM, Mikael Abrahamsson wrote:
> >
> > I've been debating whether the TOS header information must be left
> > untouched by an ISP, or if it's ok to zero/(or
On Wed, 25 May 2005 18:59:51 +0300, Saku Ytti said:
> I personally don't want to see DoS traffic taking eg. VoIP priority.
If you're seeing enough DoS traffic that an incorrect TOS is causing an issue
for you, you probably need to find better ways to mitigate that traffic.
Remember
that at the
RFC 2474 permits the DSCP to be over-written on ingress to a network.
RFC 3168 gives rules for over-writing the ECN flags.
US NCS currently has a filing before the FCC (unless FCC has recently
responded) asking for a DSCP value that would be set only by
NCS-authorized users, never over-writt
On May 25, 2005, at 10:39 AM, Sam Stickland wrote:
While it's true that IP is end-to-end, are fields such as TOS and DSCP
meant to be end to end? A case could be argued that they are used by
the actual forwarding devices on route in order to make QoS or even
routing decisions, and that the e
On (2005-05-25 14:15 -0400), [EMAIL PROTECTED] wrote:
> If you're seeing enough DoS traffic that an incorrect TOS is causing an issue
> for you, you probably need to find better ways to mitigate that traffic.
> Remember
> that at the *source* end, the DoS traffic is pretty minimal, and at the
On 5/25/2005 1:54 PM, Kevin Oberman wrote:
>>Date: Wed, 25 May 2005 12:35:56 -0400
>>From: "Eric A. Hall" <[EMAIL PROTECTED]>
>>the original bits somewhere. Dunno about now, but I would imagine a few
>>providers have fallen for the "everybody else is doing it" invented
>>justification, and thus
On 5/25/2005 1:39 PM, Sam Stickland wrote:
> While it's true that IP is end-to-end, are fields such as TOS and DSCP
> meant to be end to end? A case could be argued that they are used by the
> actual forwarding devices on route in order to make QoS or even routing
> decisions, and that the en
On (2005-05-25 14:44 -0400), Eric A. Hall wrote:
> 4) The default of no-modify should also apply to non-payinng customers
> since they may be flagging their packets for special processing on their
> own networks (and they don't want the flags to poof away when the traffic
> crosses your hop).
On Mon, 23 May 2005, Tony Li wrote:
Which is EXACTLY why we need to remember that we are NOT trying to come
up with the perfect solution. We have operational issues *TODAY* that
we are trying to address.
- We have people (admittedly accidentally) advertising prefixes that
they do not own and
On 5/25/2005 2:50 PM, Saku Ytti wrote:
> Beatiful idea, how in practice do you suggest this is done, how will
> my router know if it should just ignore the TOS bytes or do expedited
> forwarding as configured for given value of TOS byte?
VLANs? Different route paths? Any of a dozen other ways
> > Beatiful idea, how in practice do you suggest this is done, how will
> > my router know if it should just ignore the TOS bytes or do expedited
> > forwarding as configured for given value of TOS byte?
>
> VLANs? Different route paths? Any of a dozen other ways to limit special
> processing t
On (2005-05-25 15:06 -0400), Eric A. Hall wrote:
> > Beatiful idea, how in practice do you suggest this is done, how will
> > my router know if it should just ignore the TOS bytes or do expedited
> > forwarding as configured for given value of TOS byte?
>
> VLANs? Different route paths? Any of
On 5/25/2005 3:11 PM, [EMAIL PROTECTED] wrote:
> Seems to me these are far more complex solutions than simply rewriting
> TOS at the borders.
>
> And yes, we also rewrite TOS at the borders for Internet traffic.
All you are doing is off-loading the complexity to your customers (and
their custom
On May 25, 10:45am, "Drew Weaver" <[EMAIL PROTECTED]> wrote:
> I'm wondering if there is such an animal out there? All of
> the ones I have seen are made for the multi-gigabit service provider
> there aren't any for the smaller mid-rangers out there. Can anyone
> suggest anything that
On Wed, 25 May 2005, Eric A. Hall wrote:
On 5/25/2005 2:50 PM, Saku Ytti wrote:
Beatiful idea, how in practice do you suggest this is done, how will
my router know if it should just ignore the TOS bytes or do expedited
forwarding as configured for given value of TOS byte?
VLANs? Different
On (2005-05-25 11:16 -0700), Fred Baker wrote:
> I guess the question is why, just because you don't want to offer a
> specific service, you want to prevent other ISPs from offering a stated
> service to a user? There are some fairly good-sized ISPs offering
> services based on the TOS octet.
On 5/25/2005 3:42 PM, Lars Erik Gullerud wrote:
> I.e. my customer with two offices who run their own IPSec tunnel between,
> should in other words no longer be able to pay me for improved delivery
> without buying a full VPN offering from me (which they don't really need,
> or want)?
If the
On Wed, 25 May 2005, Eric A. Hall wrote:
On 5/25/2005 3:42 PM, Lars Erik Gullerud wrote:
I.e. my customer with two offices who run their own IPSec tunnel between,
should in other words no longer be able to pay me for improved delivery
without buying a full VPN offering from me (which they don
On Wed, 25 May 2005, Lars Erik Gullerud wrote:
The "general population", who does NOT pay for that privilege, gets the
BE-treatment, which is what they pay for. And that requires a rewrite of the
DSCP/TOS for said traffic, otherwise how do you prevent packets from the
"general population" fil
Steve,
> I know all the issues up there are real, since I've occasionally heard
> about them happening. I understand the devastating consequences of
> somebody finding a sufficiently well connected unfiltered BGP session
> and using it to announce some important prefixes. I fully agree that i
On 5/25/05, Per Gregers Bilse <[EMAIL PROTECTED]> wrote:
> (snip)...which then deploy a unique and highly innovative
> method (patent pending) for identifying and filtering out the attack
> traffic, while letting bona fide traffic through unhindered. ...(snip)
well, that is the important part.
Daniel,
Well, I wish I could have been part of the discussions that you had, as
what you report is at variance with what I've heard.
Fundamentally, there is a serious scalability issue with doing
everything at configuration generation time. Since one cannot predict
with certainty what AS path
On Wed, 25 May 2005, Fred Baker wrote:
> services based on the TOS octet. Are you trying to drive users to them?
> Any customer that is setting EF on VoIP service is certainly expecting
> that to go end to end.
Users' rarely set DSCP/TOS bits. On the other hand lots of software and
applications,
Yet another unfortunate disclosure...
http://www.techweb.com/showArticle.jhtml?articleID=163701121
- ferg
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
[EMAIL PROTECTED] or [EMAIL PROTECTED]
ferg's tech blog: http://fergdawg.blogspot.com/
On Wed, 25 May 2005, Tony Li wrote:
I know all the issues up there are real, since I've occasionally heard
about them happening. I understand the devastating consequences of
somebody finding a sufficiently well connected unfiltered BGP session
and using it to announce some important prefixes.
On Wed, 25 May 2005, Eric A. Hall wrote:
> If they don't need or want special handling what are they paying for? But
> since they are paying for it, perhaps its up to you to figure out how to
> deliver on your promise.
If existing software applications only set the DSCP values when the user
asked
On Wed, May 25, 2005 at 11:59:17PM +, Fergie (Paul Ferguson) wrote:
>
>
> Yet another unfortunate disclosure...
>
> http://www.techweb.com/showArticle.jhtml?articleID=163701121
I wonder when schools are going to get the hint and stop using SSN's as ID
numbers..
--Adam
On Wed, May 25, 2005 at 05:12:18PM -0700, Adam McKenna wrote:
> On Wed, May 25, 2005 at 11:59:17PM +, Fergie (Paul Ferguson) wrote:
> > Yet another unfortunate disclosure...
> > http://www.techweb.com/showArticle.jhtml?articleID=163701121
>
> I wonder when schools are going to get the h
I really didn't mean to start an off-topic rat-hole discussion,
but instead, point out how bad (nonchalant, cavalier) site security
has become with reagards to storing sensitive information.
This is just gettinh wy out of hand. And appears to be
getting worse.
Operational issue? You decide.
Just like the original law provided.
"Around about whenever the US Federal Government gets the hint and
passes a bill which makes it illegal to use social security numbers for
any purpose other than the administration of social security."
Hilton
But I'll bet you knew that and I just bit down HA
On Thu, May 26, 2005 at 12:28:32AM +, Fergie (Paul Ferguson) wrote:
> I really didn't mean to start an off-topic rat-hole discussion,
> but instead, point out how bad (nonchalant, cavalier) site security
> has become with reagards to storing sensitive information.
Has it really 'gotten' bad o
Everything is new again.
- ferg
-- Adam McKenna <[EMAIL PROTECTED]> wrote:
On Thu, May 26, 2005 at 12:28:32AM +, Fergie (Paul Ferguson) wrote:
> I really didn't mean to start an off-topic rat-hole discussion,
> but instead, point out how bad (nonchalant, cavalier) site security
> has becom
On Thu, May 26, 2005 at 09:49:06AM +0930, Mark Newton wrote:
> On Wed, May 25, 2005 at 05:12:18PM -0700, Adam McKenna wrote:
> > On Wed, May 25, 2005 at 11:59:17PM +, Fergie (Paul Ferguson) wrote:
> > > Yet another unfortunate disclosure...
> > > http://www.techweb.com/showArticle.jhtml?art
On 5/25/2005 4:27 PM, Lars Erik Gullerud wrote:
> The "general population", who does NOT pay for that privilege, gets the
> BE-treatment, which is what they pay for.
Overwriting the tos flags is not "best effort", it is "degraded service"
Oh sure, it might be BE on your specific network, but
On Wed, 25 May 2005, Eric A. Hall wrote:
> Again, you are under no obligation to do anything with QoS flags from
> non-paying customers, and I'm not advocating for anybody to get a free
> ride here. Ignore the markings, but leave them alone too.
Are you suggesting every router along the path need
On 5/25/2005 9:06 PM, Sean Donelan wrote:
> Do you really think this scales well in a core network?
Feasibility can be empirically demonstrated easily enough.
Which of your competitors' networks do you want me to ping probe with ToS
flags enabled?
[Although I suppose I should add the disclaim
H. IPv6 bullies again?
http://www.washingtonpost.com/wp-dyn/content/article/2005/05/25/AR2005052501760.html
:-)
- ferg
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
[EMAIL PROTECTED] or [EMAIL PROTECTED]
ferg's tech blog: http://fergdawg.blogspot.com/
Back in 1999 or early 2000, at GBLX we decided to implement DSCP settings
on transit network traffic.
We found that a remotely small % of TCP traffic abended when the DSCP
were changed within the stream. Understandably, we were concerned.
Given the incompatibility with intended TOS/
56 matches
Mail list logo
