try fwlogwatch
just a question
why is DDoS the only issue mentioned wrt source address validation?
i'm sure there's other reasons to make sure your customers can't send
spoofed packets. they might not always be as news-worthy, but i feel it's
a provider's duty to do this. it shouldn't be optional (talking
spec
> uRPF will certainly save a bit of CPU cycles than access-lists or policy
> routing.. it would be intertesting to know any kind of 'common practice'
> ways people use to fool the router so that it will think such offensive
> source IP's are hitting uRPF.
null route? even with a loose check, if y
> > Production commercial networks need not apply, 'lest someone realize that
> > they blow away these speed records on a regular basis.
>
> What kind of production environment needs a single TCP stream of data
> at 1 gigabit/s over a 150ms latency link?
what kind of production highway sees the k
> Jeffrey Wheat said: "so brokers are no an option for us".
last I checked a tunnel+bgp worked from he.net worked on a cisco
not sure if i'd call it peering tho
Hi
> Any ranges I find I'll echo back to the list.
not sure if you've received any nanog mail yet. don't worry about source
ip's, unless you're doing to deny '0.0.0.0'.
block anything with a destination of udp 1434, find hosts pushing extreme
amounts of traffic, get them patched
(http://www.mic
> Not just L3Genuity is getting whacked. ELI is getting whacked.
> Somebody needs to be gelded.
the worm is not limited to any isp/nsp
would advise all and sundry to start filtering
> but I am being told that Lagos is the center of Africa by such knowledgeble
> persons who claim that there are *gasp* thousands *gasp* of cyber-cafe's in
> Lagos. I mean since there no thousands cyber-cafe's in the entire US, I am
> sure presence of thousands of them in a rather small city means
> The most recent? Lagos, Sep 2002.
africa is quite large. lagos constitutes but a small portion of it.
> Correction... *very* *few* satellite links.
actually, some countries have _mostly_ sat links for atleast their intl
connectivity. and very small links at that. some countries, where allowed
to, run vsat radio or microwave for everything from backbone links to
local loop for customers.
if you'r
> > i don't know if I've ever actually received 1 of those spam messages from
> > a host inside Nigeria
>
> wow, i seem to get several per day. would you like some, i can setup an exploder
> for some of my spam if anyones interested? ;)
and they're all actually sent/relayed through a host in Nige
> There seem to be a lot of ISPs who get little slices of IP from
> satellite carriers like emperion.net in Denmark. Much of the 419 spam
> I get from Nigeria, Cote d'Ivoire, Ghana, and other west African
> countries originates in cybercafes with satellite links.
i don't know if I've ever actual
> Would that friend be so kind as to name more than a handful places in Africa
> with IP connectivity (multinational companies do not count).
while we're not chasing elephants off the runway, or killing
lions/tigers/each other on the sandroads, some people actually spend their
time in the confine
> Agreed 100%, but Gov't (being run by lawyers) is well accustomed to
> defining what the meaning of 'is' is. If they dictate that ISPs employ
> "DDoS Protection", they will define what "DDoS Protection" means 'for
> the purposes of this policy'.
ah ok
the point I was trying to make is, there a
> Source address verification at access layer and rate limiting icmp would
> be fine starts.
these are "best practices" and not "DDoS Protection" imho
> "Meanwhile, U.S. government security officials are discussing the
> possibility of creating new regulations that would require federal
> agencies to buy Internet service only from ISPs that have DDoS protection
> on their networks, according to people familiar with the situation. Such
> a d
Hi there
Over the years I've seen a few very odd methods for dealing with a noc@
email address. I've always had the mindset that:
1) individual users are subscribed to a list/alias for noc@
2) it's _never_ a single/shared "account"
3) it _always_ accepts plaintext email, at the least, for report
hi
I might be totally off the mark here, but has slapper now changed to port
1812? This'll make it really difficult to filter, if you're using this
port for RADIUS.
I'm seing huge volumes of traffic, to what seem to be slapper infected
hosts.
I see 2 infected hosts, with 2343 and 2384 unique s
> > Curious to see how many saw the worm 2002 traffic change to UDP port
> > 4156 at about 5PM Sat.
>
> It hit hard here this Sunday afternoon. Found 3 servers that helped in the
> DDOS going on.. what fun.
by DDoS, are you talking about actual attack traffic, or just traffic from
other infected
Hi
> start run cmd ipv6install
>
> How hard is that?
that'll give me a 6to4, if not with a local address if nd is working, then
to either 6bone or microsoft (it sends out proto 41 packets to 2 hosts on
the net).
I want simple native static v6 address. FreeBSD was quick 'n easy.
> Since you br
Hi
quick question. how much actual traffic are operators seing from
ipv6-enabled networks? whether native or 6to4.
i.e. if you take the average amount of data sent/received per node,
whether per protocol or per OS, how much of it is able to use V6 currently?
i still find some of the stuff ext
that is because .co.za is still run like someone's personal website.
I noted 2 _total_ outages of the network it sits behind just last week.
The first was for over 30 minutes, can't remember the duration of the 2nd.
With no offense to those running it, I have serious doubts about the
technical
Hi
> Yes, but there isn't going to be a common practice for "data centers" as
> a whole. There's going to be a common practice for telco/fiber hotels,
> and a common practice for hosting centers, and a common practice for
> exchange points, and a common practice for shell&core, and so on. Each
Hi
> Note that in both cases, b0rken-noc takes a single call, so their
> load is unchanged. The second case adds a call to both my-upstream-noc,
> and b0rken-noc-upstream-noc.
>
> It would seem going direct would put a lower load on NOC's in general,
> which presumably would let them spend more
24 matches
Mail list logo
