Re: Pointer for documentation on actually delivering IPv6

2010-12-06 Thread Truman Boyes
On 6 Dec 2010, at 11:07 PM, Owen DeLong wrote: > > On Dec 6, 2010, at 6:55 AM, Jared Mauch wrote: > >> >> On Dec 6, 2010, at 8:35 AM, Jeff Johnstone wrote: >> >>> Speaking of IPV6 security, is there any movement towards any open source >>> IPV6 firewall solutions for the consumer / small busin

Re: ARIN space not accepted

2010-12-06 Thread Jeroen van Aart
From: valdis.kletni...@vt.edu From: valdis.kletni...@vt.edu Date: Fri, 03 Dec 2010 20:00:15 -0500 224/3 Oh. And don't forget to do *bidirectional* filtering of these addresses. ;) Ahh, not quite. Blocking 224/3 bi-directionally might cause a few issues if you accept multicast traffic from a

Re: ipfix/netflow/sflow generator for Linux

2010-12-06 Thread Eric S. Johnson
>fprobe doesn't work properly because it has the input and output interface >IDs as both 0. fprobe-ulog fixes this. From the http://fprobe.sourceforge.net/ front page: fprobe-ulog - libipulog-based fork of fprobe. It obtains packets through linux netfilter code (iptables ULOG tar

Re: ipfix/netflow/sflow generator for Linux

2010-12-06 Thread Yiming Gong
Try PMACCT, it is pretty handy. Yiming On 12/06/2010 01:15 PM, Thomas York wrote: At my current place of work, we use all Linux routers. I need to do some IP accounting/reporting and am currently trying to use Scrutinizer. Scrutinizer can use netstream, jstream, ipfix, netflow, and sflow data w

Re: ipfix/netflow/sflow generator for Linux

2010-12-06 Thread Dobbins, Roland
On Dec 7, 2010, at 4:24 AM, Thomas York wrote: > It can, but then you are setting the input/output IDs statically. That would > work fine if your router only had 2 interfaces. With a probe of this type, northbound/southbound tagging is generally sufficient, in my experience (i.e., let's not ma

RE: ipfix/netflow/sflow generator for Linux

2010-12-06 Thread Thomas York
It can, but then you are setting the input/output IDs statically. That would work fine if your router only had 2 interfaces. We currently have routers with a single (or few) WAN interfaces and multiple internal interfaces and there isn't any way to statically categorize the data. -Original Mes

Re: ipfix/netflow/sflow generator for Linux

2010-12-06 Thread Dobbins, Roland
On Dec 7, 2010, at 3:44 AM, Thomas York wrote: > fprobe doesn't work properly because it has the input and output interface > IDs as both 0. IIRC, this can be altered via a config change. --- Roland Dobbins //

RE: ipfix/netflow/sflow generator for Linux

2010-12-06 Thread Thomas York
Never heard of it. I'll give it a shot. Another project that uses argus also looks interesting.. http://nautilus.oshean.org/wiki/Periscope -Original Message- From: Ken A [mailto:k...@pacific.net] Sent: Monday, December 06, 2010 4:04 PM To: nanog@nanog.org Subject: Re: ipfix/netflow/sflow

Re: ipfix/netflow/sflow generator for Linux

2010-12-06 Thread Ken A
Have you considered argus? It can deliver "argus flows" from multiple interfaces. From http://www.qosient.com/argus/ : Argus can be considered an implementation of the architecture described in the IETF IPFIX Working Group. Argus pre-dates IPFIX, and the project has actively contributed to the I

RE: ipfix/netflow/sflow generator for Linux

2010-12-06 Thread Thomas York
fprobe doesn't work properly because it has the input and output interface IDs as both 0. In Scrutinizer, this makes the flow look like all the data came in the interface and immediately left via the same interface. Also, this causes problems when running multiple instances of fprobe. This seems

RE: ipfix/netflow/sflow generator for Linux

2010-12-06 Thread Samuel Petreski
I've used fprobe with great success. You can run multiple instances of fprobe for the different interfaces. --Samuel fprobe: a NetFlow probe - libpcap-based tool that collects network traffic data and emit it as NetFlow flows towards the specified collector. WWW: http://sourceforge.net/project

Re: ipfix/netflow/sflow generator for Linux

2010-12-06 Thread Matthew Palmer
On Mon, Dec 06, 2010 at 02:15:10PM -0500, Thomas York wrote: > I've had the best luck with ipcad. The only thing that seems to not work > with it is that it doesn't correctly give the interface number in the flow > information. It refers to all interfaces as interface 65535. I've tried the > config

Re: ipfix/netflow/sflow generator for Linux

2010-12-06 Thread Jack Carrozzo
IPtraf can be setup to look at flows per-block, per interface, per vlan, etc and export the data every minute / 5 minutes. Back in the day I had it scripted to dump data into rrdtool and give pretty graphs. See the man page, it's well written. Cheers, -Jack Carrozzo On Mon, Dec 6, 2010 at 2:15 P

ipfix/netflow/sflow generator for Linux

2010-12-06 Thread Thomas York
At my current place of work, we use all Linux routers. I need to do some IP accounting/reporting and am currently trying to use Scrutinizer. Scrutinizer can use netstream, jstream, ipfix, netflow, and sflow data without qualms. My only issue is that I can't seem to find any good software for Linux

Re: How do you do rDNS for IPv6 ?

2010-12-06 Thread Jay Ashworth
Original Message - > From: "Jared Mauch" > Anyone done this dynamic synthesis w/ bind? dnssec thoughts as well? i > know this isn't namedroppers, but perhaps someone can post some code > or examples, or a link to a webpage with them? Earthlink, I believe; DENTS has a module for doing th

Re: How do you do rDNS for IPv6 ?

2010-12-06 Thread Jared Mauch
On Dec 5, 2010, at 9:41 PM, Jima wrote: > On 12/5/2010 4:13 PM, John Levine wrote: >> In IPv4 land, it is standard to assign matching forward and reverse >> DNS for every live IP, and a fair number of services treat requests >> from hosts without rDNS with added scepticism. For consumer networks,

Multipoint VPLS mapping to MEF E-TREE

2010-12-06 Thread Francois Menard
Is there anyone out there who has a position on whether it is worth the effort to map Multi-root EVPL (E-TREE) atop VPLS or to await for PBB-TE and MEF to come up with somekind of a common roadmap ? F. On 2010-12-03, at 10:26 AM, Manu Chao wrote: > I have only GRT and L3VPN traffic and would l

Re: Cloud proof of failure - was:: wikileaks unreachable

2010-12-06 Thread Jack Bates
On 12/6/2010 9:29 AM, Nathan Eisenberg wrote: How is it more or less unattractive than having one's own servers in one's own office? Lieberman and Co would simply have leaned on Mom's Best BGP (r) and Pop's Fastest Packets (r) instead of on Amazon, and the result would have been the same. Th

Re: (wikileaks) Fwd: [funsec] And Google becomes a DNS..

2010-12-06 Thread Ken A
On 12/5/2010 9:50 AM, Gadi Evron wrote: I withhold comment... "discuss amongst yourselves". Best, Gadi. Original Message Subject: [funsec] And Google becomes a DNS.. Date: Sun, 5 Dec 2010 17:34:50 +0200 From: Imri Goldberg To: funsec Found on reddit: http://i.imgur.com

Re: Want to move to all 208V for server racks

2010-12-06 Thread Lamar Owen
On Saturday, December 04, 2010 05:52:09 pm Kevin Oberman wrote: > Lead-acid batteries can deliver way over 100 amps of current and a > conductor across "safe" voltage will get hot and, if not heavy enough, > will vaporize. Our smallish 540Ah -48VDC plant has a 35,000A short circuit rating; import

Re: Pointer for documentation on actually delivering IPv6

2010-12-06 Thread Dobbins, Roland
On Dec 6, 2010, at 10:49 PM, Jack Bates wrote: > So does NAT add to security? Yes; just not very much. It adds nothing which can't be added in another, better way, and it subtracts a great deal in terms of instantiating unnecessary DoSable stateful chokepoints in the network, not to mention b

Re: How do you do rDNS for IPv6 ?

2010-12-06 Thread Jack Bates
On 12/5/2010 4:25 PM, Felipe Zanchet Grazziotin wrote: There are other useful tips too, including ideas for PowerDNS and Bind. Yeah, PowerDNS already supports generating /PTR on the fly. I'm more of the opinion that generic hosts shouldn't have rDNS, but that will depend on banks and ot

Re: Pointer for documentation on actually delivering IPv6

2010-12-06 Thread Joe Greco
> First, let's clarify things a bit. I don't think unintended routing is = > what concerns your IT guys. Afterall, even with the NAT > box today, there's routing from the outside to the inside. It's just = > controlled by stateful inspection. It might be better stated differently. With NAT, routi

Re: Pointer for documentation on actually delivering IPv6

2010-12-06 Thread Jack Bates
On 12/6/2010 9:07 AM, Owen DeLong wrote: Seriously, though, you're welcome to use fd00::/8 for exactly that purpose. The problem is that you (and hopefully it stays this way) won't have much luck finding a vendor that will provide the NAT for you to do it with. Corporate IT community *expects*

Re: Over a decade of DDOS--any progress yet?

2010-12-06 Thread Patrick W. Gilmore
On Dec 6, 2010, at 10:34 AM, David Ulevitch wrote: > On Mon, Dec 6, 2010 at 6:10 AM, Patrick W. Gilmore wrote: >> On Dec 6, 2010, at 4:07 AM, Jonas Frey (Probe Networks) wrote: >> >>> Besides having *alot* of bandwidth theres not really much you can do to >>> mitigate. Once you have the bandwidt

Re: Over a decade of DDOS--any progress yet?

2010-12-06 Thread David Ulevitch
On Mon, Dec 6, 2010 at 6:10 AM, Patrick W. Gilmore wrote: > On Dec 6, 2010, at 4:07 AM, Jonas Frey (Probe Networks) wrote: > >> Besides having *alot* of bandwidth theres not really much you can do to >> mitigate. Once you have the bandwidth you can filter (w/good hardware). >> Even if you go for 8

RE: Cloud proof of failure - was:: wikileaks unreachable

2010-12-06 Thread Nathan Eisenberg
> In a cloud hosting environment, you typically don't know where your > data and servers are, and thus you don't know what legal and political > pressures they may be subject to. If that means that in practice you > are subject to the combination of any pressure that can be applied to > any one of

Re: Pointer for documentation on actually delivering IPv6

2010-12-06 Thread Owen DeLong
On Dec 6, 2010, at 6:55 AM, Jared Mauch wrote: > > On Dec 6, 2010, at 8:35 AM, Jeff Johnstone wrote: > >> Speaking of IPV6 security, is there any movement towards any open source >> IPV6 firewall solutions for the consumer / small business? >> >> Almost all the info I've managed to find to dat

Re: Pointer for documentation on actually delivering IPv6

2010-12-06 Thread Jared Mauch
On Dec 6, 2010, at 8:35 AM, Jeff Johnstone wrote: > Speaking of IPV6 security, is there any movement towards any open source > IPV6 firewall solutions for the consumer / small business? > > Almost all the info I've managed to find to date indicates no support, nor > any planned support in upcomi

Re: Cloud proof of failure - was:: wikileaks unreachable

2010-12-06 Thread Marshall Eubanks
On Dec 6, 2010, at 4:49 AM, Nathan Eisenberg wrote: >> The cloud is a failure. Too easy to get it down. >> I guess wikileaks returning to dedicated hosting proofs that. > > No, it just proves that organizational decisions are made by human beings > that have values. Whether or not those values

Re: Over a decade of DDOS--any progress yet?

2010-12-06 Thread Patrick W. Gilmore
On Dec 6, 2010, at 4:07 AM, Jonas Frey (Probe Networks) wrote: > Besides having *alot* of bandwidth theres not really much you can do to > mitigate. Once you have the bandwidth you can filter (w/good hardware). > Even if you go for 802.3ba with 40/100 Gbps...you'll need alot of pipes. There is a

Re: Cloud proof of failure - was:: wikileaks unreachable

2010-12-06 Thread Joe Greco
[peter's theory] > > The cloud is a failure. Too easy to get it down. > > I guess wikileaks returning to dedicated hosting proofs that. > No, it just proves that organizational decisions are made by human beings t= > hat have values. Whether or not those values are 'right' isn't the point -= > t

Re: Google mail admin contact needed (STARTTLS capabilities issue)

2010-12-06 Thread William Allen Simpson
On 12/6/10 6:58 AM, Michael Wildpaner wrote: PIPELINING and STARTTLS are unrelated issues, and both are currently working as intended. - STARTTLS on MX is in the process of being rolled out and not visible from all client locations at this point. - PIPELINING is not offered under all

Re: Pointer for documentation on actually delivering IPv6

2010-12-06 Thread Jeff Johnstone
On Mon, Dec 6, 2010 at 5:27 AM, Dobbins, Roland wrote: > > On Dec 6, 2010, at 6:43 PM, Chris Nicholls wrote: > > > I found the following very helpful, Hardest thing for me was nailing > DHCPv6-PD without an DHCP server :) > > > This is the best/most complete work on IPv6 security to date, IMHO: >

Re: Pointer for documentation on actually delivering IPv6

2010-12-06 Thread Dobbins, Roland
On Dec 6, 2010, at 6:43 PM, Chris Nicholls wrote: > I found the following very helpful, Hardest thing for me was nailing > DHCPv6-PD without an DHCP server :) This is the best/most complete work on IPv6 security to date, IMHO:

Re: ARIN space not accepted

2010-12-06 Thread Robert E. Seastrom
"Kevin Oberman" writes: >> From: valdis.kletni...@vt.edu >> > From: valdis.kletni...@vt.edu >> Date: Fri, 03 Dec 2010 20:00:15 -0500 >> >> On Fri, 03 Dec 2010 14:24:16 PST, Leo Bicknell said: >> >> > It is speculated that no later than Q1, two more /8's will be allocated, >> > triggering a pol

Re: Google mail admin contact needed (STARTTLS capabilities issue)

2010-12-06 Thread Michael Wildpaner
On Fri, 3 Dec 2010, Valdis.Kletnieks at vt.edu wrote: > On Fri, 03 Dec 2010 17:30:38 PST, Brent Jones said: > > For example, below shows the same MX at Google responding with and > > without TLS. I attempted about a dozen times over a few minutes to the > > same MX until I got STARTTLS listed in th

Re: How do you do rDNS for IPv6 ?

2010-12-06 Thread Owen DeLong
On Dec 5, 2010, at 5:28 PM, Franck Martin wrote: > > > - Original Message - >> From: "Owen DeLong" >> To: "John Levine" >> Cc: nanog@nanog.org >> Sent: Sunday, 5 December, 2010 2:54:43 PM >> Subject: Re: How do you do rDNS for IPv6 ? >> On Dec 5, 2010, at 2:13 PM, John Levine wrote: >

Re: Pointer for documentation on actually delivering IPv6

2010-12-06 Thread Chris Nicholls
On Saturday, 4 December 2010 at K:40:50 -0500, Mark Radabaugh wrote: > Probably a case of something being blindingly obvious but... > > I have seen plenty of information on IPv6 from a internal network > standpoint. I have seen very little with respect to how a ISP is > supposed to handle rout

Re: Cloud proof of failure - was:: wikileaks unreachable

2010-12-06 Thread Suresh Ramasubramanian
On Mon, Dec 6, 2010 at 3:08 PM, Peter Dambier wrote: > The cloud is a failure. Too easy to get it down. > I guess wikileaks returning to dedicated hosting proofs that. I haven't used this sign in nearly a decade. And certainly not on nanog. Anyway .. I'll end this thread now. And folks ..

Re: Cloud proof of failure - was:: wikileaks unreachable

2010-12-06 Thread Simon Waters
On Monday 06 December 2010 09:47:43 Jay Mitchell wrote: > > "The Cloud" went down? I think not. It did for at least one customer. > Having ones account terminated as opposed to an outage caused by DDoS are > two very different things. Although not for all DNS providers. There are operational le

RE: Cloud proof of failure - was:: wikileaks unreachable

2010-12-06 Thread Nathan Eisenberg
> The cloud is a failure. Too easy to get it down. > I guess wikileaks returning to dedicated hosting proofs that. No, it just proves that organizational decisions are made by human beings that have values. Whether or not those values are 'right' isn't the point - the point is that the technol

RE: Cloud proof of failure - was:: wikileaks unreachable

2010-12-06 Thread Jay Mitchell
"The Cloud" went down? I think not. Having ones account terminated as opposed to an outage caused by DDoS are two very different things. I'm certainly not an advocate of public cloud computing (I love it inside my own private network though :) ), but in this case asserting that the cloud is a fai

Cloud proof of failure - was:: wikileaks unreachable

2010-12-06 Thread Peter Dambier
Hi, there has been a lot of ethics and religio, ... but what is really important for operation: The cloud is a failure. Too easy to get it down. I guess wikileaks returning to dedicated hosting proofs that. Next time the board wants to convince me of cloud computing, I'll propose a botnet is ch

Re: (wikileaks) Fwd: [funsec] And Google becomes a DNS..

2010-12-06 Thread Simon Waters
On Sunday 05 December 2010 15:50:32 Gadi Evron wrote: > > I withhold comment... "discuss amongst yourselves". Since it is an uncommon but occasional complaint that someones site is indexed in Google by IP address not domain name, I assume simply that since wikileaks were redirecting to URLs with

Re: Over a decade of DDOS--any progress yet?

2010-12-06 Thread Dobbins, Roland
On Dec 6, 2010, at 2:50 PM, Sean Donelan wrote: > Other than buying lots of bandwidth and scrubber boxes, have any other DDOS > attack vectors been stopped or rendered useless during the last > decade? These .pdf presos pretty much express my view of the situation, though I do need to rev th

Re: ARIN recognizes Interop for return of more than 99% of 45/8 address block

2010-12-06 Thread Florian Weimer
* John Curran: > I agree with Chris; this (and any other returns) won't change the IPv4 > depletion/IPv6 deployment timeline substantially, I guess there are a lots of unused assignments within provider-dependent address space. In my experience with a couple of LIRs, none of them was very eager

Re: Over a decade of DDOS--any progress yet?

2010-12-06 Thread Jonas Frey (Probe Networks)
Besides having *alot* of bandwidth theres not really much you can do to mitigate. Once you have the bandwidth you can filter (w/good hardware). Even if you go for 802.3ba with 40/100 Gbps...you'll need alot of pipes. Spoofed attacks have reduced significally probably because the use of RPF. Howeve

Looking for security/abuse contact at EGIHosting

2010-12-06 Thread John Adams
Contact me off list please. Thanks, -john

Re: Over a decade of DDOS--any progress yet?

2010-12-06 Thread Blake Dunlap
On Mon, Dec 6, 2010 at 01:50, Sean Donelan wrote: > > February 2000 weren't the first DDOS attacks, but the attacks on multiple > well-known sites did raise DDOS' visibility. > > What progress has been made during the last decade at stopping DDOS > attacks? > > SMURF attacks creating a DDOS from