Hi Ryan,
On 9/25/16 11:50 PM, ryan landry wrote:
> for isp's it's a resourcing vs revenue problem. always has been.
Sure. The question is whether IoT can make a change in consumer
attitudes. Riek, Bohme, et al have been working on this [1]. And there
is earlier work as well. What that earl
On Sun 2016-Sep-25 15:59:15 -0700, Stephen Satchell wrote:
On 09/25/2016 07:32 AM, Jay R. Ashworth wrote:
From: "Jay Farrell via NANOG"
And of course Brian Krebs has a thing or two to say, not the least is which
to push for BCP38 (good luck with that, right?).
https://krebsonsecurity.com/2
On Sun 2016-Sep-25 17:01:55 -0400, John R. Levine wrote:
https://www.internetsociety.org/sites/default/files/01_5.pdf
The attack is triggered by a few spoofs somewhere in the world. It is not
feasible to stop this.
That paper is about reflection attacks. From what I've read, this was
not
It’s safe to ignore the silent minority that cannot really tell what is
happening in most cases, but that doesn’t mean it “works” for any standard I
would consider valid.
Huh. So you're saying Bill Woodcock doesn't have the skills to see how
his traffic is failing?
Regards,
John Levine, jo
Assuming all transit providers your packets may traverse on the way to all of
your
customers is the kind of thing that leads to me quoting Mr. Bush…
“I encourage my competitors to try this.”
Owen
> On Sep 25, 2016, at 6:32 PM, Mark Andrews wrote:
>
>
> In message , Owen DeLong
> writes:
>>
In message , Owen DeLong
writes:
>
> > On Sep 24, 2016, at 8:47 AM, John Levine wrote:
> >
> >>> Well...by anycast, I meant BGP anycast, spreading the "target"
> >>> geographically to a dozen or more well connected/peered origins. At
> that
> >>> point, your ~600G DDoS might only be around
> >>
> On Sep 24, 2016, at 8:47 AM, John Levine wrote:
>
>>> Well...by anycast, I meant BGP anycast, spreading the "target"
>>> geographically to a dozen or more well connected/peered origins. At that
>>> point, your ~600G DDoS might only be around
>>
>> anycast and tcp? the heck you say! :)
>
> P
In message <1474840690.4107784.736591409.28e80...@webmail.messagingengine.com>,
"Radu-Adrian Feurdean" writes:
> On Sun, Sep 25, 2016, at 23:27, Mark Andrews wrote:
>
> > But it shows that if you turn on IPv6 on the servers you will get
> > IPv6 traffic. We are no longer is a world where turnin
On 09/25/2016 07:32 AM, Jay R. Ashworth wrote:
From: "Jay Farrell via NANOG"
> And of course Brian Krebs has a thing or two to say, not the least is which
> to push for BCP38 (good luck with that, right?).
>
> https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/
Well, given ho
On Sep 25, 2016, at 6:35 PM, Brett Glass wrote:
> At 03:50 PM 9/25/2016, Patrick W. Gilmore wrote:
>> What Brett is asking seems reasonable, even useful. Unfortunately, it is not
>> as simple as posting a list of addresses on a website.
>>
>> Many devices are compromised because of default user
> On Sep 25, 2016, at 3:58 PM, Radu-Adrian Feurdean
> wrote:
>
> On Sun, Sep 25, 2016, at 23:27, Mark Andrews wrote:
>
>> But it shows that if you turn on IPv6 on the servers you will get
>> IPv6 traffic. We are no longer is a world where turning on IPv6
>> got you a handful of connections.
On Sun, Sep 25, 2016 at 1:01 PM, Brett Glass wrote:
> As an ISP who is pro-active when it comes to security, I'd like to know
> what IP address(es) are being hit by the Krebs on Security DDoS attack. If
> we know, we can warn customers that they are harboring infected PCs and/or
> IoT devices. (A
At 03:50 PM 9/25/2016, Patrick W. Gilmore wrote:
What Brett is asking seems reasonable, even useful. Unfortunately,
it is not as simple as posting a list of addresses on a website.
Many devices are compromised because of default user/pass
settings. Publishing a list of IP addresses which are
> On Sep 25, 2016, at 10:19 AM, Paul Thornton wrote:
>
> On 25/09/2016 01:54, Jay R. Ashworth wrote:
>> One year ago today, at 12:36pm EDT, Facebook On This Day reminds me, John
>> Curran announced that the last IPv4 address block in ARIN's Free Pool had
>> been assigned.
>>
>> How's that been
Baldur Norddahl wrote:
> The sad thing is that if we boot out grandma they will just switch to one
> of our competors and the TV will still be a bot. You can't win.
Good thing the smart TV / other IoT manufacturers have taken the
responsible approach and have committed to providing lifetime softwa
> i wish you luck with that. explaining to grandma that her samsung smart tv
> has been rooted and needs to be updated should be good fun.
The sad thing is that if we boot out grandma they will just switch to one
of our competors and the TV will still be a bot. You can't win.
On Sun, Sep 25, 2016, at 23:27, Mark Andrews wrote:
> But it shows that if you turn on IPv6 on the servers you will get
> IPv6 traffic. We are no longer is a world where turning on IPv6
> got you a handful of connections. There are billions of devices
> that can talk IPv6 to you today the moment
On Sep 25, 2016, at 5:50 PM, ryan landry wrote:
> On Sun, Sep 25, 2016 at 9:07 PM, Mark Andrews wrote:
>> This is such a golden opportunity for each of you to find compromised
>> hosts on your network or your customer's network. The number of
>> genuine lookups of the blog vs the number of bott
On Sep 25, 2016, at 4:01 PM, Brett Glass wrote:
> As an ISP who is pro-active when it comes to security, I'd like to know what
> IP address(es) are being hit by the Krebs on Security DDoS attack. If we
> know, we can warn customers that they are harboring infected PCs and/or IoT
> devices. (An
On Sun, Sep 25, 2016 at 9:07 PM, Mark Andrews wrote:
>
> This is such a golden opportunity for each of you to find compromised
> hosts on your network or your customer's network. The number of
> genuine lookups of the blog vs the number of botted machine would
> make it almost certain that anyth
In message <1474836642.4090975.736557521.25674...@webmail.messagingengine.com>,
"Radu-Adrian Feurdean" writes:
> On Sun, Sep 25, 2016, at 18:29, Ca By wrote:
> > Think it is fair to say big content and big eyeballs have moved to IPv6
> > (notable exceptions exist)
> >
> > http://www.internetsoci
This is such a golden opportunity for each of you to find compromised
hosts on your network or your customer's network. The number of
genuine lookups of the blog vs the number of botted machine would
make it almost certain that anything directed at the blog is a
compromised machine. A phone call
https://www.internetsociety.org/sites/default/files/01_5.pdf
The attack is triggered by a few spoofs somewhere in the world. It is not
feasible to stop this.
That paper is about reflection attacks. From what I've read, this was not
a reflection attack. The IoT devices are infected with botwa
On Sun, Sep 25, 2016, at 19:40, Seth Mattinen wrote:
> ARIN's last /8 was run to zero last year.
>
> Anything since then has been randomness from the waiting list such as:
> https://www.arin.net/announcements/2016/20160902.html
and a slightly more restricted "really last" /10 : 23.128.0.0/10
On Sun, Sep 25, 2016, at 18:29, Ca By wrote:
> Think it is fair to say big content and big eyeballs have moved to IPv6
> (notable exceptions exist)
>
> http://www.internetsociety.org/deploy360/blog/2016/08/facebook-akamai-pass-major-milestone-over-50-ipv6-from-us-mobile-networks/
Big, yes, many -
As an ISP who is pro-active when it comes to security, I'd like to
know what IP address(es) are being hit by the Krebs on Security
DDoS attack. If we know, we can warn customers that they are
harboring infected PCs and/or IoT devices. (And if all ISPs did
this, it would be possible to curtail s
This time around its not about spoofing.
I presume this is development of the same botnet/worm that we seen day2 of
Shellshock public disclosure - its was pretty hightech - golang,
arm/mips/x86 support, multiple attack vectors - inlcuding (surprisingly)
very effective password guessing.
It counted
> From deles...@gmail.com Sun Sep 25 20:26:56 2016
> Sorry you don't understand how multinational companies and
> peering agreements work
Right, thanks for letting me know.
> nor any of the relationships my past networks would of had with akamai
I don't care what yours were in the past, if peer
Brandon,
Sorry you don't understand how multinational companies and peering agreements
work, nor any of the relationships my past networks would of had with akamai.
But be confident in the fact none of your concerns would of been an issue and
it certainly wasn't because decisions were made wi
> From: jim deleskie
> Sorry but you are mistaken. I've worked at Sr. levels for several LARGE and
> medium sized networks. What does it cost and what do we make doing it,
> over rules what is "good for the internet" every time it came up.
"nice network you have there, shame if something were to
> On Sep 24, 2016, at 7:47 AM, John Levine wrote:
>
>>> Well...by anycast, I meant BGP anycast, spreading the "target"
>>> geographically to a dozen or more well connected/peered origins. At that
>>> point, your ~600G DDoS might only be around
>>
>> anycast and tcp? the heck you say! :)
>
> Pe
Has anyone stopped to consider what a gift these hackers gave all of
us? They exposed their capabilities and nobody got hurt. We all had a
notion as to what sort of attacks were possible in theory. Now we have
reality. Business being what it is, customers may not be interested in
others' securi
On Sunday, September 25, 2016, jim deleskie wrote:
> Sorry but you are mistaken. I've worked at Sr. levels for several LARGE
> and medium sized networks.
>
> mazel tov
>
> What does it cost and what do we make doing it, over rules what is "good
> for the internet" every time it came up.
>
>
100
On 25/09/2016 18:40, Seth Mattinen wrote:
On 9/25/16 9:19 AM, Paul Thornton wrote:
I can't find an equivalent ARIN page of "how much we've allocated from
our last /8" - the statistics show that just over 2x /16s worth have
been assigned/allocated between January 2016 and July 2016, so a lower
r
Sorry but you are mistaken. I've worked at Sr. levels for several LARGE and
medium sized networks. What does it cost and what do we make doing it,
over rules what is "good for the internet" every time it came up.
On Sun, Sep 25, 2016 at 2:27 PM, Ca By wrote:
> On Sunday, September 25, 2016, Joh
On Sunday, September 25, 2016, John Levine wrote:
> >> Yeh, bcp38 is not a viable solution.
>
> Krebs said this DDoS came from insecure IoT devices, of which there
> are a kazillion, with the numbers growing every day. Why would they
> need to spoof IPs? How would BCP38 help?
>
> R's,
> John
>
On 9/25/16 9:19 AM, Paul Thornton wrote:
I can't find an equivalent ARIN page of "how much we've allocated from
our last /8" - the statistics show that just over 2x /16s worth have
been assigned/allocated between January 2016 and July 2016, so a lower
rate by some margin than RIPE - but there ar
On Sunday, September 25, 2016, Paul Thornton wrote:
>
> On 25/09/2016 17:29, Ca By wrote:
>
> For your use case , would ipv6 solve anything?
>>
>> Think it is fair to say big content and big eyeballs have moved to IPv6
>> (notable exceptions exist)
>>
>> http://www.internetsociety.org/deploy360/b
On Sunday, September 25, 2016, John Kristoff wrote:
> On Sun, 25 Sep 2016 14:36:18 +
> Ca By > wrote:
>
> > As long as their is one spoof capable network on the net, the problem
> will
> > not be solved.
>
> This is not strictly true. If it could be determined where a large
> bulk of the spo
>> Yeh, bcp38 is not a viable solution.
Krebs said this DDoS came from insecure IoT devices, of which there
are a kazillion, with the numbers growing every day. Why would they
need to spoof IPs? How would BCP38 help?
R's,
John
ARIN exhausted their last /8 about a year ago.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
- Original Message -
From: "Paul Thornton"
To: nanog@nanog.org
Sent: Sunday, September 25, 2016 11:19:01 AM
Subject:
On Sun, 25 Sep 2016 14:36:18 +
Ca By wrote:
> As long as their is one spoof capable network on the net, the problem will
> not be solved.
This is not strictly true. If it could be determined where a large
bulk of the spoofing came from, public pressure could be applied. This
may not have b
You don't need complete adoption to reduce the attacks. If ASes representing
25% of the current spoofed traffic implemented BCP38, then guess what, there's
25% less of an attack.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.c
On 25/09/2016 17:29, Ca By wrote:
For your use case , would ipv6 solve anything?
Think it is fair to say big content and big eyeballs have moved to IPv6
(notable exceptions exist)
http://www.internetsociety.org/deploy360/blog/2016/08/facebook-akamai-pass-major-milestone-over-50-ipv6-from-us-m
On Sunday, September 25, 2016, Paul Thornton wrote:
> On 25/09/2016 01:54, Jay R. Ashworth wrote:
>
>> One year ago today, at 12:36pm EDT, Facebook On This Day reminds me, John
>> Curran announced that the last IPv4 address block in ARIN's Free Pool had
>> been assigned.
>>
>> How's that been wor
On 25/09/2016 01:54, Jay R. Ashworth wrote:
One year ago today, at 12:36pm EDT, Facebook On This Day reminds me, John
Curran announced that the last IPv4 address block in ARIN's Free Pool had
been assigned.
How's that been workin' out for everyone?
If you'll all indulge a bit of a RIPE-centric
On Sunday, September 25, 2016, Jay R. Ashworth wrote:
> - Original Message -
> > From: "Ca By" >
>
> > On Sunday, September 25, 2016, Jay Farrell via NANOG >
> > wrote:
> >
> >> And of course Brian Krebs has a thing or two to say, not the least is
> which
> >> to push for BCP38 (good luc
- Original Message -
> From: "Ca By"
> On Sunday, September 25, 2016, Jay Farrell via NANOG
> wrote:
>
>> And of course Brian Krebs has a thing or two to say, not the least is which
>> to push for BCP38 (good luck with that, right?).
>>
>> https://krebsonsecurity.com/2016/09/the-democra
I've heard people say doing BCP38 is hard for big networks and it is if you do
it at your provider\peering edges. It's easier if done at the customer edge.
Simply don't allow the traffic onto your network to start with.
Limit the spoofing attacks to just a single random ASN. How much smaller is
On Sunday, September 25, 2016, Jay Farrell via NANOG
wrote:
> And of course Brian Krebs has a thing or two to say, not the least is which
> to push for BCP38 (good luck with that, right?).
>
> https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/
>
>
Yeh, bcp38 is not a viable s
- Original Message -
> From: "Jay Farrell via NANOG"
> And of course Brian Krebs has a thing or two to say, not the least is which
> to push for BCP38 (good luck with that, right?).
>
> https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/
Well, given how few contributi
And of course Brian Krebs has a thing or two to say, not the least is which
to push for BCP38 (good luck with that, right?).
https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/
On Sun, Sep 25, 2016 at 12:43 AM, Jay R. Ashworth wrote:
> - Original Message -
> > From: "
On Sat, Sep 10, 2016 at 11:14:13AM -0400, David Hill wrote:
> On Sat, Sep 10, 2016 at 06:55:59AM -0700, Stephen Satchell wrote:
> > Would someone at Charter Communications who is on this list indicate the
> > roll-out schedule for IPv6 to business customers using cable modems as
> > opposed to fi
53 matches
Mail list logo