Ok, so this mailing list is a list of network operators. Swell. Every
network operator who can do so, please raise your hand if you have
*recently* scanned you own network and if you can -honestly- attest
that you have taken all necessary steps to insure that none of the
numerous specific typ
Talk about a life well led. Leo Beranek had 102 years of sustained
creativity. Any one of his three or four careers would have been
remarkable. In the 1940s, 1950s, 1960s, he laid the foundation that young
whippersnappers such as Cerf and Postel would build on. He was contributing
into his 100s. He
Modern medicine, sanitation, and sedentary lifestyles for the developed
world have effectively culled natural selection for most internet users.
On Oct 22, 2016 7:16 PM, "Keith Medcalf" wrote:
>
> On: Saturday, 22 October, 2016 17:41, Jean-Francois Mezei <
> jfmezei_na...@vaxination.ca> wrote:
>
On: Saturday, 22 October, 2016 17:41, Jean-Francois Mezei
wrote:
> On 2016-10-22 19:03, Keith Medcalf wrote:
> > This does not follow and is not a natural consequence of sealing the
> little buggers up so that they cannot affect the Internet
> Problem is that many of these gadgets want to be
On 2016-10-22 19:03, Keith Medcalf wrote:
> This does not follow and is not a natural consequence of sealing the little
> buggers up so that they cannot affect the Internet
Problem is that many of these gadgets want to be internet connected so
mother at work can check on her kids at home, start
> On Oct 22, 2016 5:11 PM, "Mark Andrews" wrote:
> One way to deal with this would be for ISP's to purchase DoS attacks
> against their own servers (not necessarially hosted on your own
> network) then look at which connections from their network attacking
> these machines then quarantine these
I was referring to your use case and it being a business, for residential I
agree with you.
Sent from my iPhone
On Oct 22, 2016, at 12:21 PM, jim deleskie
mailto:deles...@gmail.com>> wrote:
Sure, but now we put it outside the skill level of 99.99% of the people that
don't read and understand
VPNs can accomplish this without opening ports directly to devices.
Luke
Sent from my iPhone
On Oct 22, 2016, at 12:06 PM, jim deleskie
mailto:deles...@gmail.com>> wrote:
It is also likely the desired use case. In my office I like to be able to
login when needed when on the road, when the al
On 10/21/2016 7:34 PM, Keenan Tims wrote:
I don't have a horse in this race, and haven't used it in anger, but
Netflix released denominator to attempt to deal with some of these
issues:
https://github.com/Netflix/denominator
Their goal is to support the highest common denominator of features
>
> > On Oct 21, 2016, at 6:35 PM, Eitan Adler wrote:
> >
> > [...]
> >
> > In practice TTLs tend to be ignored on the public internet. In past
> > research I've been involved with browser[0] behavior was effectively
> > random despite the TTL set.
> >
> > [0] more specifically, the chain of DNS r
On 22 October 2016 at 16:40, marcel.duregards--- via NANOG
wrote:
> What about BCP38+84 on 30 tier-1 instead of asking/hoping 55k others
> autonomous-system having good filters in place ?
The originating ISPs are in a far better position to check that traffic
isn't from spoofed address ranges t
> It's also generally counter to them being available outside of that
> network.
This does not follow and is not a natural consequence of sealing the little
buggers up so that they cannot affect the Internet (or you private networks).
Even if you lock you pet mouse in a cage, you can still fee
On 2016-10-22 18:35, Ray Van Dolson wrote:
> https://urldefense.proofpoint.com/v2/url?u=http-3A__hub.dyn.com_dyn-2Dblog_dyn-2Dstatement-2Don-2D10-2D21-2D2016-2Dddos-2Dattack&d=DQIBAg&c=n6-cguzQvX_tUIrZOS_4Og&r=r4NBNYp4yEcJxC11Po5I-w&m=iGvkbfzRJPqKO1A6YGa-c1m0RBLNkRk03hCjvVGTH3k&s=bScBNFncB3kt_cG0L3
How many people remember that Bolt Beranek and Newman was originally an
acoustical consultancy, specializing in concert halls?
http://www.honoraryunsubscribe.com/leo_beranek.html?awt_l=ACI.7&awt_m=JXfIgZRK.SAPkr
Happy Landings, Leo!
Cheers,
-- jra
--
Jay R. Ashworth Baylink
One sec, starting a relationship with $CPEvendor...
I'll let you know how this goes.
"Yes, every customer I went to had malware. That's okay, right?"
;)
On Oct 22, 2016 5:56 PM, "Mark Andrews" wrote:
>
> In message mail.gmail.com>
> , Josh Reynolds writes:
> >
> > And then what?
>
> They get
In message
, Josh Reynolds writes:
>
> And then what?
They get in someone to clean up their network. When they say it
is clean you reconnect them. If this happens more often than once
a year you charge them a months fees per additional incident. Have
the year timer start when reconnect is re
Thanks for the link.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
- Original Message -
From: "Ray Van Dolson"
To: "Mike Hammett"
Cc: nanog@nanog.org
Sent: Saturday, October 22, 2016 5:35:50 PM
Subject: Re:
On 22/Oct/16 23:59, Marian Ďurkovič wrote:
>
> The question here is, whether MPLS is the *optimal* solution for campus needs.
>
> The same functionality could be obviously achived by multiple technologies,
> and while MPLS is well supported on high-end SP routers, various limitations
> appear wh
I wish you luck with your plan, and please subscribe me to your newsletter
in digest format.
On Oct 22, 2016 5:32 PM, "Mark Foster" wrote:
> The person who owns the internet connection still has responsibility for
> what happens on it.
>
> So if the owners are educated to select reputable brands
https://urldefense.proofpoint.com/v2/url?u=http-3A__hub.dyn.com_dyn-2Dblog_dyn-2Dstatement-2Don-2D10-2D21-2D2016-2Dddos-2Dattack&d=DQIBAg&c=n6-cguzQvX_tUIrZOS_4Og&r=r4NBNYp4yEcJxC11Po5I-w&m=iGvkbfzRJPqKO1A6YGa-c1m0RBLNkRk03hCjvVGTH3k&s=bScBNFncB3kt_cG0L3iys0mfXBmwwUR7A8rIDmi94D4&e=
On Sat, Oct 2
The person who owns the internet connection still has responsibility for
what happens on it.
So if the owners are educated to select reputable brands in order to
prevent themselves from being implicated in a DDoS and liable for a fine
or some other punitive thing, they 'vote with their feet' a
And then what? The labor to clean up this mess is not free. Who's
responsibility is it? The grandma who got a webcam for Christmas to watch
the squirrels? The ISP?... No... The vendor? What if the vendor had
released a patch to fix the issue months back, and grandma hadn't installed
it?
Making gra
One way to deal with this would be for ISP's to purchase DoS attacks
against their own servers (not necessarially hosted on your own
network) then look at which connections from their network attacking
these machines then quarantine these connections after a delay
period so that attacks can't be c
On Sat, 22 Oct 2016 21:29:22 +0200, Mark Tinka wrote
> On 21/Oct/16 19:02, Javier Solis wrote:
> > With that said, what are the best options to be able to cost effectively
> > scale without using vlans and maintaining a routed core? What technology
> > would someone suggest (mpls, vxlan,etc) to b
That's what VPNs are for.
On 10/22/2016 10:04 AM, jim deleskie wrote:
> It is also likely the desired use case. In my office I like to be able to
> login when needed when on the road, when the alarm company calls me at 2am
> for a false alarm so I don't have to get someone else out of bed to have
Until Dyn says or someone says Dyn said, everything is assumed.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
- Original Message -
From: "Peter Baldridge"
To: "Jean-Francois Mezei"
Cc: nanog@nanog.org
Sent: S
On Sat, Oct 22, 2016 at 1:47 PM, Jean-Francois Mezei
wrote:
> Generic question:
>
> The media seems to have concluded it was an "internet of things" that
> caused this DDoS.
>
> I have not seen any evidence of this. Has this been published by an
> authoritative source or is it just assumed?
Flash
> Vast majority of homes are behind NAT, which means that an incoming
> packet has very little chance of reaching the IoT gizmo.
UPNP exposes many IoT devices to the Internet, plus they're always exposed on
the LAN, where many viruses find them and use backdoors to conscript them.
Several bad a
Generic question:
The media seems to have concluded it was an "internet of things" that
caused this DDoS.
I have not seen any evidence of this. Has this been published by an
authoritative source or is it just assumed?
Has the type of device involved been identified?
I am curious on how some hac
On 21/Oct/16 19:02, Javier Solis wrote:
> With that said, what are the best options to be able to cost
> effectively scale without using vlans and maintaining a routed core?
> What technology would someone suggest (mpls, vxlan,etc) to be the best
> possible solution?
>
IME, MPLS is a good use-c
Mike,
On October 22, 2016 at 8:09:34 AM, Mike Hammett (na...@ics-il.net) wrote:
How can I as a network operator seek out and eliminate the sources of these
attacks?
Maybe (not sure) one way would be to examine your resolver query logs to look
for queries for names that fit domain generation al
Sure, but now we put it outside the skill level of 99.99% of the people
that don't read and understand this list.
-jim
On Sat, Oct 22, 2016 at 2:09 PM, Luke Guillory
wrote:
> VPNs can accomplish this without opening ports directly to devices.
>
> Luke
>
>
> *Sent from my iPhone*
>
> On Oct 22,
It's also generally counter to them being available outside of that network.
(web and proprietary interfaces needed, SSH and telnet not). That's also not
much I can do as a network operator.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://ww
It is also likely the desired use case. In my office I like to be able to
login when needed when on the road, when the alarm company calls me at 2am
for a false alarm so I don't have to get someone else out of bed to have
them dispatched to check on the site.
-jim
On Sat, Oct 22, 2016 at 1:42 PM
> On Oct 22, 2016, at 7:34 AM, Mike Hammett wrote:
>
> "taken all necessary steps to insure that none of the numerous specific types
> of CCVT thingies that Krebs and others identified"
>
> Serious question... how?
Putting them behind a firewall without general Internet access seems to work
Patrick,
We are client of 3 tier1. On our netflow collector, we can observe that
RFC1918 sources ip traffic is entering our AS via 2 of those tier-1.
Yes, 2 bigs tier-1 allow private ip traffic coming from their networks,
clients, peerings to reach others customers, via Internet link, on
public ip
(Inband signalling - bad except for BGP?)
General comment: why are we blaming the client devices for the lack of security?
This is like Microsoft villifying linux in the late 90s because "there's no
restrictions on use or packet crafting on the client side" - of course there
isn't, in Windows eit
* Randy Bush:
> anyone who relies on a single dns provider is just asking for stuff such
> as this.
Blaming the victim isn't helpful. And without end-user-visible
changes, most of the victims would still depend on Verisign as a
single provider for a critical part of their DNS service.
Not trolling in the least. I'm genuinely trying my best to help the greater
community.
Agreed on ShadowServer. I get their reports and I recommend others do the same.
Oh, okay, I responded to someone that said:
=
Every
network operator who can do so, please raise your hand if you have
> From nanog-boun...@nanog.org Sat Oct 22 15:51:34 2016
> If they are easy to trace, then it should be easy for you to
> tell me how to find them on my network.
Not sure if you're trolling now, apologies if what I wrote
wasn't clear.
If you did want to find them before they attack then you coul
On Sat, 22 Oct 2016, Alexander Maassen wrote:
Remember ping packets containing +++ATH0 ?
THat only worked because of patents:
https://en.wikipedia.org/wiki/Time_Independent_Escape_Sequence
Inband signaling is bad, mmmkay?
--
Mikael Abrahamssonemail: swm...@swm.pp.se
If they are easy to trace, then it should be easy for you to tell me how to
find them on my network.
The addresses being known to them doesn't help me at all clean up my network or
help other networks clean up theirs.
It would be rather difficult for me (and I'm sure many other operators) to
On Sat, Oct 22, 2016 at 03:22:55PM +0100, Brandon Butterworth wrote:
> Well their addresses are now known so one way would be for each ISP to
> drop traffic from them. If people don't fix them why should these
> devices stay on the net?
Bingo. The manufacturer of these decided to build them as ch
> "their" Whose addresses are known
The "CCVT thingies" you refer to. Unlike spoof
attacks these are easy to trace
> and who are they known to?
Those who were attacked by them or worked on mitigation of
the attack. If not this time then they should next time
as there will be a next time.
> Some
"their" Whose addresses are known and who are they known to? I certainly don't
know the addresses of anyone involved. Some work can produce Dyn allocations, I
suppose.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
-
> From: Mike Hammett
> "taken all necessary steps to insure that none of the numerous specific types
> of CCVT thingies that Krebs and others identified"
>
> Serious question... how?
Well their addresses are now known so one way would be for each ISP to
drop traffic from them. If people don't
On 10/22/2016 05:34 AM, Mike Hammett wrote:
> "taken all necessary steps to insure that none of the numerous specific types
> of CCVT thingies that Krebs and others identified"
>
> Serious question... how?
>
Network operators can only do so much. By the time traffic enters into
an ISP's traf
In a message written on Sat, Oct 22, 2016 at 07:34:55AM -0500, Mike Hammett
wrote:
> "taken all necessary steps to insure that none of the numerous specific types
> of CCVT thingies that Krebs and others identified"
From
https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-ma
"taken all necessary steps to insure that none of the numerous specific types
of CCVT thingies that Krebs and others identified"
Serious question... how?
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
- Original Mess
Remember ping packets containing +++ATH0 ?
Kind regards,
Alexander Maassen
- Technical Maintenance Engineer Parkstad Support BV- Maintainer DroneBL-
Peplink Certified Engineer
Oorspronkelijk bericht Van: Alain Hebert
Datum: 21-10-16 23:37 (GMT+01:00) Aan: nanog@nanog.org Onde
Then, again, Ayn Rands idea of "sex" was to get slapped around first.. I
am not sure I would
acquire my "life philosophy" from her
and, as *proudly* *independent* as she was, in the end, she relied upon
American Social Security
to get by
talk is cheap.
On 10/21/2016 09:02 PM, James D
51 matches
Mail list logo
