> I've seen it at recent RIPE and LACNIC conferences. Supposedly all of
> the big geolocation providers support it or are planning on supporting
> it.
Possibly relevant there: https://geolocatemuch.com/
--
Hugo Slabbert
On Sun, Jun 11, 2023 at 10:56 AM Randy Bush wrote:
> >
from
https://docs.elastiflow.com/docs/flowcoll/install_docker/ and the ELK side
from https://docs.elastiflow.com/docs/data_platforms/elastic/cluster_xsmall
--
Hugo Slabbert
On Mon, Mar 20, 2023 at 5:59 AM Mike Hammett wrote:
> Apparently, Elastiflow is only part of the solution you need. You
Good call, thanks. That appears to be via the assigned resources bit ("IP
Addresses" heading in Arin Online). Will give that a shot, thanks!
--
Hugo Slabbert
On Tue, Aug 30, 2022 at 1:38 PM Job Snijders wrote:
> On Tue, Aug 30, 2022 at 01:28:18PM -0700, Hugo Slabbert wr
ing, I would hope so?
--
Hugo Slabbert
On Tue, Aug 30, 2022 at 12:48 PM Job Snijders wrote:
> Dear Hugo,
>
> On Tue, Aug 30, 2022 at 12:34:41PM -0700, Hugo Slabbert wrote:
> > Google folks:
> >
> > I see historical reference to needing to use the Google Peering Porta
? Are there any avenues to provide Google with
geofeed info if you're *not* currently peering with 15169? Or to get access
to just the geofeed update portion of the Peering Portal?
--
Hugo Slabbert
This appears to have corrected some time today and users are no longer
experiencing these symptoms.
If no one at Telus touched anything, then please ignore.
If someone spotted this and tweaked something, thanks, though I would
appreciate info on what was updated.
Hugo Slabbert
Network Engineer
131, and is advertised out from
60229 to Akamai/Prolexic (32787).
Hugo Slabbert
Network Engineer
Demonware
What about some other options?
https://paris-traceroute.net/
https://dublin-traceroute.net/
https://github.com/rucarrol/traceflow
--
Hugo Slabbert
On Wed, Nov 24, 2021 at 9:54 AM Thomas Scott
wrote:
> Ha, my apologies, I thought I was writing this for a Linux User Group, not
> a NOG.
this and in the future have some better things
> in place to account for such a scenario.
100%
I think we can say with some level of confidence that there is going to be
a *lot* of discussion and re-evaluation of inter-service dependencies.
--
Hugo Slabbert
On Wed, Oct 6, 2021 at 9:48 A
erve stale data than none at all; CAP
theorem trade-offs at work?
--
Hugo Slabbert
On Tue, Oct 5, 2021 at 3:22 PM Michael Thomas wrote:
>
> On 10/5/21 3:09 PM, Andy Brezinsky wrote:
>
> It's a few years old, but Facebook has talked a little bit about their DNS
> infrastru
Looks like their auth DNS dropped out of the DFZ:
https://twitter.com/g_bonfiglio/status/1445056923309649926?s=20
https://twitter.com/g_bonfiglio/status/1445058771261313046?s=20
--
Hugo Slabbert
On Mon, Oct 4, 2021 at 9:21 AM George Metz wrote:
> Also impacting Instagram and, apparen
s more versed than myself
answer there, though. Roland probably has a deck ready to link ;)
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
On Mon, Feb 8, 2021 at 10:10 AM Compton, Rich A
wrote:
> FYI, that looks like a Web Services Dynamic
es as I used poor phrasing here.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
On Sun, Mar 22, 2020 at 6:45 PM Łukasz Bromirski
wrote:
> Hugo,
>
> > On 23 Mar 2020, at 01:32, Hugo Slabbert wrote:
> >
> > I think th
s Zoom & friends take off more, but the bulk of the
anecdotal evidence thus far seems to indicate absolute traffic levels to
largely be below historical peaks from exceptional events (large
international content distribution events).
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B1
Thanks Rich.
Good, clear, reasonable steps to have on hand.
On Sat., Mar. 14, 2020, 11:50 Rich Kulawiec wrote:
> On Sat, Mar 14, 2020 at 11:01:48AM -0700, Mike Bolitho wrote:
> > Third, the trouble we had was a third party service having congestion
> > issues.
>
> This is a tiny sample of
I don't want to get in a fight, but absolutely:
Folks saw congestion from a massive free content drop this past week.
But as folks had called out, that was the CDN angle of distributing that
content rather than the actual game play. There is a rather long discussion
about that in the "akamai
taking the
>> necessary action (read, change some rules on my firewall).
>>
>> Thanks,
>>
>> Sabri
>>
>>
>> - On Mar 13, 2020, at 4:12 PM, Hugo Slabbert
>> wrote:
>>
>> I think under circumstances like thi
>
> I think under circumstances like this, I could definitely see some of the
> online based games shutting services down.
How so?
Signed,
Someone who works for an online gaming company and has heard nothing of
this.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.co
ad. **Warzone is a 83-101GB
> download for new, free-to-play users**.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
On Thu, Feb 13, 2020 at 3:33 AM Tom Beecher wrote:
> The discussion about what the consoles can or can not do is honestly n
I believe Owen was referring here to Google's actions: that the disagg is
the antisocial behaviour and that transit providers (the people they are
paying) would be more tolerant of that antisocial behaviour than would be
peers (the people they are not paying).
On Mon., Mar. 2, 2020, 13:19 Seth
t; will eventually figure out how to use it. (whether they realize it or not…
> I guess it just happens)
>
>
>
> -Aaron
>
>
>
> *From:* NANOG [mailto:nanog-boun...@nanog.org] *On Behalf Of *Hugo
> Slabbert
> *Sent:* Thursday, January 23, 2020 11:44 AM
> *To:*
> This just follows the same rules as networks have always seemed to; If
you build it, they will come, and you'll have to build more. :)
https://en.m.wikipedia.org/wiki/Induced_demand
:-)
On Thu., Jan. 23, 2020, 09:40 Tom Beecher wrote:
> I think this is a tribute to how we’ve built and
Unfortunately not too much help, but previous discussion on this turned up
fairly empty:
https://mailman.nanog.org/pipermail/nanog/2019-May/101016.html
https://mailman.nanog.org/pipermail/nanog/2017-September/092416.html
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key
If you have Direct Connects you should be able to log a ticket in the AWS
console, no? And/or the customer with the AWS VPCs should be able to? That
seems like the most logical starting point, yea?
On Tue., Jan. 14, 2020, 11:28 Peter Serwe wrote:
> I have a direct connect via Coresite LA1 over
No attachments to the ml, but I gotcha covered ;)
https://web.archive.org/web/20200109210214/https://noia.network/technology
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
On Thu, Jan 9, 2020 at 12:39 PM Töma Gavrichenkov wrote:
>
It would likely be helpful if you indicate which /24 and which supernet
you're talking about so people can perhaps comment if it's something around
IRR, ROAs, what their views are of the block(s), etc.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also
uot; attacks
Sony IP addresses? That does start to sound like someone is bouncing TCP
off of you (send you a SYN with spoofed Sony source IP address; have your
devices respond with TCP SYN+ACK). It would still be unwise of Imperva to
flag the address, but that could be the mechanism here, perhaps
r good
measure, if they're fairly consistent)?
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
On Tue, Jan 7, 2020 at 10:54 AM Töma Gavrichenkov wrote:
> Peace,
>
> On Tue, Jan 7, 2020 at 9:10 PM Hugo Slabbert wrote:
> > An
off of your endpoints with Sony's addresses as the spoofed
source such that Sony is getting targeted?
If the former: How is Sony involved there? Are people spoofing your source
addresses and trying to reflect off of Sony? Or how else did Sony catch
wind of it?
--
Hugo Slabbert | email
FastNetMon is awesome, but its a detection tool with no mitigation
capacity whatsoever.
Does is not, though, provide the ability to hook into RTBH or Flowspec
setups?
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
On Thu 2019-Dec-05 10:31
October 17, 2019 2:06:53 p.m. PDT, Hugo Slabbert wrote:
>
>On Thu 2019-Oct-17 14:19:54 -0600, Samir Rana
>wrote:
>
>>Greetings,
>>
>>We have asymmetric routing issues from Microsoft TORIX connection
>between
>>Microsoft and CANARIE and Microsoft and SHA
).
And? Like, why is this a problem? Internet routing is highly
asymmetrical.
if anyone from Microsoft is available please contact me offline.
Regards,
Samir
403.210.5382
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
signature.asc
The alternative or complementary approach is something like batfish[1], for
validation vs. emulation.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
[1] https://www.batfish.org/
On Wed 2019-Oct-16 12:19:31 -0400, Yan Filyurin wrote
. Due to their address learning design, they will
modify table entries based on this traffic leading to default gateway ARP
entry modification
The fix was to disable ARP caching on the APs so they don't proxy ARP but
ARP replies pass directly between client devices.
--
Hugo Slabbert
Also was a favourite last time this discussion popped up (in recent
memory):
https://mailman.nanog.org/pipermail/nanog/2018-March/094490.html
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
On Fri 2019-May-17 21:19:02 -0700, Crist Clark
] -
https://blog.apnic.net/2019/05/03/simplicity-is-key-to-network-redesign-for-line/
[1] - https://tools.ietf.org/html/rfc7938
--
Sadiq Saif
https://sadiqsaif.com
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
signature.asc
Description: Digital
is
being dropped by the downstream autonomous system, and there is no
added value in carrying the traffic to it.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
[1] https://tools.ietf.org/html/rfc5575
From: NANOG On Behalf Of Baldur Norddahl
Sent: Sa
On Sun 2018-Sep-02 10:09:32 +0700, Roland Dobbins wrote:
On 1 Sep 2018, at 1:43, Hugo Slabbert wrote:
Generally on the TCP side you can try SYN or ACK floods, but you're
not going to get an amplified reflection.
Actually, TCP reflection/amplification has been on the increase
segments ?? I ask since I heard this years
ago about tcp and I wonder if this is why
UDP, depending on the application, can be reflected and amplified.
Generally on the TCP side you can try SYN or ACK floods, but you're not
going to get an amplified reflection.
--
Hugo Slabbert | email
preso:
<https://app.box.com/s/xznjloitly2apixr5xge>
I would love an upstream that accepts flowspec routes to get granular about
drops and to basically push "stateless ACLs" upstream.
_keeps dreaming_
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B
(BGP daemon per
container host in our case, rather than "I need X number of BGP speakers;
schedule them somewhere"), I guess.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
signature.asc
Description: Digital signature
R + tunnel mode to the k8s pods
backing a given L4 service, with an HTTP reverse proxy layer (Kubernetes
ingress controllers) in the middle for HTTP/s services.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
signature.asc
Description: Digital signature
ven us any issues. Granted, it's very vanilla with a couple of
SVIs per switch and just basic IPv4 unicast and it's just a management
network, but it hasn't caused us any issues that I'm aware of.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also
it bound to a
loopback to run local healthchecks on the nodes and then have them yank the
service IP from the loopback on failing healthchecks in order to stop
exporting.
But, YMMV etc.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
On Thu 2018
This is generally in the context of routing-on-the-host setups. We're
using BIRD for that in a kubernetes deployment.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
On Thu 2018-Jun-14 13:05:58 -0600, Michael Crapse wrote:
I agree, i hope
table.
* The interface does not expect to receive a packet with this source
address prefix.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
signature.asc
Description: Digital signature
On Fri 2018-Apr-06 11:25:12 -0500, Kaiser, Erich <er...@gotfusion.net> wrote:
AS-stats works well for this and its free...
+1
Or see the other recent netflow tools thread[1] for inspiration.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on
re how this
applies to the thread originated by Russell.
* Use Kentik (or other netflow/visibility tools) to identify your top
traffic sources
* focus effort on those to work out if you can peer with them or get
caching appliances from them
* profit
--
Hugo Slabbert | email, xmpp/jab
re: Nation-level controls, the Sandvine report from Citizen Labs can add
some context and real world examples:
https://citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria/
Also discusses http vs. https things.
--
Hugo Slabbert | email
hnical/specifications-descriptions/controlling-arp-traffic-on-ams-ix-platform
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
signature.asc
Description: Digital signature
nt you can stick sflowtool in front of it to translate sFlow->netflow,
e.g. http://blog.sflow.com/2011/12/sflowtool.html.
* Solarwinds something something
* Different vendor toolkits
--
hugge
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also
ose are both related to _MACs_, though, rather than IPs.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
signature.asc
Description: Digital signature
t deal with their
idiosyncrasies on a daily basis, am I not better off than running a single
platform / code train in that function?
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
signature.asc
Description: Digital signature
more at the "initiative" stage than anything fully fledged,
afaict.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
[1]
https://about.att.com/content/dam/innovationblogdocs/att-routing-nos-open-architecture_FINAL%20whitepaper.pdf
On We
/
https://azure.github.io/SONiC/
http://opennetlinux.org/
https://github.com/facebook/fboss
Others that play in this space while not necessarily free:
http://www.pica8.com/products/picos
https://www.ipinfusion.com/products/ocnos/
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key
Largely from web searches, the price seemed to shake out around there.
This wasn't from wholesale / direct Edge-Core pricing.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
On Mon 2018-Jan-08 20:30:01 -0600, Colton Conor <colton
A slightly more pessimistic view:
https://hackernoon.com/ten-years-in-nobody-has-come-up-with-a-use-case-for-blockchain-ee98c180100
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
signature.asc
Description: Digital signature
>Where else can blockchain be used in networking?
Other uses notwithstanding, it should be good for inflating the share price of
any network vendor that adds "now with block chain!" somewhere into their
product portfolio.
/snark
--
Hugo Slabbert | email, xmpp/jabber: h...@sl
upport?
Thanks!
- bryan
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
signature.asc
Description: Digital signature
You've done this before[1] and you've been advised before[2][3] that
plugging charities is not appropriate for this list[4]. Plug it on Twitter
or Facebook or wherever else these things generally go.
At which point is this mod territory to deal with?
--
Hugo Slabbert | email, xmpp
Peer1 (AS13768), the other crosses
directly through peering with Google at the SIX.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
signature.asc
Description: Digital signature
the NICs.
Also, fun fact: 25G only made its way into the 802.3ad bonding mode driver
in the Linux kernel in March this year[1].
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
[1]https://git.kernel.org/pub/scm/linux/kernel/git/torvalds
g off-box, scp it,
and `copy start run` to load"?
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
On Fri 2017-Aug-11 00:18:39 -0700, Jippen <cheetahmo...@gmail.com> wrote:
To be honest, most companies I've worked at have moved to ama
lly I believe it's based on VyOS rather than Vyatta. Same base,
but just delineating that VyOS is open source and I don't believe AT
wields any control over it.
- Josh
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
On Jul 3, 2017 2:09 PM, &q
On Tue 2017-Jun-06 16:39:16 -0700, Hugo Slabbert <h...@slabnet.com> wrote:
On Tue 2017-Jun-06 17:43:46 -0400, Sami via NANOG <nanog@nanog.org> wrote:
Hello,
I have been searching for a solution that collects/duplicates NetFlow traffic
properly for a while but i couldn't find
at you ask: samplicate[3]
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
[1] http://pmacct.net/
[2] https://github.com/pmacct/pmacct
[3] https://github.com/sleinen/samplicator
signature.asc
Description: Digital signature
OVH has, apparently, swapped at least some of their ASR9Ks for NCS5508:
https://twitter.com/olesovhcom/status/86477185019909
What exact roles they're serving, though, I don't know.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
On May 16, 2017 3
-your-web-history/
?
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
gement tools
/r/networking may have more.
At the very least they should get you going without excessive setup time
while you eval whether they fit the bill or you want something more
integrated/comprehensive.
---
Roland Dobbins <rdobb...@arbor.net>
--
H
s like links down or ICMP unreachables)
- "fun" things like MTU issues resulting in some traffic getting through
but not all
- Are there redundant controllers? Can they get split-brained?
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on
efault/files/2_Tinka_21st_Century_iBGP_Route_Reflection.pdf
https://www.youtube.com/watch?v=wLEjOj2fyp8=PLO8DR5ZGla8hcpeEDSBNPE5OrZf70iXZg=21
Cheers,
James.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
signature.asc
Description: Digital signature
course this only works for planned reboots, not suprise reboots.
...or link failures.
Kind regards,
Job
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
signature.asc
Description: Digital signature
Had a set of Cisco ASR1004s running 15.4(3)S1 (on IOS-XE 03.13.01.S) all
restart at around midnight UTC, and all with `Last reload reason:
Watchdog`, with those boxes being at separate DCs in different regions.
I'm assuming when I call TAC I'll get a "whoops; sorry".
--
Hug
This started as a technical appeal, but:
https://www.nanog.org/list
1. Discussion will focus on Internet operational and technical issues as
described in the charter of NANOG.
...
6. Postings of political, philosophical, and legal nature are prohibited.
...
--
Hugo Slabbert | email
rewall has changed it's behaviour. Have anyone else
currently similar issues with communication to and from China?
We gave up on fighting the GFW and got dedicated links between NA and
locations in China. No complaints so far.
Thanks,
Patrick
--
Hugo Slabbert | email, xmpp/jab
If you're doing ECMP w/i the DC, PMTUD does come to mind, though:
https://blog.cloudflare.com/path-mtu-discovery-in-practice/
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
On Mon 2016-Dec-12 15:59:29 -0600, Theodore Baschak <th
side drops traffic from
the peer) or e.g. something catastrophic that causes the control plane to
go away without any last gasp to the peer.
Or is adding BFD into the mix in this type of setup getting into increasing
effort/complexity (an additional protocol) for dimishing returns?
--
Hugo
It's possible you might have wanted to read the link for the context that
pointed this out as sarcastic hyperbole, though the text as-is could
(unfortunately) have been read as serious.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
On Mon
? (FYI Bell, your
IPv6 Starter Kit linked from http://ipv6.bell.ca/ currently hits a 404.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
signature.asc
Description: Digital signature
hdown interfaces
This is Baldur's scenario. Barring both upstreams maintaining manual
filters that cover the touchdown networks handed to their mutual customers,
it seems either Mark's or John's suggestions could be potential solutions
here?
--
Hugo Slabbert | email
Backwards from what you want (sorted by provider rather than supported
"feature" e.g. RTBH), but:
http://onesc.net/communities/
fwiw
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
On Mon 2016-Sep-26 14:23:10 -0500, George S
is e-mail. https://jl.ly
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
signature.asc
Description: Digital signature
Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
signature.asc
Description: Digital signature
On Mon 2016-Sep-26 09:21:55 -0700, Hugo Slabbert <h...@slabnet.com> wrote:
On Mon 2016-Sep-26 11:15:11 -0500, Mike Hammett <na...@ics-il.net> wrote:
- Original Message -
From: "John Levine" <jo...@iecc.com>
To: nanog@nanog.org
Sent: Monday, September
e address to any IP I fancy and have
that packet successfully make its way through the SP's network.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B1
n by including rule generation to control
>>> broadcast address abuse.
>
>--
>Sent from my Android device with K-9 Mail. Please excuse my brevity.
--
Ken Chase - m...@sizone.org Toronto Canada
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
signature.asc
Description: Digital signature
hygiene and (b) saves from your transit bill
however may bps of BOGON-destined traffic you have.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
signature.asc
Description: Digital signature
es of various sizes of
networks in deploying the following:
1. Strict uRPF on customer-facing ports on edge networks
2. Source address filtering on upstream edge egress based on assigned
aggregates
3. Destination address filtering on upstream edge ingress based on
assigned aggregates
--
H
Please consider the environment before reading this e-mail. https://jl.ly
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
signature.asc
Description: PGP signature
On Fri 2016-Sep-23 17:29:59 -0400, Jared Mauch <ja...@puck.nether.net> wrote:
On Sep 23, 2016, at 5:24 PM, Hugo Slabbert <h...@slabnet.com> wrote:
Please tell me why I can't spoof source IPs on a stateless protocol like GRE.
If he specifically meant you can't spoof a
an't spoof source IPs on a stateless protocol like GRE.
If he specifically meant you can't spoof a source, hit a reflector, and gain
amplification, sure, but I see zero reason why GRE can't have spoofed source
IPs. It bothered me sufficiently that I wrote up some spit-balling ideas about
ref
http://x-arf.org/ ?
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
On September 22, 2016 5:31:12 AM PDT, Alexander Maassen <outsi...@scarynet.org>
wrote:
>Maybe its time then for a global accepted, unified way to send/repo
Lucy, you got some (*serious*) 'splainin to do...
http://research.dyn.com/2016/09/backconnects-suspicious-bgp-hijacks/
http://krebsonsecurity.com/2016/09/ddos-mitigation-firm-has-history-of-hijacks/
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also
So, to be blunt, I would cast this as their charging you NRC for manual
work because of their failure to automate this.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
On Thu 2016-Sep-15 15:09:33 -0400, Jason Lixfeld <jason+na...@lixfeld
ck in the future.
Bryant,
Who was the upstream provider?
3223 / VOXILITY
https://bgpstream.com/event/54711
scott
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
signature.asc
Description: Digital signature
On Mon 2016-Sep-12 14:07:47 -0400, Jean-Francois Mezei
<jfmezei_na...@vaxination.ca> wrote:
On 2016-09-11 16:54, Hugo Slabbert wrote:
Hopefully this is operational enough, though obviously leaning more towards the
policy side of things:
What does nanog think about a DDoS scrubber hij
olicy
decisions in my own network as vigilantism.
Solutions are hard. BGP filters should be in place. Maybe that's the
non-vigilante response. Force filters somehow.
However, this has all been discussed over and over here... ;-)
scott
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pg
per authorities.”
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
pgpnrhonJc0w1.pgp
Description: PGP signature
ss etc.
This was during time at a regional commercial ISP on business circuits.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
Thanks,
Jason
signature.asc
Description: Digital signature
in tooling and automation
that come along for the ride.
Mark.
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
signature.asc
Description: Digital signature
1 - 100 of 219 matches
Mail list logo