On Jan 24, 2009, at 1:34 PM, Jack Bates wrote:
Now I have fun trying to explain towards upstream management why a
good security team and policy is important in anyone we purchase
transit from.
Apart from commercial DDoS mitigation services, how many folks have
SLAs which specify DoS-rela
David Conrad wrote:
Sad fact is that there are zillions of excuses. Unfortunately I suspect
the only way we're going to make any progress on this will be for laws
to be passed (or lawsuits to be filed) that impose a financial penalty
on ISPs through which these attacks propagate.
Careful wha
On Jan 23, 2009, at 10:06 PM, David Conrad wrote:
Sad fact is that there are zillions of excuses. Unfortunately I
suspect the only way we're going to make any progress on this will
be for laws to be passed (or lawsuits to be filed) that impose a
financial penalty on ISPs through which t
On Jan 23, 2009, at 8:53 PM, Danny McPherson wrote:
You missed one.. Step 4: enable BCP 38 or similar
ingress source address spoofing mitigation mechanism
on all customer ingress interfaces
...
No more excuses, people..
Sad fact is that there are zillions of excuses. Unfortunately I
suspect
On Jan 23, 2009, at 9:10 PM, Christopher Morrow wrote:
On Fri, Jan 23, 2009 at 10:31 PM, wrote:
On Fri, 23 Jan 2009 18:33:14 PST, Seth Mattinen said:
Back to my original question: is there really not a better solution?
Well, we *could* hunt down the perpetrators, pool some $$, and hire
On Fri, Jan 23, 2009 at 10:31 PM, wrote:
> On Fri, 23 Jan 2009 18:33:14 PST, Seth Mattinen said:
>
>> Back to my original question: is there really not a better solution?
>
> Well, we *could* hunt down the perpetrators, pool some $$, and hire 3 or 4
> baseball-bat wielding professional explainers
On Fri, Jan 23, 2009 at 2:55 PM, David Ulevitch wrote:
>
> Is there anyone here who can provide an update to the ISPs and SPs on this
> list? NetSol still (amazingly) manages to do DNS for a few hundred thousand
> domains...
>
> -David
>
I'm counting a whole lot more than that.
I see 1.9 _milli
What's interesting in all of this is that ISPrime has been experiencing this
for most of this week, yet not them or any of us has shared a network that is
sourcing this traffic.
I know I haven't bothered asking my upstream provider which backbone provider
is sending them the "ISPrime" traffic,
On Jan 23, 2009, at 10:31 PM, valdis.kletni...@vt.edu wrote:
On Fri, 23 Jan 2009 18:33:14 PST, Seth Mattinen said:
Back to my original question: is there really not a better solution?
Well, we *could* hunt down the perpetrators, pool some $$, and hire
3 or 4
baseball-bat wielding professi
On 1/23/09, Seth Mattinen wrote:
>
> Jeffrey Lyon wrote:
>
>> I respectfully disagree. Network engineers have to keep up with many
>> tasks and preventing DoS/DDoS should be the responsibility of
>> everyone. I see more folks worried about spam than they are actual
>> security.
>>
>>
> Back to my
On Fri, 23 Jan 2009 18:33:14 PST, Seth Mattinen said:
> Back to my original question: is there really not a better solution?
Well, we *could* hunt down the perpetrators, pool some $$, and hire 3 or 4
baseball-bat wielding professional explainers to go explain our position to
them. Figuring out h
Jeffrey Lyon wrote:
I respectfully disagree. Network engineers have to keep up with many
tasks and preventing DoS/DDoS should be the responsibility of
everyone. I see more folks worried about spam than they are actual
security.
Back to my original question: is there really not a better solutio
On Fri, 23 Jan 2009, Jeffrey Lyon wrote:
I respectfully disagree. Network engineers have to keep up with many
tasks and preventing DoS/DDoS should be the responsibility of
everyone. I see more folks worried about spam than they are actual
security.
Because non of us wantsto spend the next two d
I respectfully disagree. Network engineers have to keep up with many
tasks and preventing DoS/DDoS should be the responsibility of
everyone. I see more folks worried about spam than they are actual
security.
My two cents.
--
Jeffrey Lyon, Leadership Team
jeffrey.l...@blacklotus.net | http://www.
Noel Butler wrote:
On Sat, 2009-01-24 at 07:21, Chris McDonald wrote:
We [AS3491] null0'd the IP earlier. Rest-of-world encouraged to do the same :/
Wrong approach, they are *innocent* in this as are the new targets.
insert into your favourite acl:
deny udp host 66.230.160.1 neq 53 any e
On Sat, 2009-01-24 at 07:21, Chris McDonald wrote:
> We [AS3491] null0'd the IP earlier. Rest-of-world encouraged to do the same
> :/
>
Wrong approach, they are *innocent* in this as are the new targets.
insert into your favourite acl:
deny udp host 66.230.160.1 neq 53 any eq 53
deny udp ho
Is anyone else seeing routing instability from Time Warner Telecom? We
were seeing enough route-flap to upset a lightly loaded sup720-3bxl. I've
enabled dampening, which we don't normally use these days, and am
considering shutting the session.
---
In message <9a251497-e94c-4693-8e89-3fd3acf6d...@stupendous.net>, Nathan Ollere
nshaw writes:
> On 24/01/2009, at 6:46 AM, Steven Lisson wrote:
>
> > Hi,
> >
> > I agree with seeing no traffic to/from 66.230.128.15 but am still
> > seeing flows 'from' 66.230.160.1
> >
> > Regards,
> > Steve
>
On 24/01/2009, at 6:46 AM, Steven Lisson wrote:
Hi,
I agree with seeing no traffic to/from 66.230.128.15 but am still
seeing flows 'from' 66.230.160.1
Regards,
Steve
Hi Steve,
There is at least an iptables rule you can use to drop this specific
query, assuming your nameservers run linu
On Jan 23, 2009, at 12:20 PM, Luke Sheldrick wrote:
Looks to me like the target has moved, anyone else seeing similar?
Jan 23 20:19:08 LND02 named[9611]: client 63.217.28.226#39489: view
external: query (cache) './NS/IN' denied
Jan 23 20:19:09 LND02 named[9611]: client 63.217.28.226#20558: vie
We [AS3491] null0'd the IP earlier. Rest-of-world encouraged to do the same :/
On Fri, Jan 23, 2009 at 3:20 PM, Luke Sheldrick wrote:
>
> Looks to me like the target has moved, anyone else seeing similar?
>
> Jan 23 20:19:08 LND02 named[9611]: client 63.217.28.226#39489: view
> external: qu
On Fri, 23 Jan 2009, David Ulevitch wrote:
> Does anyone have any contact at NetSol / WorldNIC?
Yes.
> Their nameservers (all hundred+ of them) have been down or severely
> degraded in service over the last 48 hours.
Yes, they're very well aware of it. They've been under very
Does anyone have any contact at NetSol / WorldNIC?
Their nameservers (all hundred+ of them) have been down or severely
degraded in service over the last 48 hours. TTLs are starting to expire
and the only evidence we've found that NETSOL is aware is this thread:
http://forums.networksolutions
Looks to me like the target has moved, anyone else seeing similar?
Jan 23 20:19:08 LND02 named[9611]: client 63.217.28.226#39489: view
external: query (cache) './NS/IN' denied
Jan 23 20:19:09 LND02 named[9611]: client 63.217.28.226#20558: view
external: query (cache) './NS/IN' denied
Jan 23 20:19:
On 2009-01-23, at 14:46, Steven Lisson wrote:
I agree with seeing no traffic to/from 66.230.128.15 but am still
seeing flows 'from' 66.230.160.1
Are they responses to queries? Or are they queries directed at servers
in your network? The latter are to be expected, I think.
Joe
Hi,
I agree with seeing no traffic to/from 66.230.128.15 but am still seeing flows
'from' 66.230.160.1
Regards,
Steve
-Original Message-
From: Phil Rosenthal [mailto:p...@isprime.com]
Sent: Saturday, 24 January 2009 4:12 AM
To: nanog@nanog.org
Subject: Re: isprime DOS in progress
Just
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
Daily listings are sent to bgp-st...@lists.apnic.net
For historical data, please see http://thyme.apnic.net.
If you have any comments please contact Philip Smith .
Routing
Just a friendly notice, the attack against 66.230.128.15/66.230.160.1
seems to have stopped for now.
-Phil
On Jan 22, 2009, at 6:01 AM, Bjørn Mork wrote:
Graeme Fowler writes:
I've been seeing a lot of noise from the latter two addresses after
switching on query logging (and finishing an a
2009/1/22 Ralph E. Whitmore, III :
> They appear to have vaporized from the face of the internet.
>
> Ralph
>
>
>
Ralf
when bad in June.ya must have been having a long sleep.
--
Martin Hepworth
Oxford, UK
29 matches
Mail list logo
