Transparent dns rewriter inline on the network
On 2/12/10, Wilkinson, Alex wrote:
>
> 0n Sat, Feb 13, 2010 at 06:15:02AM +0800, Randy Bush wrote:
>
> >i just lost ten minutes debugging what i thought was a server problem
> >which turned out to be a dns trapper on the wireless in the c
>Whats a "dns trapper" ?
A "transparent" proxy that intercepts DNS requests and provides edited
results intended to improve your customer experience, typically
defined as returning A records for web servers full of advertisements
when you were expecting something else.
The unfortunate fact is tha
0n Sat, Feb 13, 2010 at 06:15:02AM +0800, Randy Bush wrote:
>i just lost ten minutes debugging what i thought was a server problem
>which turned out to be a dns trapper on the wireless in the changi sats
>lounge. this is not the first time i have been caught by this.
Whats a "d
On 2/12/2010 17:51, Rob Thomas wrote:
> Hi, Seth.
>
>> While I have your attention, I've noticed there's been a bit of
>> instability lately with the BGP sessions (in fact one of mine right now
>> is down). With 30 routes it's not a big deal to have frequent churn, but
>> if you're going to expand
Hi, Seth.
> While I have your attention, I've noticed there's been a bit of
> instability lately with the BGP sessions (in fact one of mine right now
> is down). With 30 routes it's not a big deal to have frequent churn, but
> if you're going to expand that to a larger feed then it could become a
Seth Mattinen wrote:
> On 2/12/2010 15:03, Steve Bertrand wrote:
>> What time frame do you determine to be instability? The following is
>> from a box that has ~25 neighbours. Since the box was reloaded (6w3d
>> ago), I've had the same uptime with the Team Cymru neighbours as I do
>> with internal
On 13/02/2010, at 2:03 PM, Seth Mattinen wrote:
> On 2/12/2010 15:03, Steve Bertrand wrote:
>>
>> What time frame do you determine to be instability? The following is
>> from a box that has ~25 neighbours. Since the box was reloaded (6w3d
>> ago), I've had the same uptime with the Team Cymru neig
On 2/12/2010 15:03, Steve Bertrand wrote:
>
> What time frame do you determine to be instability? The following is
> from a box that has ~25 neighbours. Since the box was reloaded (6w3d
> ago), I've had the same uptime with the Team Cymru neighbours as I do
> with internal gear. I can't say that I
On 13/02/2010, at 11:51 AM, Steve Bertrand wrote:
> fwiw, I've also heard good things about bgpd(8) and ospfd(8), but I
> haven't tried those either...zebra/Quagga just stuck.
OpenBGPd would be great for a public route server at an IX.
It's not so great for use in a network unless you run it on
On Fri, 12 Feb 2010 17:32:33 -0500
Jared Mauch wrote:
>
> On Feb 12, 2010, at 5:15 PM, Randy Bush wrote:
>
> > i just lost ten minutes debugging what i thought was a server
> > problem which turned out to be a dns trapper on the wireless in the
> > changi sats lounge. this is not the first tim
Jim Richardson wrote:
> On Fri, Feb 12, 2010 at 2:15 PM, Randy Bush wrote:
>> i just lost ten minutes debugging what i thought was a server problem
>> which turned out to be a dns trapper on the wireless in the changi sats
>> lounge. this is not the first time i have been caught by this.
>>
>> wh
There will be a presentation comparing BIRD with Quagga at NANOG week
after next in Austin. II believe it will be a part of the Route Servers
Track on Monday afternoon.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley L
http://www.uknof.org.uk/uknof15/
Has quite a few talk about Quagga/Bird as they are used as route servers in
Europe.
For a route server use, BGP under very high number of peers, it seems bird now
behave better than anything else.
so for "normal" use, it would seems that whatever you pick will wo
Jared Mauch wrote:
> On Feb 12, 2010, at 5:15 PM, Randy Bush wrote:
>
>> i just lost ten minutes debugging what i thought was a server problem
>> which turned out to be a dns trapper on the wireless in the changi sats
>> lounge. this is not the first time i have been caught by this.
>>
>> what ar
Seth Mattinen wrote:
> On 2/12/2010 13:47, Tim Wilde wrote:
>> On 2/12/2010 4:21 PM, Mr. James W. Laferriere wrote:
>>> I've a question for the CYMRU Team , My reasoning for posting here
>>> is to get a much wide knowledge base .
>>> Does or Is the 'Bogon Peering' Product(?) , Only at the
On 12/02/2010 21:21, Mr. James W. Laferriere wrote:
> ps:I am Very well aware that (so far) there is no standard format
> for returned requests from *whois daemons .
eh, what are you talking about?
If you want to prefix-filter your bgp feeds using RPSL objects, you can
pull the "fltr-bogons"
Fried, Jason (US - Hattiesburg) wrote:
> I was wondering what kind of experience the nanog userbase has had with these
> two packages.
Quagga++.
I've never tried the other.
I use Quagga for OSPF, OSPFv3 and BGP (IPv4 and IPv6). With a bit of
trickery, it fits in nicely with my RANCID setup, and
On Feb 12, 2010, at 3:17 PM, Joel Jaeggli wrote:
> BCP 38 is all fine and dandy, and you should implement it, but it's not
> going to stop the botnets.
Yup. Many have these devices they call "Routers" they buy locally that
translate spoofed addresses to some well-known outside "public" IP.
(T
I was wondering what kind of experience the nanog userbase has had with these
two packages.
Thanks
--
Jason Fried
This message (including any attachments) contains confidential information
intended for a specific individual and purpose, and is protected by law. If you
are not the intended re
On Fri, Feb 12, 2010 at 2:15 PM, Randy Bush wrote:
> i just lost ten minutes debugging what i thought was a server problem
> which turned out to be a dns trapper on the wireless in the changi sats
> lounge. this is not the first time i have been caught by this.
>
> what are other roaming folk doi
On Feb 12, 2010, at 5:15 PM, Randy Bush wrote:
> i just lost ten minutes debugging what i thought was a server problem
> which turned out to be a dns trapper on the wireless in the changi sats
> lounge. this is not the first time i have been caught by this.
>
> what are other roaming folk doing
>> "A journey of a thousand miles begins with a single step."
Absolutely true, but many folks from the technical side are sick tired
trying to talk to people that "hear" but do not "listen" and dealing
with others that have nothing else to contribute than their selfish
interests or the interests o
i just lost ten minutes debugging what i thought was a server problem
which turned out to be a dns trapper on the wireless in the changi sats
lounge. this is not the first time i have been caught by this.
what are other roaming folk doing about this?
randy
On 2/12/2010 13:47, Tim Wilde wrote:
> On 2/12/2010 4:21 PM, Mr. James W. Laferriere wrote:
>> I've a question for the CYMRU Team , My reasoning for posting here
>> is to get a much wide knowledge base .
>
>> Does or Is the 'Bogon Peering' Product(?) , Only at the IANA->RIR
>> allocation
This report has been generated at Fri Feb 12 21:11:25 2010 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org for a current version of this report.
Recent Table History
Date
BGP Update Report
Interval: 04-Feb-10 -to- 11-Feb-10 (7 days)
Observation Point: BGP Peering with AS131072
TOP 20 Unstable Origin AS
Rank ASNUpds % Upds/PfxAS-Name
1 - AS3300 188306 14.4%3552.9 -- BT-INFONET-EUROPE
BT-Infonet-Europe
2 - AS18170 8
> FreeBSD has supported polling for a long time (V6?) and interrupt
> coalescing since some release of V7. (Latest release is V8.)
exactly. and they kick ass
randy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2/12/2010 4:21 PM, Mr. James W. Laferriere wrote:
> I've a question for the CYMRU Team , My reasoning for posting here
> is to get a much wide knowledge base .
>
> Does or Is the 'Bogon Peering' Product(?) , Only at the IANA->RIR
> alloca
Current list of prefixes Cymru considers bogon:
http://www.cymru.com/Documents/bogon-bn-nonagg.txt
Does that answer the question?
-Jack Carrozzo
On Fri, Feb 12, 2010 at 4:21 PM, Mr. James W. Laferriere
wrote:
> Hello All ,
>
> On Fri, 12 Feb 2010, Bill Blackford wrote:
>>
>> On Fri, Feb
Hello All ,
On Fri, 12 Feb 2010, Bill Blackford wrote:
On Fri, Feb 12, 2010 at 12:51 PM, Thomas Magill
wrote:
In efforts to further protect us against threats I am considering
establishing Bogon peers to enable me to filter unallocated address
space. I am just wondering if this is a
Thanks to everyone who replied. That settles it! I'm going to do it.
-Original Message-
From: Jack Carrozzo [mailto:j...@crepinc.com]
Sent: Friday, February 12, 2010 1:14 PM
To: Steve Bertrand
Cc: Thomas Magill; nanog@nanog.org
Subject: Re: CYMRU Bogon Peering
I agree - quick setup and
I agree - quick setup and no issues. A++ Would Peer Again
-Jack Carrozzo
On Fri, Feb 12, 2010 at 4:10 PM, Steve Bertrand wrote:
> Thomas Magill wrote:
>> In efforts to further protect us against threats I am considering
>> establishing Bogon peers to enable me to filter unallocated address
>> sp
Thomas Magill wrote:
> In efforts to further protect us against threats I am considering
> establishing Bogon peers to enable me to filter unallocated address
> space. I am just wondering if this is a worthwhile step to take and if
> anyone has ran into any issues or points of concern that I may w
I've been doing this for some time on two routers injecting the null routes
into my AS. No issues. Beats the heck out of trying to use ACLs. However,
the prefix count is rapidly diminishing as more blocks are being released by
the various RIRs hence being pulled from the bogon list.
-b
On Fri, Fe
In efforts to further protect us against threats I am considering
establishing Bogon peers to enable me to filter unallocated address
space. I am just wondering if this is a worthwhile step to take and if
anyone has ran into any issues or points of concern that I may want to
take into account. Th
James Hess wrote:
> For now.. with 1gigabit residential connections, BCP 38 OUGHT to be
> Google's answer. If Google handles that properly, they _should_
> make it mandatory that all traffic from residential customers be
> filtered, in all cases, in order to only forward packets with
> t
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
Daily listings are sent to bgp-st...@lists.apnic.net
For historical data, please see http://thyme.apnic.net.
If you have any comments please contact Philip Smith .
Routing
I am capacity planning for 8-10K streams of video (150-300Kbps) through a Nexus
7000 or an EX 8200 pair. The same infrastructure will be carrying quite a few
audio minutes as well. Does someone have experience with either of these
platforms with this scale of audio/video ?
Looking for some prac
As secretary of the Internet Society's NY Chapter I'd like to back up
Chris's appeal. We are in a position of familiarity and consultation
with local government but definitely needful of the kind of technical
expertise so abundant in Nanog. We'd very much welcome fresh blood.
Steven - I believe yo
On Fri, Feb 12, 2010 at 7:11 AM, Florian Weimer wrote:
> * Scott Morris:
>
>> Florian Weimer wrote:
>>> * Scott Morris:
>>>
>>>
I'm trying really hard to find my "paranoia hat", and just to relieve
some boredom I read the entire bill to try to figure out where this was
all coming fr
* Scott Morris:
> Florian Weimer wrote:
>> * Scott Morris:
>>
>>
>>> I'm trying really hard to find my "paranoia hat", and just to relieve
>>> some boredom I read the entire bill to try to figure out where this was
>>> all coming from
>>>
>>> "(2) may declare a cybersecurity emergency and o
I'd second this. RT is a really nice ticketing system with great email
capabilities. Use nagios to send an email to an address you have RT
configured to receive, and you can even pipe that email address directly
into a specific ticket queue within RT.
-Original Message-
From: Jens Link [
A previous employer did something similar with Solarwind's ipMonitor and
Kayako eSupport.
Neither are open source, but at the time, the cost for each piece of
software was reasonable.
Jens Link wrote:
"Brandon Grant" writes:
Also, I am hoping to find a tool that can tie in with SNMP soft
"Brandon Grant" writes:
> Also, I am hoping to find a tool that can tie in with SNMP software so
> I can have tickets auto-generated for certain types of SNMP traps or
> polling failures.
Do it the other way round: Use something like Nagios, Zabbix or Icinga
for monitoring and if a fault is dete
Brandon Grant (brandon) writes:
> I am currently evaluating my options for an open source trouble ticket
> management system that is based on assets (the trouble ticket is opened
> on a particular server, network element, etc.).
Hi Brandon,
Maybe RT (already mentioned) could do th
Have you looked into any cmdb systems?
There are some good open source ones. Opencmdb.org I think.
Sent via BlackBerry from T-Mobile
On 12/02/2010 16:56, Brandon Grant wrote:
> I am currently evaluating my options for an open source trouble ticket
> management system that is based on assets (the trouble ticket is opened
> on a particular server, network element, etc.). Also, I am hoping to
> find a tool that can tie in with SNM
I am currently evaluating my options for an open source trouble ticket
management system that is based on assets (the trouble ticket is opened
on a particular server, network element, etc.). Also, I am hoping to
find a tool that can tie in with SNMP software so I can have tickets
auto-generated fo
Jack Carrozzo wrote:
> Lots of people roll FreeBSD with Quagga/pf/ipfw for dual stack. See
> the freebsd-isp list.
Raises hand. I do, on these boxes:
http://www.mikrotikrouter.net/
Steve
49 matches
Mail list logo
