On 3 Aug 2015, at 12:10, John Levine wrote:
Given how easy it still is to put a fake source address in an IP
packet, it seems optimistic to assume that just because the packets
all have the same return address, they're actually coming from the
same place.
Concur 100% - we see that from time t
>> DDoS = multiple IPs
>>
>> DoS = single IP
>
>It seems most people colloquially use DDoS for both, and reserve DoS for
>magic-packet blocking exploits like the latest BIND CVE, FYI.
Given how easy it still is to put a fake source address in an IP
packet, it seems optimistic to assume that just
3. Aug 2015 04:20 by valdis.kletni...@vt.edu:
On Mon, 03 Aug 2015 03:58:31 -, tqr2813d376cjozqa...@tutanota.com said:
>> > It seems most people colloquially use DDoS for both, and reserve DoS for
>> > magic-packet blocking exploits like the latest BIND CVE, FYI.
>> Then they are mistaken, unfo
On Mon, 03 Aug 2015 03:58:31 -, tqr2813d376cjozqa...@tutanota.com said:
> > It seems most people colloquially use DDoS for both, and reserve DoS for
> > magic-packet blocking exploits like the latest BIND CVE, FYI.
> Then they are mistaken, unfortunately.
Feel free to try to reclaim the old
On 3 Aug 2015, at 10:58, tqr2813d376cjozqa...@tutanota.com wrote:
Then they are mistaken, unfortunately.
Bring pedantic for its own sake, when there's little possibility of
confusion, isn't really constructive. Everyone, including you, knew
what he meant.
3. Aug 2015 03:54 by rdobb...@arbor.net:
> On 3 Aug 2015, at 6:16, > tqr2813d376cjozqa...@tutanota.com> wrote:
>
>> DDoS = multiple IPs
>>
>> DoS = single IP
>
> It seems most people colloquially use DDoS for both, and reserve DoS for
> magic-packet blocking exploits like the latest BIND CVE, F
On 3 Aug 2015, at 6:16, tqr2813d376cjozqa...@tutanota.com wrote:
DDoS = multiple IPs
DoS = single IP
It seems most people colloquially use DDoS for both, and reserve DoS for
magic-packet blocking exploits like the latest BIND CVE, FYI.
---
Roland Dobbins
On 3 Aug 2015, at 8:47, Christopher Morrow wrote:
oh .. maybe they really are all gone :)
People still run things long after EoS, heh.
A 6500 *with a Sup2T* is OK at the edge, for now - it has decent ASICs
which support critical edge features, unlike its predecessors. Myself,
I'd much rath
This guy seems to think so, and his arguments seem pretty convincing to me, but
I don't understand the financial system as well as I might.
yarchive.net/blog/computers/flash_crash.html
Gettys is namechecked in the piece.
Cheers,
-- jra
--
Sent from my Android phone with K-9 Mail. Please excuse
On Sun, Aug 2, 2015 at 9:46 PM, Christopher Morrow
wrote:
> On Sun, Aug 2, 2015 at 6:57 PM, Nick Hilliard wrote:
>> As anchors, I would be hard put to make a choice between a 6500 and a 7500,
>> which was a fine router in its day but alas only had a useful lifetime of a
>> small number of years.
On Sun, Aug 2, 2015 at 6:57 PM, Nick Hilliard wrote:
> As anchors, I would be hard put to make a choice between a 6500 and a 7500,
> which was a fine router in its day but alas only had a useful lifetime of a
> small number of years. Obsolescence happens.
isn't some of L3's edge still 7500's? I
Blackholing isn't what you want. That will still permit his source IP into your
network, and only blackhole replies from your network, so the attack will still
consume bandwidth. What you should request is a source IP ACL blocking that
address at your upstream' border.
BGP is no help in these s
Thanks Mel. You are not being difficult, I meant DoS. The network I inherited
doesn’t have BGP yet so I have asked our upstream to blackhole it and I emailed
abuse neither have happened yet. I do block it but that’s after it hits our
side.
//Jason
From: Mel Beckman mailto:m...@beckman.org>>
Just block it
--
Jason Hellenthal
JJH48-ARIN
On Aug 2, 2015, at 14:59, Jason LeBlanc wrote:
My company is being DDoS'd by a single IP from a GoDaddy customer.
I havent had success with the ab...@godaddy.com email. Was hoping someone
that could help might be watching the list and could con
Not to be difficult, but how can it be a DDoS attack if it’s coming from a
single IP? Normally you would just block this IP at your borders or ask your
upstreams to do so before it consumes your bandwidth. You still want to get
GoDaddy to address the problem, of course, but you should do that vi
2. Aug 2015 19:59 by jason.lebl...@infusionsoft.com:
> My company is being DDoS'd by a single IP from a GoDaddy customer.
>
DDoS = multiple IPs
DoS = single IP
My company is being DDoS'd by a single IP from a GoDaddy customer.
I havent had success with the ab...@godaddy.com email. Was hoping someone
that could help might be watching the list and could contact me off-list.
//Jason
On 02/08/2015 23:30, Randy Bush wrote:
> otoh, i did not believe in the fad of using 65xxs at the bgp global
> edge. while it was temporarily cheap, two years later not a lot of folk
> had that many boats which needed anchoring.
A juniper EX9200 is a switch and a cisco sup2t box is a router. The
>> so it is heavily routed using L3 on the core 'switches'? makes a lot
>> of sense.
> Lots of switches will happily forward layer 3 packets.
and a lot of so-called switches will happily *route* at L3, which is i
think the point. in this case, heavily subnetting a LAN, it makes a lot
of sense.
On Sun, Aug 2, 2015 at 4:59 PM, Randy Bush wrote:
> josh,
>
> thanks for the more technical scoop. now i get it a bit better.
>
>> We also re-designed the LAN back in 2011 to break up the giant single
>> broadcast domain down to a subnet per table switch.
>
> so it is heavily routed using L3 on t
On 02/08/2015 22:59, Randy Bush wrote:
> so it is heavily routed using L3 on the core 'switches'? makes a lot of
> sense.
Lots of switches will happily forward layer 3 packets.
Nick
josh,
thanks for the more technical scoop. now i get it a bit better.
> We also re-designed the LAN back in 2011 to break up the giant single
> broadcast domain down to a subnet per table switch.
so it is heavily routed using L3 on the core 'switches'? makes a lot of
sense.
randy
Not that often you see a bunch of people talking about a video you're
in, especially so on NANOG. So here goes.
BYOC is around 2700 seats. Total attendance was around 11,000.
2Gbps has been saturated at some point every year we have had it.
Additional bandwidth is definitely a serious considerati
An article in VARGuy said they'd booked 40 Tb/s of capacity from Akamai,
Limelight, and four or five other CDNs that I did not recognize by name.
I presume each machine will have to contact at least one machine at
microsoft.com to confirm signatures on downloaded packages, et alia.
- jra
On Ju
- Tell user that they're nearly out of storage. Specify how much they've used
and how much they have total. Perhaps include a percentage
- Mention that they could delete email that isn't needed to recover space.
- (optional but nice) Show the subject and sender of the biggest
messages
- (optional
I think the body text of the message should identify it as coming from the
Bright House email system? I think it should be written in standard USAdian
English, which that is decidedly not.
Or perhaps the problem is that that subject line was supposed to be
parameterized, and the number of bytes
What do you think their message should say? We struggled over this, too, and
settled on some soft language, included information on how to purchase more
storage, and also provided our email address and phone numbers.
Frank
-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org]
Any brighthouse email admins on the list? My sister got the following high
water warning message, with the included headers which, since they appear to
include no Received: headers, look like they actually came from brighthouse's
email cluster.
If this is a real Bright House warning message, s
On 2 Aug 2015, at 23:49, Mike Hammett wrote:
If the core of the mission is local LAN play and your Internet
connection fills up
You're assuming the DDoS attack originates from outside the local
network(s). I was curious as to whether they'd seen any *internal* DDoS
attacks.
And again, ext
It most certainly does. If the core of the mission is local LAN play and your
Internet connection fills up who gives a shit? The games play on. If your
500 megabit corporate connection gets a 20 terabit DDoS, your RDP session to
the finance department will continue to hum along just fine.
On Sun, 2 Aug 2015, Dave Pooser wrote:
I wonder if that would be a reason for the relatively anemic 1Gb
Internet pipe-- making sure that a DDoS couldn't push enough packets
through to inconvenience the LAN party.
I was involved in delivering 1GigE to Dreamhack in 2001 which at the time
(if I
On 2 Aug 2015, at 22:56, Alistair Mackenzie wrote:
I would assume this would a start to the problem if your attacks were
volumetric.
In a world of 430gb/sec reflection/amplification DDoS attacks, not
really.
;>
Just increasing bandwidth has never been a viable DDoS defense tactic,
due to
On 2 Aug 2015, at 22:56, Mike Hammett wrote:
It's completely reasonable when the world at large is only secondary
to the local, on-net operations.
It has nothing to do with DDoS.
---
Roland Dobbins
I recently wrapped up a 1300 players with gigabit connections where we
had a single 5gig link. We never saturated the link and peaked at
3.92Gbps for a new minutes. Bandwidth usage peaks on the first day and
settles down after that (the event was during an entire weekend starting
on friday). If
It's completely reasonable when the world at large is only secondary to the
local, on-net operations.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest Internet Exchange
http://www.midwest-ix.com
- Original Message -
From: "Roland Dobbins"
While increasing bandwidth to the endpoint isn't viable wouldn't increasing
the edge bandwidth out to the ISP be a start in the right direction?
I would assume this would a start to the problem if your attacks were
volumetric.
Once the bandwidth is there you can look at mitigation before it reach
On 2 Aug 2015, at 22:44, Dave Pooser wrote:
I wonder if that would be a reason for the relatively anemic 1Gb
Internet
pipe-- making sure that a DDoS couldn't push enough packets through to
inconvenience the LAN party.
While increasing bandwidth is not a viable DDoS defense tactic,
decreasin
>>any security protections so competitors can't kill off their
>> competition?)
>
>It would be interesting to learn whether they saw any DDoS attacks or
>cheating attempts during competitive play, or even casual
>non-competitive play amongst attendees.
I wonder if that would be a reason for the re
On 2 Aug 2015, at 22:32, Christopher Morrow wrote:
any security protections so competitors can't kill off their
competition?)
It would be interesting to learn whether they saw any DDoS attacks or
cheating attempts during competitive play, or even casual
non-competitive play amongst attendees
On Sun, Aug 2, 2015 at 7:56 AM, Niels Bakker wrote:
> I guess a tale of punching 300-odd patchpanels is not that captivating to
> everybody out there.
I find this hard to believe.
:)
I was hoping for more 'how the network is built' (flat? segmented? any
security protections so competitors can't
On 01.08.2015 21:27, Sean Donelan wrote:
What Powers Quakecon | Network Operations Center Tour
https://www.youtube.com/watch?v=mOv62lBdlXU
Cool stuff!
For reference here are the blog for the tech-crew at the worlds second
largest LAN-party, The Gathering:
http://technical.gathering.org/
A fe
On Sun, 2 Aug 2015, Niels Bakker wrote:
Also, 2 Gbps for 4,400 people? Pretty lackluster compared to European
events. 30C3 had 100 Gbps to the conference building. And no NAT: every
host got real IP addresses (IPv4 + IPv6).
Quakecon is essentially a giant LAN party. Bring Your Own Computer
Steam moved to http streaming few years ago for exact that reason
> On 2 авг. 2015 г., at 4:51, Steven Miano wrote:
>
> historically steam/game downloads are not
> cahce'able
* ra...@psg.com (Randy Bush) [Sun 02 Aug 2015, 13:37 CEST]:
ietf, >1k people, easily fits in 10g, but tries to have two for
redundancy. also no nat, no firewall, and even ipv6. but absorbing
or combatting scans and other attacks cause complexity one would
prefer to avoid. in praha, there was
> Also, 2 Gbps for 4,400 people? Pretty lackluster compared to European
> events. 30C3 had 100 Gbps to the conference building. And no NAT:
> every host got real IP addresses (IPv4 + IPv6).
ietf, >1k people, easily fits in 10g, but tries to have two for
redundancy. also no nat, no firewall, an
On 1/Aug/15 18:34, marco da pieve wrote:
> Hi Shane,
> for the boxes that are currently installed in the network, this is not a
> valid option (politically/commercially speaking).
Well, Cisco, Juniper and ALU are shipping carrier-grade OS's that will
run on a server in a VM.
Brocade is also kno
On 1/Aug/15 17:38, marco da pieve wrote:
> Hi all,
> this is my first time in asking for advices here and I hope not to bother
> you with this topic (if it has been already covered in the past, would you
> please please point me to that discussion?).
>
> Anyway, I need to decide whether to go for
* mian...@gmail.com (Steven Miano) [Sun 02 Aug 2015, 03:52 CEST]:
It would have been more interesting to see:
-- a network weather map
-- the ELK implementation
-- actual cache statistics (historically steam/game downloads are not
cahce'able)
Not quite true according to
http://blog.multiplay.
48 matches
Mail list logo
