On 3/Aug/16 18:11, jim deleskie wrote:
> I struggled with this whole SDN/NVF/insert marketing term for a while at
> first, until I sat down and actually though about. When I strip away all
> the foo, what I'm left with is breaking things down to pieces and and
> putting logo blocks together in
Strange that they cannot send a BGP blackhole upstream to keep everyone
else online within their advertised route.
On 8/3/16 5:27 PM, Tony Wicks wrote:
Further to that, and I would suggest it should be part of the overall
discussion here. It appears the IPv4 IP block my VM is in is not current
Further to that, and I would suggest it should be part of the overall
discussion here. It appears the IPv4 IP block my VM is in is not currently
advertised on the world route table. I assume hostus.us's transit provider has
dropped their ipv4 BGP to save themselves. This is really the ultimate r
Interestingly my VM (LA) with them has been effectively down for half a day as
far as IPv4 is concerned. IPv6 traffic seems unaffected.
-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Robert Webb
Sent: Thursday, 4 August 2016 1:42 AM
To: NANOG list
Subjec
it's good that there aren't any easy solutions to this sort of problem...
wait... that's wrong, there are.
On Wed, Aug 3, 2016 at 12:04 PM, Robert Webb wrote:
> Thanks for that link. My host is sitting in Atlanta and I believe that
> Atlanta hosts their main infrastructure.
>
> I am seeing arou
On Wed, 03 Aug 2016 10:53:22 -0400, Alain Hebert said:
> Between you and me, if only Elbonia are left DDoSing at 100Gbps, we
> simply de-peer the commercial subnets from that country (leaving the
> govt subnets up obviously)
Explain why, for those of us who don't see it as obvious.
pgpYJVA
Back on topic about HostUS, I've been following a thread on LowEndTalk
where seemingly Alexander's been updating (
https://www.lowendtalk.com/discussion/comment/1791998/#Comment_1791998) -
seems like Atlanta and LA are still down ATM based on latest reports -
nearly 10 hours now.
Tks.
Regards,
Ne
I'd also be inclined toward quirky 9k internals. I believe a colleague of
mine troubleshot an issue with latency/slowness through some Nexus switches
(I can't recall if they were 9ks). After engaging TAC, they noticed that
"no ip redirects" was applied to the VLAN 1 SVI but none of the other SVIs.
I struggled with this whole SDN/NVF/insert marketing term for a while at
first, until I sat down and actually though about. When I strip away all
the foo, what I'm left with is breaking things down to pieces and and
putting logo blocks together in a way that best suits what I'm doing. It
is reall
We recently had a similar case and had to solve the problem by working with IO
and another provider outside of Level3. We got the same Level3 instruction to
install various community strings, and when that didn’t work their response was
basically “oh, well.” We have jury rigged a fix by trial an
Thanks for that link. My host is sitting in Atlanta and I believe that
Atlanta hosts their main infrastructure.
I am seeing around a 12 or 13 hour outage at this point.
Robert
On Wed, Aug 3, 2016 at 11:08 AM, Soon Keat Neo wrote:
> Back on topic about HostUS, I've been following a thread on Lo
As discussed a few months ago (maybe Christmas time?), Comcast is actively
suspending accounts involved in DNS amplification. Certainly on a network like
theirs, it's an internal issue as well.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://w
Stopping one vector that makes up the largest of DDoSes certainly isn't a bad
thing.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
- Original Message -
From: "James Bensley"
To: nanog@nanog.org
Sent: Wednesday
On Wednesday, August 3, 2016, Christopher Morrow
wrote:
> On Wed, Aug 3, 2016 at 10:40 AM, James Bensley > wrote:
>
> > How will
> > BCP save you then? Can everyone stop praising it like it was a some
> > magic bullet?
> >
>
> aren't you making a 'perfect is the enemy of good' argument here?
>
>
Doing BCP38 or blocking\shutting off known amplification vectors both require
effort and both accomplish the same thing. Of course doing both is best. :-)
One provider in "Elbonia" getting through is far more damaging to that provider
in Elbonia than the rest of the world, if they were the only
Well,
I didn't want to pollute nanog list with my BCP38 (or other
solutions) ranting, but come on:
[1] How can insuring source IP's, coming out your network, are part of
your advertised subnets pathetic and futile?
Don't you think if the source ip are traceable back to OVH actually,
On Wednesday, August 3, 2016, Alain Hebert wrote:
> Well,
>
> I'm sorry.
>
> That sound like the CloudFlare argument: You cannot fix the DDoSs
> at the source because Elbonia can do it. The only solution is to pay
> for protection.
>
>
No. I hate the idea of paying for protection fr
On Wed, Aug 3, 2016 at 10:40 AM, James Bensley wrote:
> How will
> BCP save you then? Can everyone stop praising it like it was a some
> magic bullet?
>
aren't you making a 'perfect is the enemy of good' argument here?
'seatbelts don't solve all car crash deaths, so let's just go mad-max!'
Well,
I'm sorry.
That sound like the CloudFlare argument: You cannot fix the DDoSs
at the source because Elbonia can do it. The only solution is to pay
for protection.
Between you and me, if only Elbonia are left DDoSing at 100Gbps, we
simply de-peer the commercial subnets from
On 3 August 2016 at 15:16, Alain Hebert wrote:
> PS:
>
> I will like to take this time to underline the lack of
> participation from a vast majority of ISPs into BCP38 and the like. We
> need to keep educating them at every occasion we have.
>
> For those that actually impleme
On Wednesday, August 3, 2016, Alain Hebert wrote:
> Well,
>
>
> Could it be related to the last 2 days DDoS of PokemonGO (which
> failed) and some other gaming sites (Blizzard and Steam)?
>
>
> And on the subject of CloudFlare, I'm sorry for that CloudFlare
> person that defended thei
Yeah, considering that I STILL haven’t managed to get anyone in their supposed
“Tier 3” group to call back on the open case is just completely baffling to me.
And with the Level 3 side, I’ve tried all sorts of different communities they
supposedly use only to find that other policies override h
Not sure if it is related to the PokemonGO or not. This started around
23:00 EDT last night per my monitoring.
Seems like a pretty big attack at 300Gbps and to also temporarily take a
down a Tier 1 POP in a major city.
I was interested as to if this might be a botnet or some type of reflection
at
Apologies to all as the hostname in my subject is incorrect.
It should be hostus.us...
On Wed, Aug 3, 2016 at 10:25 AM, Robert Webb wrote:
> Not sure if it is related to the PokemonGO or not. This started around
> 23:00 EDT last night per my monitoring.
>
> Seems like a pretty big attack at 3
On Wed, Aug 3, 2016 at 8:20 AM, Ca By wrote:
>
>
> On Wednesday, August 3, 2016, Randy Bush wrote:
>
>> > but, NFV isn't necessarily 'cloud'... It CAN BE taking purpose built
>> > appliance garbage that can't scale in a cost effective manner and
>> > replacing it with some software solution on '
Well,
Could it be related to the last 2 days DDoS of PokemonGO (which
failed) and some other gaming sites (Blizzard and Steam)?
And on the subject of CloudFlare, I'm sorry for that CloudFlare
person that defended their position earlier this week, but there may be
more hints (unverif
Anyone have any additonal info on a DDOS attack hitting host.us?
Woke up to no email this morning and the following from their web site:
*Following an extortion attempt, HostUS is currently experiencing sustained
large-scale DDOS attacks against a number of locations. The attacks were
measured
On Wednesday, August 3, 2016, Randy Bush wrote:
> > but, NFV isn't necessarily 'cloud'... It CAN BE taking purpose built
> > appliance garbage that can't scale in a cost effective manner and
> > replacing it with some software solution on 'many' commodity
> > unix-like-hosts that can scale horizo
> but, NFV isn't necessarily 'cloud'... It CAN BE taking purpose built
> appliance garbage that can't scale in a cost effective manner and
> replacing it with some software solution on 'many' commodity
> unix-like-hosts that can scale horizontally.
my main worry about nfv is when they need more fo
29 matches
Mail list logo
