On Sun, Oct 1, 2017 at 1:05 AM, Ken Chase wrote:
> I don't quite understand the exact situation that causes the issue - our
> cogent facing router (quagga .99.22 debian) was receiving the route but
> that
> session stayed up - it was it while sending or the other igp router (also
> quagga .99.22)
On Sun, 1 Oct 2017, Hank Nussbacher wrote:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-1572
Quagga 0.99.11 and earlier affected.
Fixed in 2009.
It was fixed in other OSes as well after this, I presume:
http://blog.ipspace.net/2009/02/root-cause-analysis-oversized-as-paths.html
--
Mik
On 01/10/2017 04:28, Christopher Morrow wrote:
> On Sat, Sep 30, 2017 at 12:47 PM, Ken Chase wrote:
>
>> I dont see that as the solution. Someone else will offend again.
>>
>> However, I also don't see trusting major backbones as our filters (for many
>> other reasons). Our software should be hand
I don't quite understand the exact situation that causes the issue - our
cogent facing router (quagga .99.22 debian) was receiving the route but that
session stayed up - it was it while sending or the other igp router (also
quagga .99.22) receiving (I think the latter) that was crashing their sessi
On Sat, Sep 30, 2017 at 12:47 PM, Ken Chase wrote:
> I dont see that as the solution. Someone else will offend again.
>
> However, I also don't see trusting major backbones as our filters (for many
> other reasons). Our software should be handling what's effectively a
> buffer overflow
> or equiv
All,
Just to let people know via this list:
As of DNS-OARC 27 (where the change was done live) ISC's DLV Registry has
now been replaced with a signed empty zone (SOA/NS/A/TXT/DNSKEY/RRSIG),
which will be auto-re-signed with the same keys for the forseeable future.
The IP address for the old DLV
On Sat, Sep 30, 2017 at 6:34 PM, Ken Chase wrote:
> The quagga thread I read specifically indicates that some (most?) versions
> don't
> accept the {n,m} regexp repeat format. Thus the regexps as long as the
> path you want to filter... :/
>
Howdy,
If it was configured with --enable-pcreposix I
On Sat, 30 Sep 2017 at 15:33, William Herrin wrote:
> To the chucklehead who started announcing a 2200+ byte AS path yesterday
> around 18:27 EDT, I beg of you: STOP. You've triggered a bug in Quagga
> that's present in all versions released in the last decade. Your
> announcement causes routers
The quagga thread I read specifically indicates that some (most?) versions don't
accept the {n,m} regexp repeat format. Thus the regexps as long as the
path you want to filter... :/
..or upgrade.
/kc
On Sat, Sep 30, 2017 at 06:29:36PM -0400, William Herrin said:
>To the chucklehead who starte
To the chucklehead who started announcing a 2200+ byte AS path yesterday
around 18:27 EDT, I beg of you: STOP. You've triggered a bug in Quagga
that's present in all versions released in the last decade. Your
announcement causes routers based on Quagga to send a malformed update to
their neighbors,
On Sat, 30 Sep 2017, Sean Donelan wrote:
The first public statement I've seen from LibertyPR was yesterday. Their
network was completely down. They've restored some of their main
infrastructure, i.e. cable headends and main fiber connections.
100% of subscribers are out of service.
I've seen
On Sat, 30 Sep 2017, Phil Rosenthal wrote:
Has anyone heard anything about Liberty Cablevision / AS14638?
The first public statement I've seen from LibertyPR was yesterday. Their
network was completely down. They've restored some of their main
infrastructure, i.e. cable headends and main fibe
The Government of Puerto Rico has created a map of working cell sites in
puerto Rico. I'm not certain about the source of the information.
Cellular carriers usually object/refuse to release details about their
operations.
http://status.pr/Maps
The map shows most working cell sites are in metr
I dont see that as the solution. Someone else will offend again.
However, I also don't see trusting major backbones as our filters (for many
other reasons). Our software should be handling what's effectively a buffer
overflow
or equivalent (beware long paths that are actually shellcode).
Quagga
Talks about GSRs and Sup720's, but still relevant today.
https://www.nanog.org/meetings/nanog39/presentations/Scholl.pdf
-Dave
On Fri, Sep 29, 2017 at 11:05 AM, BRAD RAYMO wrote:
> Its up to you and how you want to manage your sessions. Some networks
> require it, some prefer it but do not requ
Maybe the next best path had, had 562 prepends? :)
On Sat, Sep 30, 2017 at 12:09 PM, wrote:
> > If you're on cogent, since 22:30 UTC yesterday or so this has been
> happening
> > (or happened).
>
> Still happening here. I count 562 prepends (563 * 262197) in the
> advertisement we receive from
> If you're on cogent, since 22:30 UTC yesterday or so this has been happening
> (or happened).
Still happening here. I count 562 prepends (563 * 262197) in the
advertisement we receive from Cogent. I see no good reason why we
should accept that many prepends.
Steinar Haug, Nethelp consulting, st
If you're on cogent, since 22:30 UTC yesterday or so this has been happening
(or happened).
*> 186.177.184.0/23 38.*.*.*45050 0 174 262206 262206
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197
262197 262197 262197 262197 262197 262197 262197 2621
The whole thing is a disgrace.
From: NANOG on behalf of Phil Rosenthal
Sent: Saturday, September 30, 2017 3:47 PM
To: Jean-Francois Mezei
Cc: nanog@nanog.org
Subject: Re: Hurricane Maria: Summary of communication status - and lack of
Has anyone heard anything
Has anyone heard anything about Liberty Cablevision / AS14638?
Our Netflow stats show a traffic drop to zero at the moment of landfall of
Maria, late on 9/19, and a continued flat line at zero until now. Almost 11
days without a single packet exchanged. This is (as far as I am aware), the #2
la
20 matches
Mail list logo
