Re: CGNAT growing pains

2024-10-13 Thread Curtis, Bruce via NANOG
> On Oct 10, 2024, at 3:16 PM, Andrew Peterson via NANOG > wrote: > > From what I've seen, rolling out dual-stack will take about 40% of your > traffic to native v6. YMMV of course. At our university we see between 50 and 60% IPv6 usage measured by inbound bandwidth. We have had IPv6 enabl

Re: Securing Greenfield Service Provider Clients

2020-10-11 Thread Curtis, Bruce via NANOG
would not stop) https://www.microsoft.com/security/blog/2019/11/26/insights-from-one-year-of-tracking-a-polymorphic-threat/ > > Thank you, > CJ > > > > > Get Outlook for iOS > From: Curtis, Bruce > Sent: Friday, October 9, 2020 5:23:45 PM > To: Christopher

Re: Securing Greenfield Service Provider Clients

2020-10-11 Thread Curtis, Bruce via NANOG
> Simple router ACLS are also good to shutdown back trafffic, take a hint from > Comcast > > https://www.xfinity.com/support/articles/list-of-blocked-ports > > > Regards, > CB > > > > > > Get Outlook for iO > > From: Curtis, Bruce > Sent: Frida

Re: Securing Greenfield Service Provider Clients

2020-10-09 Thread Curtis, Bruce via NANOG
If you search for this phrase During 2020 more than fifty percent of new malware campaigns will use various forms of encryption and obfuscation to conceal delivery, and to conceal ongoing communications, including data exfiltration. you will find lots of vendors of decryption have th

Re: syn flood attacks from NL-based netblocks

2019-08-16 Thread Curtis, Bruce
On Aug 16, 2019, at 5:04 PM, Jim Shankland mailto:na...@shankland.org>> wrote: Greetings, I'm seeing slow-motion (a few per second, per IP/port pair) syn flood attacks ostensibly originating from 3 NL-based IP blocks: 88.208.0.0/18 , 5.11.80.0/21, and 78.140.128.0/18 ("ostensibly" because ..

Re: SSL VPN

2019-06-14 Thread Curtis, Bruce
On Jun 13, 2019, at 1:32 PM, Randy Bush mailto:ra...@psg.com>> wrote: OpenVPN in pfSense? yep We run tons of these around the world. i only do 0.5kg wireguard, https://www.wireguard.com/, is simpler (always a good thing with security), and has had code looked at by some credible experts. r

Re: Apple devices spoofing default gateway?

2019-03-14 Thread Curtis, Bruce
We are running 8.5 and 1815s and I don’t think we are seeing this problem. We do have a very small number of 1810s and did see some strange behavior but it doesn’t seem to match this problem description. Is proxy arp disabled on the default gateway device? That could potentially interact stra

Re: Multicast traffic % in enterprise network ?

2018-08-09 Thread Curtis, Bruce
Multicast was also required for earlier versions of VXLAN. But later versions or VXLAN only require unicast. For the far future it seems like Named Data Neworking, Content Centric Networking, Information Centric Networking, Data Centric Networking etc all list multicast as a requirement or f

Re: Multicast traffic % in enterprise network ?

2018-08-08 Thread Curtis, Bruce
On Aug 8, 2018, at 3:29 PM, na...@jack.fr.eu.org wrote: I believe multicast is only used for IPTV There is at least one company that is using multicast for video switching, or in other words to replace HDMI switchers in rooms with video sources and displays.

Re: Catalyst 4500 listening on TCP 6154 on all interfaces

2018-05-07 Thread Curtis, Bruce
of IDS signatures, not a list of ports that Cisco devices listen on. I just skimmed the pages, I should have read them more thoroughly before sending to the list. On Mon, May 7, 2018 at 12:24 PM, Curtis, Bruce mailto:bruce.cur...@ndsu.edu>> wrote: Some Cisco devices use 6154 for ypxfrd.

Re: Catalyst 4500 listening on TCP 6154 on all interfaces

2018-05-07 Thread Curtis, Bruce
Some Cisco devices use 6154 for ypxfrd. 6154 ypxfrd Portmap Request (Info, Atomic*) Triggers when a request is made to the portmapper for the YP transfer daemon (ypxfrd) port. https://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfids.html https://www.cisco.

Re: pay.gov and IPv6

2014-03-18 Thread Curtis, Bruce
www.eda.gov has been broken since January. It has a record but when clients connect via IPv6 they see "Bad Request (Invalid Hostname)” rather than the web site. On Mar 17, 2014, at 1:43 PM, Matthew Kaufman wrote: > Random IPv6 complaint of the day: redirects from FCC.gov to pay.gov fai

Re: Automatic abuse reports

2013-11-13 Thread Curtis, Bruce
On Nov 12, 2013, at 3:58 PM, Jonas Björklund wrote: > Hello, > > We got often abuse reports on hosts that has been involved in DDOS attacks. > We contact the owner of the host help them fix the problem. > > I also would like to start send these abuse report to the ISP of the source. > > Are t

Re: IPTV and ASM

2011-12-29 Thread Curtis, Bruce
On Dec 28, 2011, at 10:55 PM, Antonio Querubin wrote: > On Wed, 28 Dec 2011, Marshall Eubanks wrote: > >> From what I understand, the answer is likely to be "yes" and the >> reason is likely to be "deployed equipment only >> supports IGMP v2." > > That and numerous clients which don't know anyt

Re: Current trends in capacity planning and oversubscription

2010-11-16 Thread Curtis, Bruce
On Nov 12, 2010, at 5:52 PM, Sean Donelan wrote: > On Wed, 10 Nov 2010, Curtis, Bruce wrote: >> If we take our current ISP bandwidth and increase it by 50% every >> year for 5 years it would be about twice the 100 Mbps per 1,000 >> students/staff recommendation. > &

Re: Current trends in capacity planning and oversubscription

2010-11-10 Thread Curtis, Bruce
On Nov 9, 2010, at 11:26 PM, Sean Donelan wrote: > While the answer is always it depends, I was wondering what the current > rules of thumb university network engineers are using for capacity > planning and oversubscription for resnets and admin networks? > > For K-12, SETDA (http://www.setda.