NANOG stream - projector screens

Hi, Just a minor comment - yesterday the projector screen appeared larger in the streamed picture (I think we only saw one screen?) and was readable. Today the view seems to have been made wider, and both screens appear brighter and smaller and no longer readable on the HD stream. Would be n

Re: NANOG stream - projector screens

Thanks for the note... we are making the adjustment. Betty Merit Network Inc. Merit/NANOG Project Manager - Original Message - From: "Tim Chown" To: nanog@nanog.org Sent: Tuesday, January 27, 2009 9:10:52 AM GMT -05:00 US/Canada Eastern Subject: NANOG stream - projector screens Hi,

Re: NANOG stream - projector screens

Wow that was fast - much better now and the HE presentation graph legends are even readable :) Thanks! Tim On Tue, Jan 27, 2009 at 09:13:32AM -0500, Betty Burke wrote: > Thanks for the note... we are making the adjustment. > > Betty > > > Merit Network Inc. > Merit/NANOG Project Manager > >

Re: NANOG stream - projector screens

On Tue, 27 Jan 2009, Tim Chown wrote: Wow that was fast - much better now and the HE presentation graph legends are even readable :) The presentations PDFs come up on the agenda page ahead of the presentation start (has been so today anyway)

Re: Tracking the DNS amplification attacks (was: isprime DOS in progress)

There's another new IP: 67.192.144.0 . Initially (around 2AM Pacific) the query rate was 1 per second, but is now down significantly. -- bk

Re: Tracking the DNS amplification attacks (was: isprime DOS in progress)

and just now it changed to 64.57.246.146. Interestingly, the IP changed within minutes of me posting to NANOG. -- bk On Jan 27, 2009, at 6:34 AM, Brian Keefer wrote: There's another new IP: 67.192.144.0 . Initially (around 2AM Pacific) the query rate was 1 per second, but is now down

DNS DDoS - New Hosts

As of 10:10am (EST) new hosts are now being targeted in the DDoS. Interestingly enough two of the ip addresses are in China. Attached is a file containing the geoip/whois and peering information for the targeted systems. ++-+ | host | count(host) | +

Re: Tracking the DNS amplification attacks (was: isprime DOS inprogress)

Today we have from 208.69.36.12, DNS 67.192.144.x divers of this networkes attakes - Original Message - From: "Brian Keefer" To: Sent: Tuesday, January 27, 2009 3:42 PM Subject: Re: Tracking the DNS amplification attacks (was: isprime DOS inprogress) and just now it changed to 6

[NANOG-announce] NANOG45 Survey

Please excuse the posting to NANOG, however given the large number of remote viewers we wanted all to be aware; the NANOG45 Survey is online. Please take a moment and complete http://www.surveymonkey.com/s.aspx?sm=xAI_2bhyaMaWjl2diOG8lBKQ_3d_3d For those on site, there are also some paper copi

Re: NANOG meeting video RTSP source for mobile devices

RTSP is back up, for those mobile or on a restrictive corporate network. rtsp://nanog.iristransport.net/nanog.sdp -Tk

out-of-band access bandwidth

Hi all, A quick question, what is the common bandwidth for out-of-band access? Thanks.

Re: out-of-band access bandwidth

On Tue, 27 Jan 2009, wingying wrote: : :Hi all, :A quick question, what is the common bandwidth for out-of-band access? :Thanks. That would depend on what your OOB uses for an interface (cli/gui), or what bandwidth you have to spare. Not necessarily in any given order. Overprovisioning allevia

RE: out-of-band access bandwidth

> Hi all, > A quick question, what is the common bandwidth for out-of-band access? > Thanks. > In the optical world it's often 192 Kb/sec. Mike PGP.sig Description: PGP signature

Re: out-of-band access bandwidth

--- wingy...@umich.edu wrote: A quick question, what is the common bandwidth for out-of-band access? -- I would say that varies. Size them based on needs and expected traffic levels. There is no common BW, but it would be small as compared to production li

RE: out-of-band access bandwidth

-Original Message- From: wingying [mailto:wingy...@umich.edu] Sent: Tuesday, January 27, 2009 1:54 PM To: nanog@nanog.org Cc: Xu (Simon) Chen Subject: out-of-band access bandwidth >Hi all, >A quick question, what is the common bandwidth for out-of-band access? >Thanks. Probably depend

Re: out-of-band access bandwidth

On Tue, 27 Jan 2009 13:54:10 -0500, wingying wrote: > A quick question, what is the common bandwidth for out-of-band access? > Thanks. Clearwire + POTS as a backup. --chuck

MPLS Backbone ASN Use - Best Practice?

Hi, I'm working with a team of engineers to build an IP MPLS backbone, with the intention of eventually offering MPLS VPN services (RFC 2547/4364). We have an existing IP transit backbone with an ASN already in use. Our plan is to leverage our existing infrastructure for both MPLS and IP transi

Re: out-of-band access bandwidth

Michael K. Smith - Adhost expunged (mksm...@adhost.com): > > Hi all, > > A quick question, what is the common bandwidth for out-of-band access? > > Thanks. > > > In the optical world it's often 192 Kb/sec. I think that was common circa late 90's, I've seen at least two optical providers that us

Tightened DNS security question re: DNS amplification attacks.

Given the recent DNS amplification attacks, I've audit and updated our authoritative servers. We are using 9.6.0-P1 now. I've been using the cyrmu templates, but one thing I see is that the dns queries to the . hint file are still occuring and are not being denied by our servers. For example: 27-J

Re: out-of-band access bandwidth

Many times I've used 9600 or 2400 baud over dail-up for OOB of routers. On the other hand some enterprises use a seperate 1Gbps Vlan for management. Again it depends on the type of traffic (i.e. snmp(traps), telnet, ssh, graphical, web, syslog, netflow etc..). For ssh/telnet without the need

Re: out-of-band access bandwidth

We used a 3rd party Frame Relay network for out of band access. On 27/1/09 19:37, "chuck goolsbee" wrote: > On Tue, 27 Jan 2009 13:54:10 -0500, wingying wrote: >> A quick question, what is the common bandwidth for out-of-band access? >> Thanks. > > Clearwire + POTS as a backup. > > --chuck >

Re: Tightened DNS security question re: DNS amplification attacks.

On Tue, Jan 27, 2009 at 03:04:19PM -0500, Matthew Huff wrote: > < ... snip ... > > dns queries to the . hint file > are still occuring and are not being denied by our servers. For example: > 27-Jan-2009 15:00:22.963 queries: client 64.57.246.146#64176: view > external-in: query: . IN NS + > < ... s

AfNOG 2009 - Call for Presentations

-- Call for Presentations -- The African Network Operators' Group (AfNOG) invites applications from people who wish to teach a tutorial, make a presentation, or chair a panel discussion at the 10th AfNOG meeting in Cairo, Egypt, in May 2009. We also invite

Re: Tightened DNS security question re: DNS amplification attacks.

Quoting Matthew Huff : Given the recent DNS amplification attacks, I've audit and updated our authoritative servers. We are using 9.6.0-P1 now. I've been using the cyrmu templates, but one thing I see is that the dns queries to the . hint file are still occuring and are not being denied by our s

Re: out-of-band access bandwidth

chuck goolsbee wrote: On Tue, 27 Jan 2009 13:54:10 -0500, wingying wrote: A quick question, what is the common bandwidth for out-of-band access? Thanks. Clearwire + POTS as a backup. POTS + CDMA cellular for me. There's a lot of ways to do it. It really depends on what you want to do, what

Re: out-of-band access bandwidth

And be careful.. It's easy to have simple local passwords, a dial-in modem and then get pwned.. Were I used to be, we had encrypted modems for POP dialin. -- Leigh Porter On 27/1/09 21:43, "Seth Mattinen" wrote: > chuck goolsbee wrote: >> On Tue, 27 Jan 2009 13:54:10 -0500, wingying wrote: >

APNIC offline

All, Is anyone else seeing www.apnic.net offline? I have tried from two locations and the website does not respond. whois is working as expected though. Manolo

Re: APNIC offline

manolo wrote: All, Is anyone else seeing www.apnic.net offline? I have tried from two locations and the website does not respond. whois is working as expected though. Manolo tis not online but i did sleep at a holiday inn last night

Re: APNIC offline

Tried from the US and AU, I can get to the box's IP, the webserver appears to be down though. Quoting manolo : All, Is anyone else seeing www.apnic.net offline? I have tried from two locations and the website does not respond. whois is working as expected though. Manolo

Re: APNIC offline

Website www.apnic.net is not accessable from my desktop, either. But it is responded with ping, so it may be the issue with specific application such as web server daemon? Alex manolo wrote: > All, > > Is anyone else seeing www.apnic.net offline? I have tried from two > locations and the websit

RE: APNIC offline

Back now, crisis avderted ...Skeeve -Original Message- From: Alex H. Ryu [mailto:r.hyuns...@ieee.org] Sent: Wednesday, 28 January 2009 9:07 AM To: manolo Cc: na...@merit.edu Subject: Re: APNIC offline Website www.apnic.net is not accessable from my desktop, either. But it is responded

Re: APNIC offline

http://downforeveryoneorjustme.com/www.apnic.net oy - 'just you, it's up for everone else' -Chris (it's a nice service, we should all use it) On Tue, Jan 27, 2009 at 5:07 PM, Alex H. Ryu wrote: > Website www.apnic.net is not accessable from my desktop, either. > > But it is responded with ping

Re: APNIC offline

Working now from here... (AU) On 28/01/2009, at 8:37 AM, Alex H. Ryu wrote: Website www.apnic.net is not accessable from my desktop, either. But it is responded with ping, so it may be the issue with specific application such as web server daemon? Alex manolo wrote: All, Is anyone else se

Re: out-of-band access bandwidth

Leigh Porter wrote: And be careful.. It's easy to have simple local passwords, a dial-in modem and then get pwned.. Were I used to be, we had encrypted modems for POP dialin. I have my POTS modem set up to accept PPP too so there's the option of being a little more secure than a plain text te

-48VDC equipment recommendations

Who does everyone like for -48VDC power systems nowadays (say in the 60A @48VDC and 6...@48vdc sizes). Something like you'd deploy in a POP or a 10-rack MMR with A&B. Management/no-management, not a big deal. Off-list is fine, and I'll be glad to summarize for the list. Thanks in advance,

Re: Tightened DNS security question re: DNS amplification attacks.

In message <200901272116.n0rlgija002...@ns1.konadogs.net>, Nate Itkin writes: > On Tue, Jan 27, 2009 at 03:04:19PM -0500, Matthew Huff wrote: > > < ... snip ... > > > dns queries to the . hint file > > are still occuring and are not being denied by our servers. For example: > > 27-Jan-2009 15:00:2

Contact at Eschelon/Integra to remove old swip

I've been trying unsuccessfully for years to get Eschelon/Integra to remove the swip for an old IP block. Last time I called some months ago I finally talked to someone who said they'd take care of it, but I looked today and it still says it's mine. The range in question is 66.224.163.0/24 and

Re: Contact at Eschelon/Integra to remove old swip

Replied in private to Seth. Randy Rooney On Tue, Jan 27, 2009 at 3:38 PM, Seth Mattinen wrote: > I've been trying unsuccessfully for years to get Eschelon/Integra to remove > the swip for an old IP block. Last time I called some months ago I finally > talked to someone who said they'd take care

Re: Tightened DNS security question re: DNS amplification attacks.

At 03:16 PM 1/27/2009, Nate Itkin wrote: On Tue, Jan 27, 2009 at 03:04:19PM -0500, Matthew Huff wrote: > < ... snip ... > > dns queries to the . hint file > are still occuring and are not being denied by our servers. For example: > 27-Jan-2009 15:00:22.963 queries: client 64.57.246.146#64176: vie

Re: Tightened DNS security question re: DNS amplification attacks.

In message <6.2.3.4.2.20090127162808.02d4a...@imap.ameslab.gov>, "Douglas C. St ephens" writes: > At 03:16 PM 1/27/2009, Nate Itkin wrote: > >On Tue, Jan 27, 2009 at 03:04:19PM -0500, Matthew Huff wrote: > > > < ... snip ... > > > > dns queries to the . hint file > > > are still occuring and are n

Re: out-of-band access bandwidth

1:54pm wingying said: A quick question, what is the common bandwidth for out-of-band access? If you administer the metro MPLS for a large city, apparently about "1,100...modems hidden away in locked filing cabinets in public buildings around the city." http://weblog.infoworld.com/venezia/ar

Re: Tightened DNS security question re: DNS amplification attacks.

Mark Andrews wrote: > In message <6.2.3.4.2.20090127162808.02d4a...@imap.ameslab.gov>, "Douglas C. > St > ephens" writes: >> At 03:16 PM 1/27/2009, Nate Itkin wrote: >>> On Tue, Jan 27, 2009 at 03:04:19PM -0500, Matthew Huff wrote: < ... snip ... > dns queries to the . hint file are

Re: Tightened DNS security question re: DNS amplification attacks.

On Wed, Jan 28, 2009 at 10:36:29AM +1100, Mark Andrews wrote: > < ... snip ... > > > deny udp host 64.57.246.146 neq 53 any eq 53 > > Which pre-supposes that 64.57.246.146 os not emitting queries of > its own. > BCP 140 looked at this problem and concluded that sending > REF

Re: Contact at Eschelon/Integra to remove old swip

Problem resolved. Thanks for the help! ~Seth

Re: Tightened DNS security question re: DNS amplification attacks.

Quoting John Martinez : Are we still seeing DNS DDoS attack? Yep. I'm seeing ~2 queries/sec targetting 64.57.246.146. Also seeing requests from 76.9.16.171 every 1 minute 2 seconds.

Re: Tightened DNS security question re: DNS amplification attacks.

On Wed, 28 Jan 2009, j...@miscreant.org wrote: Quoting John Martinez : Are we still seeing DNS DDoS attack? Yep. I'm seeing ~2 queries/sec targetting 64.57.246.146. Also seeing requests from 76.9.16.171 every 1 minute 2 seconds. I run a small personal nameserver and even I am seeing requ

Re: Tightened DNS security question re: DNS amplification attacks.

In message , Steve Pirk writes : > On Wed, 28 Jan 2009, j...@miscreant.org wrote: > > > Quoting John Martinez : > > > >> Are we still seeing DNS DDoS attack? > > > > Yep. I'm seeing ~2 queries/sec targetting 64.57.246.146. > > > > Also seeing requests from 76.9.16.171 every 1 minute 2 seconds. >

Re: Tightened DNS security question re: DNS amplification attacks.

"Douglas C. Stephens" writes: > ... > I choose the latter, and that is why went to the effort of blocking this > abusive traffic before it reaches my authoritative-only DNS servers. this is an odd implementation choice. the 1PPS query stream is still using your line even with this defense in pl

RE: Tightened DNS security question re: DNS amplification attacks. [SEC=UNCLASSIFIED]

I still see a few new ones each day, here is my current bind acl for blocking them: acl blacknet { 69.50.142.11/32; 66.230.160.1/32; 66.230.128.15/32; 76.9.16.171/32; 63.217.28.226/32; 206.71.158.30/32; 64.57.246.146/32; 67.192.144.0/32; }; These have all been seen in the last few days, verified

Re: Tightened DNS security question re: DNS amplification attacks.

On Jan 27, 2009, at 10:21 PM, Paul Vixie wrote: (looking for ". IN NS" as the q-tuple pattern is not a solution, since the bad guys can pretty trivially change the question they ask into one you're willing to answer.) Actually, ". IN NS" is a particularly useful thing for them to do,

RE: Tightened DNS security question re: DNS amplification attacks. [SEC=UNCLASSIFIED]

I'm checking just with a mix of tcpdump/pcap, bind logs and p0f. A bit overboard, but logging is fun. I haven't checked any dark hosts to see whether the attack repeatedly sends queries to IPs which have never given an answer or indication of any kind of life. Your monitoring will probably deter

Re: Tightened DNS security question re: DNS amplification attacks.

Once upon a time, David Andersen said: > Actually, ". IN NS" is a particularly useful thing for them to do, > because it's an almost globally guaranteed response that will get a > large response and be in cache. That's only true on servers that aren't well-configured. > ". IN NS", of course,