Re: Over a decade of DDOS--any progress yet?

actually, botnets are an artifact. claiming that the tool is the problem might be a bit short sighted. with the evolution of Internet technologies (IoT) i suspect botnet-like structures to become much more prevelent and useful for things other than coordinated attacks. just another PoV.

Re: Over a decade of DDOS--any progress yet?

On Dec 8, 2010, at 5:58 PM, wrote: > actually, botnets are an artifact. claiming that the tool is the problem > might be a bit short sighted. with the evolution of Internet technologies > (IoT) i suspect botnet-like structures to become much more prevelent and > useful for things other than

Re: Over a decade of DDOS--any progress yet?

One big problem (IMHO) of DDoS is that sources (the host of botnets) may be completely unaware that they are part of a DDoS. I do not mean the bot machine, I mean the ISP connecting those. In the other hand the target of a DDoS cannot do anything to stop to attack besides addin

Re: Over a decade of DDOS--any progress yet?

On Dec 8, 2010, at 7:28 PM, Arturo Servin wrote: > One big problem (IMHO) of DDoS is that sources (the host of botnets) > may be completely unaware that they are part of a DDoS. I do not mean the bot > machine, I mean the ISP connecting those. The technology exists to detect and classify

Re: Over a decade of DDOS--any progress yet?

A very common action is to blackhole ddos traffic upstream by sending a bgp route to the next AS with a preestablished community indicating the traffic must be sent to Null0. The route may be very specific, in order to impact as less as possible. This needs previous coordination between provide

RE: Over a decade of DDOS--any progress yet?

Yes, but this obviously completes the 'DDoS attack' and sends the signal that the bully will win. -Drew -Original Message- From: alvaro.sanc...@adinet.com.uy [mailto:alvaro.sanc...@adinet.com.uy] Sent: Wednesday, December 08, 2010 8:46 AM To: rdobb...@arbor.net; North American Operator

Re: Over a decade of DDOS--any progress yet?

+1 On Wed, Dec 8, 2010 at 10:30 AM, Drew Weaver wrote: > Yes, but this obviously completes the 'DDoS attack' and sends the signal that > the bully will win. > > -Drew > > > -Original Message- > From: alvaro.sanc...@adinet.com.uy [mailto:alvaro.sanc...@adinet.com.uy] > Sent: Wednesday, De

Re: Over a decade of DDOS--any progress yet?

On 6 Dec 2010, at 15:34, David Ulevitch wrote: > On Mon, Dec 6, 2010 at 6:10 AM, Patrick W. Gilmore wrote: >> On Dec 6, 2010, at 4:07 AM, Jonas Frey (Probe Networks) wrote: >> >>> Besides having *alot* of bandwidth theres not really much you can do to >>> mitigate. Once you have the bandwidth yo

Re: Over a decade of DDOS--any progress yet?

On Dec 8, 2010, at 10:04 PM, Thomas Mangin wrote: > So IIMHO the best way is still a good router with some basic QOS to protect > BGP on the link. iACLs and GTSM are your friends. ;> --- Roland Dobbins //

Re: Over a decade of DDOS--any progress yet?

A less common action is to use flowspec (if you have some Juniper gear) to drop only the attack and hopefully not any legitimate traffic. What is really missing atm is a way to filter flowspec announcements (limit the number and make sure they are for routes the peer is announcing). Until this is

Re: Over a decade of DDOS--any progress yet?

On Dec 8, 2010, at 10:10 PM, Thomas Mangin wrote: > Until this is sorted I believe flowspec will be a marginal solution. We're seeing a significant uptick in flowspec interest, actually, and S/RTBH has been around for ages. -

Re: Over a decade of DDOS--any progress yet?

On 8 Dec 2010, at 13:12, nanog-requ...@nanog.org wrote: > Date: Wed, 8 Dec 2010 12:53:51 + > From: "Dobbins, Roland" > Subject: Re: Over a decade of DDOS--any progress yet? > To: North American Operators' Group > Message-ID: > Content-Type: text/plain; charset="us-ascii" > > > On Dec 8,

Re: Over a decade of DDOS--any progress yet?

On 8 Dec 2010, at 15:12, Dobbins, Roland wrote: > > On Dec 8, 2010, at 10:10 PM, Thomas Mangin wrote: > >> Until this is sorted I believe flowspec will be a marginal solution. > > We're seeing a significant uptick in flowspec interest, actually, and S/RTBH > has been around for ages. Great to

Re: Over a decade of DDOS--any progress yet?

On Dec 8, 2010, at 10:33 PM, Arturo Servin wrote: > If you have an URL would be good. You may wish to do a bit more research on the topic of DDoS in general, as the state of the art in detection/classification/traceback/mitigation is considerably advanced beyond what you've described.

Re: Over a decade of DDOS--any progress yet?

We have seen a recent trend of attackers "legitimately" purchasing servers to use for attacks. They'll setup a front company, attempt to make the traffic look legitimate, and then launch attacks from their "legitimate" botnet. Jeff On Wed, Dec 8, 2010 at 10:33 AM, Arturo Servin wrote: > > On 8 D

Re: Over a decade of DDOS--any progress yet?

On Dec 8, 2010, at 10:36 PM, Thomas Mangin wrote: > If you are a smaller network, you need the filtering to be performed by your > transit provider, as your uplink will otherwise be congested. Actually, most DDoS attacks aren't link-flooding attacks - this hasn't been true for the last ~7 year

Re: Over a decade of DDOS--any progress yet?

On 08/12/10 4:28 AM, Arturo Servin wrote: One big problem (IMHO) of DDoS is that sources (the host of botnets) may be completely unaware that they are part of a DDoS. I do not mean the bot machine, I mean the ISP connecting those. ISPs are not the source. The source is Microsoft. T

Re: Over a decade of DDOS--any progress yet?

And those are much more complex to detect than SYN attacks or simple flood attacks with ICMP. But even for simple flood attacks, I still think that the target has very few defence mechanisms, and those that exists require a complex coordination with upstreams. Cheers, .as On

Re: Over a decade of DDOS--any progress yet?

On Dec 8, 2010, at 10:47 PM, Arturo Servin wrote: > But even for simple flood attacks, I still think that the target has > very few defence mechanisms, and those that exists require a complex > coordination with upstreams. This is demonstrably incorrect. ---

Re: Over a decade of DDOS--any progress yet?

On 12/8/2010 9:43 AM, JC Dill wrote: Why isn't ANYONE going after Microsoft over this? If Microsoft were held accountable for the spam and DDOSs that spew from their crappy software, they would find a way to stop the problem. I've raised this issue before, IMHO Windows OSs are "attractive nuisanc

RE: Over a decade of DDOS--any progress yet?

The most common attacks that I have seen over the last 12 months, and let's say I have seen a fair share have been easily detectable by the source network. It is either protocol 17 (UDP) dst port 80 or UDP Fragments (dst port 0..) What valid application actually uses UDP 80? You could literally

Re: Over a decade of DDOS--any progress yet?

On 12/8/2010 9:52 AM, Dobbins, Roland wrote: On Dec 8, 2010, at 10:47 PM, Arturo Servin wrote: But even for simple flood attacks, I still think that the target has very few defence mechanisms, and those that exists require a complex coordination with upstreams. This is demonstrabl

RE: Over a decade of DDOS--any progress yet?

I would say that > 99% of the attacks that we see are 'link fillers' with < 1% being an application attack. thanks, -Drew -Original Message- From: Dobbins, Roland [mailto:rdobb...@arbor.net] Sent: Wednesday, December 08, 2010 10:41 AM To: North American Operators' Group Subject: Re: Ov

Re: Over a decade of DDOS--any progress yet?

On 12/8/2010 10:13 AM, Drew Weaver wrote: The most common attacks that I have seen over the last 12 months, and let's say I have seen a fair share have been easily detectable by the source network. It is either protocol 17 (UDP) dst port 80 or UDP Fragments (dst port 0..) What valid applicat

Re: Over a decade of DDOS--any progress yet?

May be. Anyway, under ddos attack, your links may be congested, and you need to recover them. You have small margin to move. The farther upstream the attack is repelled, the better chances you have for restoring connectivity. >Mensaje original >De: deles...@gmail.com >Fecha: 08/12/2010

Re: Over a decade of DDOS--any progress yet?

On Dec 8, 2010, at 11:14 PM, Drew Weaver wrote: > I would say that > 99% of the attacks that we see are 'link fillers' with < > 1% being an application attack. Application-layer attacks aside, most packet-flooding attacks these days don't completely fill links, as there's no need for the attac

Re: Over a decade of DDOS--any progress yet?

On Mon, Dec 6, 2010 at 2:50 AM, Sean Donelan wrote: > What progress has been made during the last decade at stopping DDOS > attacks? > Observing Mastercard today, apparently none. Can't blame stupid users or Microsoft for this one, either. The 'attackers' are using a .NET tool which I'm sure al

Re: Over a decade of DDOS--any progress yet?

We see a lot of the UDP dest 0. Depending on what you're hosting/protecting you can ACL a lot of the unneeded ports and protocols (easy) then focus on using appliances (commercially available or home grown if you're so inclined) to identify and scrub out the ambiguous traffic (a lot more difficult)

Re: [nanog] Re: Over a decade of DDOS--any progress yet?

Hello: On 12/8/10 10:43 AM, JC Dill wrote: On 08/12/10 4:28 AM, Arturo Servin wrote: One big problem (IMHO) of DDoS is that sources (the host of botnets) may be completely unaware that they are part of a DDoS. I do not mean the bot machine, I mean the ISP connecting those. ISPs are not

Re: Over a decade of DDOS--any progress yet?

On 12/8/2010 10:28 AM, Dobbins, Roland wrote: Application-layer attacks aside, most packet-flooding attacks these days don't completely fill links, as there's no need for the attacker to do so. I think the difference here is scale. packet-flooding attacks often do fill links; if the links dro

Re: Over a decade of DDOS--any progress yet?

< 1 Gbps attacks used to be standard issue but as of the past 90 days we have been seeing 2 - 8 Gbps a lot more frequently. Jeff On Wed, Dec 8, 2010 at 11:38 AM, Jack Bates wrote: > On 12/8/2010 10:28 AM, Dobbins, Roland wrote: >> >> Application-layer attacks aside, most packet-flooding attacks

Re: Over a decade of DDOS--any progress yet?

On 08/12/2010 16:14, Drew Weaver wrote: > I would say that > 99% of the attacks that we see are 'link fillers' with < > 1% being an application attack. > > thanks, > -Drew This has been our recent experience as well. There are some pure app attacks, to be sure, but we many blended attacks also.

Re: Over a decade of DDOS--any progress yet?

On 12/8/2010 10:41 AM, Jeffrey Lyon wrote: < 1 Gbps attacks used to be standard issue but as of the past 90 days we have been seeing 2 - 8 Gbps a lot more frequently. That may well be true. I'm an eyeball network and I can usually point at a user pissing someone off on IRC/Forums for DOS ins

Re: Over a decade of DDOS--any progress yet?

On Dec 8, 2010, at 11:38 PM, Jack Bates wrote: > I think the difference here is scale. packet-flooding attacks often do > fill links; if the links drop to 155mb/s or below. I'm not saying that link-flooding attacks don't happen; they certainly do, and on very big links, sometimes. But in the

RE: Over a decade of DDOS--any progress yet?

You can get a dedicated server for $80 with a 1Gbps connection to the Internet without looking that hard. It is pretty easy/cheap to kill a 1Gbps connection now a days. Soon several providers will begin offering dedicated servers with a 10Gbps connection to a single machine. -Drew -Origi

Re: Over a decade of DDOS--any progress yet?

On Dec 8, 2010, at 11:47 PM, Jay Coley wrote: > This has been our recent experience as well. I see a link-filling attacks with some regularity; but again, what I'm saying is simply that they aren't as prevalent as they used to be, because the attackers don't *need* to fill links in order to a

Re: Over a decade of DDOS--any progress yet?

On Wed, 8 Dec 2010 11:13:01 -0500 Drew Weaver wrote: > The most common attacks that I have seen over the last 12 months, and > let's say I have seen a fair share have been easily detectable by the > source network. > > It is either protocol 17 (UDP) dst port 80 or UDP Fragments (dst port > 0..)

RE: Over a decade of DDOS--any progress yet?

> Soon several providers will begin offering dedicated servers with a > 10Gbps connection to a single machine. > > -Drew > Several already do. -Randy

Re: Mastercard problems

On 12/8/2010 12:00 PM, andrew.wallace wrote: It appears the site is under a sustained attack, CNET reports. http://news.cnet.com/8301-13578_3-20024966-38.html Andrew It's only their main website it has not affected their ability to process payments as of yet.

Re: Mastercard problems

On Wed, 08 Dec 2010 12:14:15 -0500 William Warren wrote: > On 12/8/2010 12:00 PM, andrew.wallace wrote: > > It appears the site is under a sustained attack, CNET reports. > > > > > > http://news.cnet.com/8301-13578_3-20024966-38.html > > > > > > Andrew > > > > > > > > > > > It's only their main w

Re: Mastercard problems

google = "Operation: Payback" On Wed, Dec 8, 2010 at 9:00 AM, andrew.wallace < andrew.wall...@rocketmail.com> wrote: > It appears the site is under a sustained attack, CNET reports. > > > http://news.cnet.com/8301-13578_3-20024966-38.html > > > Andrew > > > > > >

Re: Mastercard problems

On 12/8/2010 11:18 AM, Joseph Prasad wrote: google = "Operation: Payback" Sadly, our ineffective government probably won't bring these perpetrators to justice. I have no real opinion concerning wikileaks, but DOS attacks cannot be justified. Jack

Re: Mastercard problems

On Wed, Dec 8, 2010 at 11:24 AM, Jack Bates wrote: > On 12/8/2010 11:18 AM, Joseph Prasad wrote: >> >> google = "Operation: Payback" >> > > Sadly, our ineffective government probably won't bring these perpetrators to > justice. I have no real opinion concerning wikileaks, but DOS attacks cannot >

Re: Mastercard problems

On 12/8/2010 11:28 AM, William McCall wrote: Are you prepared for "informaton terrorism" laws? DOS attacks are already illegal. I question the ability to track responsible parties down and have appropriate proof to actually prosecute. Let's be honest. Even in the 20th century, more peo

Re: Over a decade of DDOS--any progress yet?

On 8 Dec 2010, at 15:40, Dobbins, Roland wrote: > On Dec 8, 2010, at 10:36 PM, Thomas Mangin wrote: > >> If you are a smaller network, you need the filtering to be performed by your >> transit provider, as your uplink will otherwise be congested. > > Actually, most DDoS attacks aren't link-flo

NWW: Fix to Chinese Internet traffic hijack due in January

http://www.networkworld.com/cgi-bin/mailto/x.cgi?pagetosend=/news/2010/120710-chinese-internet-traffic-fix.html&pagename=/news/2010/120710-chinese-internet-traffic-fix.html&pageurl=http://www.networkworld.com/news/2010/120710-chinese-internet-traffic-fix.html&site=printpage&nsdr=n Fix to Chinese

Re: NWW: Fix to Chinese Internet traffic hijack due in January

On Dec 8, 2010, at 10:13 AM, Eugen Leitl wrote: > http://www.networkworld.com/cgi-bin/mailto/x.cgi?pagetosend=/news/2010/120710-chinese-internet-traffic-fix.html&pagename=/news/2010/120710-chinese-internet-traffic-fix.html&pageurl=http://www.networkworld.com/news/2010/120710-chinese-internet-traff

ALT-DB Question

Hello, I'm sending a new MAINT-AS object to the db-ad...@altdb.net, but it doesn't appear to be in the database after a few weeks. Are there any requirements that I may be missing on my new request, or some sort of way I can help get it processed? Basically wondering if I'm just not waiting long

Start accepting longer prefixes as IPv4 depletes?

(My apologies if this has been discussed before, I haven't been keeping up with NANOG as well as I should lately.) As the IPv4 address space depletes, various types of use that requires IPv4 addresses will get harder. In some cases, this is unavoidable: if you want to connect a million broadban

Re: Over a decade of DDOS--any progress yet?

On Wed, Dec 8, 2010 at 8:47 AM, Jay Coley wrote: > On 08/12/2010 16:14, Drew Weaver wrote: >> I would say that > 99% of the attacks that we see are 'link fillers' with < >> 1% being an application attack. >> >> thanks, >> -Drew > > This has been our recent experience as well.  There are some pure

Re: Over a decade of DDOS--any progress yet?

On Dec 9, 2010, at 1:34 AM, Matthew Petach wrote: > There seems to be a trend of using larger-scale flooding, or other simple > types of attacks to get all the network people at an organization > rushing over to throw resources and energy at it. Concur, the more serious attackers use diversiona

Re: Mastercard problems

On Wed, Dec 8, 2010 at 12:34 PM, Jack Bates wrote: > > > On 12/8/2010 11:28 AM, William McCall wrote: > >> >> Are you prepared for "informaton terrorism" laws? >> > > > DOS attacks are already illegal. I question the ability to track responsible > parties down and have appropriate proof to actuall

Re: Start accepting longer prefixes as IPv4 depletes?

On Wed, Dec 8, 2010 at 10:30 AM, Iljitsch van Beijnum wrote: > (My apologies if this has been discussed before, I haven't been keeping up > with NANOG as well as I should lately.) > > As the IPv4 address space depletes, various types of use that requires IPv4 > addresses will get harder. In some

RE: Start accepting longer prefixes as IPv4 depletes?

> There are two issues: > > 1. Growth of the routing table. My answer to this is: although a > smaller table would be good, we've been living with 16% or so growth > for a decade before the IPv4 crunch, if going to < /28 instead of < /24 > allows this growth to continue some more years there is no

RE: Start accepting longer prefixes as IPv4 depletes?

> > Just move to v6, already. v4 is done. trying to keep it on life > support > is going to cost everyone time, money, and reduced life span due to > increased stress. Exactly. People need to adopt the "v4 is done" mindset and work going forward on that premise.

Re: Start accepting longer prefixes as IPv4 depletes?

Dear Iljitsh, Do you plan to put /28 into the DFZ routing table? You thought about routing table capacity of the today's routers.., I think prefix length around /22 is accepted, but blindly accepting any /24 prefix is not a reality today. What about the stability of the routing table without

Re: Start accepting longer prefixes as IPv4 depletes?

On 08/12/2010 20:30, Iljitsch van Beijnum wrote: Why not move away from that /24 requirement and start allowing /28s or a prefix length like that in the global routing table? This will allow content people to stay on IPv4 longer with fewer compromises, so we don't have to start thinking about

Re: Start accepting longer prefixes as IPv4 depletes?

In a message written on Wed, Dec 08, 2010 at 07:30:52PM +0100, Iljitsch van Beijnum wrote: > I'm hoping to get some modest support here before jumping into the RIR policy > shark tanks. There is no RIR policy here. There is no authority which can tell you what length are prefixes are accepted.

Re: Over a decade of DDOS--any progress yet?

On Dec 8, 2010, at 9:33 AM, Arturo Servin wrote: > Yes, but all of them rely on your upstreams or in mirroring your > content. If 100 Mbps are reaching your input interface of 10Mbps there is not > much that you can do. Hmm. What would be really cool is if you could use Snort, NetFlow/

Re: Start accepting longer prefixes as IPv4 depletes?

On Wed, Dec 8, 2010 at 11:07 AM, George Bonser wrote: >> >> Just move to v6, already.  v4 is done.  trying to keep it on life >> support >> is going to cost everyone time, money, and reduced life span due to >> increased stress. > > Exactly.  People need to adopt the "v4 is done" mindset and work

Re: Start accepting longer prefixes as IPv4 depletes?

On 12/8/10 11:59 AM, Matthew Petach wrote: Just because we've been treading water as fast as possible to try to stay above the drowing point in small prefix ranges does*not* mean we have extra headroom to waste on even smaller ranges. I've started contemplating filtering out blocks smaller than

Re: Start accepting longer prefixes as IPv4 depletes?

On Wed, 08 Dec 2010 20:10:46 +0100, Mohacsi Janos said: > Do you think adopting LISP or similar architectures to reduce the > problems mentioned above? You're better off taking the mindset that it's time to stick a fork in IPv4, it's done. Focus your attention on getting LISP or similar ad

Re: Over a decade of DDOS--any progress yet?

On Dec 9, 2010, at 2:19 AM, Chris Boyd wrote: > Your BGP peer router would need to have lots of memory for /32 or /64 routes > though. Any modern router can handle this. > Anyone heard of such a beast? Or is this how the stuff from places like > Arbor Networks do their thing? This can be do

Re: Start accepting longer prefixes as IPv4 depletes?

On Dec 9, 2010, at 2:10 AM, Mohacsi Janos wrote: > Do you think adopting LISP or similar architectures to reduce the problems > mentioned above? Yes. --- Roland Dobbins // Sell y

Re: Start accepting longer prefixes as IPv4 depletes?

On Dec 8, 2010, at 11:01 AM, George Bonser wrote: >> There are two issues: >> >> 1. Growth of the routing table. My answer to this is: although a >> smaller table would be good, we've been living with 16% or so growth >> for a decade before the IPv4 crunch, if going to < /28 instead of < > /24 >

Re: Start accepting longer prefixes as IPv4 depletes?

On Dec 8, 2010, at 11:17 AM, Leo Bicknell wrote: > In a message written on Wed, Dec 08, 2010 at 07:30:52PM +0100, Iljitsch van > Beijnum wrote: >> I'm hoping to get some modest support here before jumping into the RIR >> policy shark tanks. > There is no RIR policy here. Minimum PI allocation si

Re: Start accepting longer prefixes as IPv4 depletes?

On 12/8/2010 11:23, Cameron Byrne wrote: > > At the edge, with the down economy, i bet there are plenty of folks > that are only accept /21s and shorter from their upstream ISP so they > can get some more mileage out of their older gear. > Hopefully they have a default route; ARIN now has PI /24

Re: Start accepting longer prefixes as IPv4 depletes?

On Wed, Dec 8, 2010 at 11:31 AM, Dobbins, Roland wrote: > > On Dec 9, 2010, at 2:10 AM, Mohacsi Janos wrote: > >> Do you think adopting LISP or similar architectures to reduce the problems >> mentioned above? > > Yes. > No. I still fail to see the value of LISP in a mature and sane IPv6 world.

Re: Start accepting longer prefixes as IPv4 depletes?

On Dec 9, 2010, at 2:38 AM, Cameron Byrne wrote: > I still fail to see the value of LISP in a mature and sane IPv6 world. Abstraction of the global routing table away from direct dependence upon the underlying transport in use at a given endpoint network alone offers huge benefits for future

Re: Start accepting longer prefixes as IPv4 depletes?

On Wed, Dec 8, 2010 at 11:37 AM, Seth Mattinen wrote: > On 12/8/2010 11:23, Cameron Byrne wrote: >> >> At the edge, with the down economy, i bet there are plenty of folks >> that are only accept /21s and shorter from their upstream ISP so they >> can get some more mileage out of their older gear.

Re: Start accepting longer prefixes as IPv4 depletes?

On Wed, Dec 8, 2010 at 11:41 AM, Dobbins, Roland wrote: > > On Dec 9, 2010, at 2:38 AM, Cameron Byrne wrote: > >>  I still fail to see the value of LISP in a mature and sane  IPv6 world. > > Abstraction of the global routing table away from direct dependence upon the > underlying transport in use

RE: Start accepting longer prefixes as IPv4 depletes?

> Actually, in most implementations, due to optimizations with IPv6 that > aren't possible with IPv4, a v6 route only takes about 2x the resources > of an IPv4 route. I considered that before I wrote the 4x but I couldn't be sure that my implementation was typical so I stuck with the worst case.

Start accepting longer prefixes as IPv4 depletes?

How many networks already leak numerous unnecessary /24s to their transit providers, who accept them (not having been asked to do anything else), and contribute to table bloat?  Quite a lot of networks do this. Imagine if there are many possible inter-domain routes that are being filtered by trans

Re: Over a decade of DDOS--any progress yet?

On 12/8/2010 08:06, Jack Bates wrote: > I call BS. Windows has it's problems, but it is the most common > exploited as it holds the largest market share. Many Windows infections > I've seen occur not due to the OS, but due to lack of patching of > applications on the OS. The system does as much as

Re: Mastercard problems

The problem is that they were also slashdotted. The logs would also have a large number of unrelated. On Dec 8, 2010 12:49 PM, "Christopher Morrow" wrote: > On Wed, Dec 8, 2010 at 12:34 PM, Jack Bates wrote: >> >> >> On 12/8/2010 11:28 AM, William McCall wrote: >> >>> >>> Are you prepared for "i

ALT-DB Question

Hello, I'm sending a new MAINT-AS object to the db-ad...@altdb.net, but it doesn't appear to be in the database after a few weeks.  Are there any requirements that I may be missing on my new request, or some sort of way I can help get it processed? Basically wondering if I'm just not waiting long

RE: Start accepting longer prefixes as IPv4 depletes?

> How many networks already leak numerous unnecessary /24s to their > transit providers, who accept them (not having been asked to do > anything else), and contribute to table bloat?  Quite a lot of > networks do this. Sure. Even as a prophylactic measure against route hijacking if they aren't u

Re: Mastercard problems

I would say the attack falls under the jurisdiction of the US secret service since this is an attack on the financial system. "Today the agency's primary investigative mission is to safeguard the payment and financial systems of the United States." --- secretservice.gov Andrew - Original

SONET and MAC address

We have a Gigabit Ethernet transport between cities by a vendor. We found that when there are identical MAC address that are on different VLANs on different side of the circuit, one of the VLAN looses packets. This situation came up because two different networks that travel over the Ethernet wer

Re: Mastercard problems

On 2010-12-08 14:06 -0600, Philip Dorr wrote: > The problem is that they were also slashdotted. The logs would also have a > large number of unrelated. "so... the loic tool uses the host's local address, the attacks are all HTTP based, or tcp/80 with malformed HTTP..." That should be easy to gr

Re: Mastercard problems

On 12/8/2010 2:37 PM, Olof Johansson wrote: On 2010-12-08 14:06 -0600, Philip Dorr wrote: The problem is that they were also slashdotted. The logs would also have a large number of unrelated. "so... the loic tool uses the host's local address, the attacks are all HTTP based, or tcp/80 with ma

.com/.net DNSSEC operational message

VeriSign is in the process of deploying DNSSEC in the .net and .com zones. This message contains operational information related to the .net DNSSEC deployment that might be of interest to the Internet operational community. The .net DNSSEC deployment is underway. On September 25, 2010, the .net

Re: Mastercard problems

On Wed, Dec 8, 2010 at 3:06 PM, Philip Dorr wrote: > The problem is that they were also slashdotted.  The logs would also have a > large number of unrelated. pro-tip: the tool has a pretty easy to spot signature. -chris

Re: Start accepting longer prefixes as IPv4 depletes?

Cameron, On Dec 8, 2010, at 12:01 PM, Cameron Byrne wrote: > I believe a lot of folks think the routing paths should be tightly > coupled with the physical topology. The downside, of course, being that if you change your location within the physical topology, you have to renumber. Enterprises h

Re: Mastercard problems

On Dec 8, 2010, at 12:30 PM, andrew.wallace wrote: I would say the attack falls under the jurisdiction of the US secret service since this is an attack on the financial system. "Today the agency's primary investigative mission is to safeguard the payment and financial systems of the United

Re: Mastercard problems

On 12/8/2010 1:30 PM, James Downs wrote: On Dec 8, 2010, at 12:30 PM, andrew.wallace wrote: I would say the attack falls under the jurisdiction of the US secret service since this is an attack on the financial system. "Today the agency's primary investigative mission is to safeguard the paymen

Re: Start accepting longer prefixes as IPv4 depletes?

On 12/8/2010 3:12 PM, David Conrad wrote: Cameron, On Dec 8, 2010, at 12:01 PM, Cameron Byrne wrote: I believe a lot of folks think the routing paths should be tightly coupled with the physical topology. The downside, of course, being that if you change your location within the physical topol

Re: Over a decade of DDOS--any progress yet?

On Wed, 08 Dec 2010 07:43:52 PST, JC Dill said: > Why isn't ANYONE going after Microsoft over this? If Microsoft were > held accountable for the spam and DDOSs that spew from their crappy > software, they would find a way to stop the problem. I've raised this > issue before, IMHO Windows OSs

RE: SONET and MAC address

Don't know the FlashWave gear well, but in the Cisco ONS/Cerent world GigE ports can be configured in different modes, some of which do in fact learn MAC addresses. Others emulate a single layer-2 link and as the vendor stated, would not look at the MAC address at all. -Scott -Origin

Re: Start accepting longer prefixes as IPv4 depletes?

> Date: Wed, 08 Dec 2010 15:34:47 -0600 > From: Jack Bates > > On 12/8/2010 3:12 PM, David Conrad wrote: > > Cameron, > > > > On Dec 8, 2010, at 12:01 PM, Cameron Byrne wrote: > >> I believe a lot of folks think the routing paths should be tightly > >> coupled with the physical topology. > > > >

Re: Mastercard problems

> Yes it has: > > http://blog.securetrading.com/2010/12/mastercard-maestro-3-d-secure/ I've been processing cards all day for my wife's biz without any problems. -J

Re: Start accepting longer prefixes as IPv4 depletes?

On 8 dec 2010, at 19:59, Matthew Petach wrote: > Just because we've been treading water as fast as possible to try to stay > above the drowing point in small prefix ranges does *not* mean we have > extra headroom to waste on even smaller ranges. It's not the size of the prefixes that's the proble

Re: Start accepting longer prefixes as IPv4 depletes?

On 8 dec 2010, at 20:10, Mohacsi Janos wrote: > Do you think adopting LISP or similar architectures to reduce the > problems mentioned above? Did the LISP guys solve failover after a locator goes away? And what about the MTU issue? Do you lose initial packets when there is no mapping sta

Re: Mastercard problems

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Dec 8, 2010 at 2:05 PM, Jorge Amodio wrote: >> Yes it has: >> >> http://blog.securetrading.com/2010/12/mastercard-maestro-3-d-secure/ > > I've been processing cards all day for my wife's biz without any > problems. > At least some processing

Re: Mastercard problems

On Wed, Dec 08, 2010 at 04:05:32PM -0600, Jorge Amodio said: >> Yes it has: >> >> http://blog.securetrading.com/2010/12/mastercard-maestro-3-d-secure/ > >I've been processing cards all day for my wife's biz without any problems. there are other payment processors out there for mastercard

Re: Start accepting longer prefixes as IPv4 depletes?

On Dec 8, 2010, at 12:01 PM, Cameron Byrne wrote: > On Wed, Dec 8, 2010 at 11:41 AM, Dobbins, Roland wrote: >> >> On Dec 9, 2010, at 2:38 AM, Cameron Byrne wrote: >> >>> I still fail to see the value of LISP in a mature and sane IPv6 world. >> >> Abstraction of the global routing table away

Re: Mastercard problems

"MasterCard works closely with the U.S. Secret Service, the FBI, the Postal Inspection Service, Interpol, Europol and counterpart organizations throughout the world to facilitate investigation and prosecution." http://www.mastercard.com/us/merchant/security/collaborating_experts.html Andrew

Re: Start accepting longer prefixes as IPv4 depletes?

On Dec 8, 2010, at 12:01 PM, George Bonser wrote: >> Actually, in most implementations, due to optimizations with IPv6 that >> aren't possible with IPv4, a v6 route only takes about 2x the > resources >> of an IPv4 route. > > I considered that before I wrote the 4x but I couldn't be sure that m

Re: SONET and MAC address

Same thing with Siemens and Huawei gear, there are "transparent" cards that don't learn anything and L2 cards that do. -- *blap* On Wed, Dec 8, 2010 at 22:57, Scott Berkman wrote: > Don't know the FlashWave gear well, but in the Cisco ONS/Cerent world GigE > ports can be configured in differe

Re: Start accepting longer prefixes as IPv4 depletes?

On 12/8/2010 4:12 PM, Owen DeLong wrote: IMHO, a more ideal way to do this would be to add 32 bits to the packet header for "destination ASN" and do IDR based on that, but, changing the packet header at this time is hard and would require a new IP version number. My only problem with this is

  1   2   >