ISP access in Hebron, KY

Hello, We're looking for DIA in the 20 - 50mbps range for a warehouse we have in Hebron, KY. CinBell has been a bit "slow" to respond to our DS3 requets, so I'm wondering who else in town has their own facilities (also wondering who might be a good for a backup circuit)? Thanks! Eric :)

Super Sunday

What, no whacky weekend thread? NBC and the NFL are, for the first time, televising the Super Bowl and its preshow on the Internet... using a Silverlight app (so I hope you Linux people don't enjoy football). It's supposed to be available to tablets too, as a second-screen cast with selectable a

[NANOG-announce] Tutorials starting today, some available via webcast!

For the first time, NANOG will be webcasting (and archiving) some of our tutorials. Beginning at 2PM PT, you can see John Kristoff give an Introduction to Shell and Perl Scripting for Network Operators, with a break from 3:30-4 and then starting back at 4PM PT with Intermediate Perl Scripting f

UDP port 80 DDoS attack

We just saw a huge flux of traffic occur this morning that spiked one of our upstream ISPs gear and killed the layer 2 link on another becuase of a DDoS attack on UDP port 80. Wireshark shows this appears to be from a compromised game server (call of duty) with source IPs in a variety of diff

Superbowl traffic.

(yeah, i used a (C) term , so sue me) akam reporting ~17M hits/sec.. anyone seeing clearly identifiable traffic spikes (presumably due to sb)? reply offlist if you want to submit data but don't want to be outed as divulging corp info, but graphs and/or raw datars would be awesome sauce. data will

Re: UDP port 80 DDoS attack

Hi. We had a customer that was attacked by the same "game server feature". We received aprox 10 Gbit of traffic against the customer. The attacker sends spoofed packets to the game server with the target IP as "source", the gameserver sends replies back via UDP to the target host. The attacker se

Re: UDP port 80 DDoS attack

There aren't very many ways to combat DDOS. That's why it's so popular. Some ISP's partner with a company that offers a tunnel based scrubbing service where they DPI all your traffic before they send it to you. If you only have a few upstreams it may be helpful to you. I spoke to them last year

Re: UDP port 80 DDoS attack

On Sun, Feb 05, 2012 at 06:36:13PM -0500, Ray Gasnick III wrote: > We just saw a huge flux of traffic occur this morning that spiked one of > our upstream ISPs gear and killed the layer 2 link on another becuase of a > DDoS attack on UDP port 80. Yep, we've got a customer who's been hit with it a

Re: UDP port 80 DDoS attack

On Feb 6, 2012, at 7:21 AM, Keegan Holley wrote: > There aren't very many ways to combat DDOS. Start with the various infrastructure/host/service BCPs, and S/RTBH, as outlined in this preso:

Re: Super Sunday

Jay Ashworth wrote: What, no whacky weekend thread? NBC and the NFL are, for the first time, televising the Super Bowl and its preshow on the Internet... using a Silverlight app (so I hope you Linux people don't enjoy football). It's supposed to be available to tablets too, as a second-screen c

Re: Super Sunday

- Original Message - > From: "Michael Painter" > On Vizio 37" 1080p display: > Local NBC affiliate via off-air antenna= flawless 720p picture. > Local NBC affiliate re-broadcast via Dish Network=flawless 1080i > picture. > Local NBC affiliate re-broadcast via DirecTV Network=flawless 1080

Re: UDP port 80 DDoS attack

An entire power point just to recommend ACL's, uRPF, CPP, DHCP snooping, and RTBH? The first four will not work against a DDOS attack and the last one just kills the patient so he does not infect other patients. As I said earlier beyond traffic scrubbing offsite there isn't much defense against D

Re: UDP port 80 DDoS attack

On Feb 6, 2012, at 8:10 AM, Keegan Holley wrote: > An entire power point just to recommend ACL's, uRPF, CPP, DHCP snooping, and > RTBH? Actually, no, that isn't the focus of the preso. > The first four will not work against a DDOS attack This is incorrect - suggest you read the preso. > and

Optimal IPv6 router

Hi, Most routers today are basically IPv4 routers, with IPv6 thrown in. They are however designed keeping IPv4 in mind. With IPv6 growing, if we were to design a native IPv6 router, with IPv4 functionality thrown in, then is it possible to design a more optimal IPv6 router, than what exists today

Re: UDP port 80 DDoS attack

On Feb 6, 2012, at 8:20 AM, Dobbins, Roland wrote: > Actually, no, that isn't the focus of the preso. More info here: --- Roland Dobbins //

Re: Super Sunday

Jay Ashworth wrote: - Original Message - From: "Michael Painter" On Vizio 37" 1080p display: Local NBC affiliate via off-air antenna= flawless 720p picture. Local NBC affiliate re-broadcast via Dish Network=flawless 1080i picture. Local NBC affiliate re-broadcast via DirecTV Network=

Re: Super Sunday

Sent from my iPhone On Feb 5, 2012, at 17:24, Michael Painter wrote: > Jay Ashworth wrote: >> - Original Message - >>> From: "Michael Painter" >> >>> On Vizio 37" 1080p display: >>> Local NBC affiliate via off-air antenna= flawless 720p picture. >>> Local NBC affiliate re-broadcast via

Re: UDP port 80 DDoS attack

2012/2/5 Dobbins, Roland > > On Feb 6, 2012, at 8:10 AM, Keegan Holley wrote: > > > An entire power point just to recommend ACL's, uRPF, CPP, DHCP snooping, > and RTBH? > > Actually, no, that isn't the focus of the preso. > > > The first four will not work against a DDOS attack > > This is incorr

Re: UDP port 80 DDoS attack

On Feb 6, 2012, at 8:37 AM, Keegan Holley wrote: > Source RTBH often falls victim to rapidly changing or spoofed source IP"s. S/RTBH can be rapidly shifted in order to deal with changing purported source IPs, and it isn't limited to /32s. It's widely supported on Cisco and Juniper gear (flow

Re: Super Sunday

Mike Lyon wrote: Sent from my iPhone On Feb 5, 2012, at 17:24, Michael Painter wrote: Jay Ashworth wrote: - Original Message - From: "Michael Painter" On Vizio 37" 1080p display: Local NBC affiliate via off-air antenna= flawless 720p picture. Local NBC affiliate re-broadcast via

Re: UDP port 80 DDoS attack

2012/2/5 Dobbins, Roland > > On Feb 6, 2012, at 8:37 AM, Keegan Holley wrote: > > > Source RTBH often falls victim to rapidly changing or spoofed source > IP"s. > > S/RTBH can be rapidly shifted in order to deal with changing purported > source IPs, and it isn't limited to /32s. It's widely supp

Re: UDP port 80 DDoS attack

On Feb 6, 2012, at 8:50 AM, Keegan Holley wrote: > Yes but assuming everything discussed at a conference is instantly adopted by > the entire industry gives one false hope no? I'm certainly not making that assumption - hence the presos. ;> -

Re: Optimal IPv6 router

On 2/5/12 17:20 , Glen Kent wrote: > Hi, > > Most routers today are basically IPv4 routers, with IPv6 thrown in. > They are however designed keeping IPv4 in mind. > > With IPv6 growing, if we were to design a native IPv6 router, with > IPv4 functionality thrown in, then is it possible to design a

Re: Optimal IPv6 router

On Mon, 06 Feb 2012 06:50:54 +0530, Glen Kent said: > Most routers today are basically IPv4 routers, with IPv6 thrown in. Not sure if this statement is troll bait or flame bate. Probably both. ;) I see Joel has already confirmed my memory that vendors had ASICs doing IPv6 forwarding last century.

Re: Super Sunday

When i did a sports bar of about 24 HD TVs, i used gear from here: http://www.neoprointegrator.com/products.php Good product, good support. -mike Sent from my iPhone On Feb 5, 2012, at 17:47, Michael Painter wrote: > Mike Lyon wrote: >> Sent from my iPhone >> >> On Feb 5, 2012, at 17:24, Mic

Re: Optimal IPv6 router

Glen Kent wrote: > With IPv6 growing, if we were to design a native IPv6 router, with > IPv4 functionality thrown in, then is it possible to design a more > optimal IPv6 router, than what exists today? It depends on what you want routers to do. As I am working on Tbps photonic routers with fiber

Re: UDP port 80 DDoS attack

On 2012.02.05 20:37, Keegan Holley wrote: 2012/2/5 Dobbins, Roland S/RTBH - as opposed to D/RTBH - doesn't kill the patient. Again, suggest you read the preso. Source RTBH often falls victim to rapidly changing or spoofed source IP"s. It also isn't as widely supported as it should be. I ne

Re: Super Sunday

Mike Lyon wrote: When i did a sports bar of about 24 HD TVs, i used gear from here: http://www.neoprointegrator.com/products.php Good product, good support. -mike Looks like a well designed product...Thanks! Any idea of what the 'Tahoe' costs (we have 16 sources)? --Michael

Re: UDP port 80 DDoS attack

2012/2/5 Steve Bertrand > On 2012.02.05 20:37, Keegan Holley wrote: > >> 2012/2/5 Dobbins, Roland >> > > S/RTBH - as opposed to D/RTBH - doesn't kill the patient. Again, suggest >>> you read the preso. >>> >>> >> Source RTBH often falls victim to rapidly changing or spoofed source IP"s. >> It a

Re: UDP port 80 DDoS attack

On 2012.02.05 22:30, Keegan Holley wrote: > 2012/2/5 Steve Bertrand On 2012.02.05 20 :37, Keegan Holley wrote: Source RTBH often falls victim to rapidly changing or spoofed source IP"s. It also isn't as widely supported as it should be. I never said DDOS was

Re: Hijacked Network Ranges

On Wednesday, February 01, 2012 02:57:46 AM Tony McCrory wrote: > Surely something is better than nothing. Advertise the > /24's and the /25's, see what happens. The fact that the hijacking ISP's upstreams accepted routes through their network that didn't belong to that ISP is bad enough. Th

Re: Hijacked Network Ranges

I had this happen to me in 2008 - http://www.gossamer-threads.com/lists/nanog/users/110097 Total pain in the ass when it does happen. Funnily enough in that case it was another downstream of the same ISP who was pulling this stunt .. --srs On Mon, Feb 6, 2012 at 9:49 AM, Mark Tinka wrote: > > >

Re: Hijacked Network Ranges

On Wednesday, February 01, 2012 12:10:32 PM George Bonser wrote: > Customer relationship with Kelvin's firm terminated and > they contracted for service elsewhere but are apparently > attempting to maintain the use of the address > allocation(s) they received from Kelvin's firm. They > apparentl

Re: Thanks & Let's Prevent this in the Future.

On Thursday, February 02, 2012 01:00:43 AM George Bonser wrote: > One problem is the number of routing registries and the > requirements differ for them. The nefarious operator > can enter routes in an IRR just as easily as a > legitimate operator. There was a time when some > significant netwo

Re: Hijacked Network Ranges

On Monday, February 06, 2012 12:26:51 PM Suresh Ramasubramanian wrote: > I had this happen to me in 2008 - > http://www.gossamer-threads.com/lists/nanog/users/110097 > Total pain in the ass when it does happen. Funnily > enough in that case it was another downstream of the > same ISP who was pul

Re: Hijacked Network Ranges

On Mon, Feb 6, 2012 at 12:07 AM, Mark Tinka wrote: > It's 2012, we really shouldn't be seeing this type of thing > anymore, particularly after what happened in Pakistan. s/pakistan/pakistan,nyc(ntt),minneapolis(ntt),level3's incidents, .../ there's lots of people that have fallen victim of: o

Re: Hijacked Network Ranges

On Monday, February 06, 2012 01:14:20 PM Christopher Morrow wrote: > o not having filters at all (pccw/pktel) Well, we know what this leads to (part of the reasons you find some eBGP sessions carrying /25's or longer + RFC 1918 space is because of this). > o filtering using old/stale data

Re: Hijacked Network Ranges

On Mon, 6 Feb 2012, Christopher Morrow wrote: why aren't filters applied at all? filters don't generate revenue. -Dan

RE: Hijacked Network Ranges

> To: Christopher Morrow > Cc: nanog@nanog.org > Subject: Re: Hijacked Network Ranges > > On Mon, 6 Feb 2012, Christopher Morrow wrote: > > why aren't filters applied at all? > > filters don't generate revenue. > > -Dan Don't agree with the implied notion that a commercial network provider won'

Re: Verisign deep-hacked. For months.

On Thu, Feb 2, 2012 at 16:42, Zaid Ali wrote: > That part is ambiguous at the moment since Verisign has not released > details. Symantec has bought the SSL part of the business and claim that > the SSL acquired network is not compromised. Sounds like lots of > assumptions being drawn. > > Zaid >

Re: Hijacked Network Ranges

On Monday, February 06, 2012 02:41:53 PM goe...@anime.net wrote: > filters don't generate revenue. Neither does traffic - that does generate revenue - not reaching your customer. Mark. signature.asc Description: This is a digitally signed message part.

Re: Hijacked Network Ranges

On Mon, Feb 6, 2012 at 1:35 AM, Mark Tinka wrote: > On Monday, February 06, 2012 01:14:20 PM Christopher Morrow > We manually check the RIR WHOIS database. I'm sure some do you have customers with 10k long prefix lists? it gets hard when the lists get long, or the data is for downstream folks of

Re: Hijacked Network Ranges

Le dimanche 05 février 2012 à 22:41 -0800, goe...@anime.net a écrit : > On Mon, 6 Feb 2012, Christopher Morrow wrote: > > why aren't filters applied at all? > > filters don't generate revenue. ... but at times, they prevent loss of... ... mh > > -Dan >

Re: UDP port 80 DDoS attack

On Sun, Feb 5, 2012 at 10:08 PM, Steve Bertrand wrote: > This is so very easily automated. Even if you don't actually want to trigger > the routes automatically, finding the sources you want to blackhole is as What transit providers are doing flow-spec, or otherwise, to allow their downstreams to

Re: Optimal IPv6 router

On Sun, Feb 05, 2012 at 09:07:57PM -0500, valdis.kletni...@vt.edu wrote: > OK, I'll bite. What would qualify as a "native IPv6" router? Perhaps those which were designed with IPv4+IPv6 in mind from day 1, both in hardware and software - like Juniper/JUNOS. In contrast to other the gear where IPv6