educate and
proselytize to that end, and have done so for many years.
<https://app.box.com/s/4h2l6f4m8is6jnwk28cg>
I would much rather be working on other problem-sets. But needs must.
---
Roland Dobbins
drawbacks, very much.
-------
Roland Dobbins
CAN'T switch to an alternate global routing table.
So, what happens when the authorities in some locale start pressing for
the cancellation of relevant certificates utilized in routing PKI,
and/or order operators under their jurisdiction to reject same?
---
R
r off with
the problematic, error-prone system we have (not to mention the
enumeration and enhanced DDoS impact of packeting routers doing crypto
for their BGP sessions and which aren't protected via iACLs/GTSM).
-------
Roland Dobbins
?
---
Roland Dobbins
of/in addition to BGP-based
diversion.
But GRE is used for re-injection only.
---
Roland Dobbins
On 8 Jun 2015, at 21:11, Martin T wrote:
Are there any other possibilities to geolocate IPv4 addresses with
higher accuracy?
There is no direct relationship between logical network topology and
geopolitical boundaries.
---
Roland Dobbins
b) how DDoS mitigation in general focused on minimizing both
underblocking and overblocking, rather than on the failed 'IPS' model,
contact those Arbor representatives of whom you speak and have them
engage me in joint discussions.
---
Roland Dobbins
veler, that's what springs to mind
when I see requests like this.
Another thought is governmentally-driven censorship, something else I
encounter a lot in my travels.
-------
Roland Dobbins
technical people can generally get around these
sorts of blocks, and non-technical people all too often can't.
The majority of people aren't technical (using Facebook and Instagram
all day <> technical).
-------
Roland Dobbins
ement.
;>
---
Roland Dobbins
On 11 Jun 2015, at 14:51, John Levine wrote:
> to recognize people who are trying to hide their actual location.
Precisely.
---
Roland Dobbins
On 12 Jun 2015, at 16:16, Job Snijders wrote:
This has global impact, lots of alerts on the SQA collector page
http://sqa.ring.nlnog.net/
I'm reaching out to them now.
---
Roland Dobbins
On 12 Jun 2015, at 17:46, Job Snijders wrote:
> OK, as of now (~ 10:40) UTC things look normalised.
Just got off the phone, I think things may be in hand, now.
---
Roland Dobbins
s
thereof. Unless they've invested in hiring people with the right
skillsets and breadth/depth of actual operational experience, this can
be a path fraught with significant risk.
-------
Roland Dobbins
On 13 Jun 2015, at 17:34, Mark Tinka wrote:
> A lot more work is needed, indeed. It's not 2008 anymore...
Nor 1997:
<https://en.wikipedia.org/wiki/AS_7007_incident>
;>
-----------
Roland Dobbins
they
have personnel with the necessary skillsets and experience.
where they fall behind your avaerage nanogger is testosterone
poisoning.
I couldn't agree more.
-------
Roland Dobbins
port?), either it's a reporting artifact of some kind or in fact
a SYN destined to TCP/0 (we see this with SYN-floods, sometimes, as well
as with attacks attempting to bypass ACL/firewall rules and related to
compromise).
-------
Roland Dobbins
On 17 Jun 2015, at 11:23, Maqbool Hashim wrote:
Maybe I need to setup collectors and span ports on all the switches
involved to get to the bottom of this. Just feeling like we need to
look at *all* the packets not the sample!
Concur 100%.
---
Roland Dobbins
yways.
---
Roland Dobbins
riate alias like one of the
bugtraq lists.
---
Roland Dobbins
.
---
Roland Dobbins
.
Not an option for anything interactive, very poor for general user-type
Internet access.
---
Roland Dobbins
based mitigation provider. I was explaining that in most
cloud mitigation scenarios, GRE tunnels are used for re-injection of
'clean' traffic to the endpoint networks.
-------
Roland Dobbins
made the assertion that these issues had not been addressed by DDoS
mitigation service operators; that assertion is incorrect.
---
Roland Dobbins
On 8 Jul 2015, at 22:26, Roland Dobbins wrote:
Hardware-based GRE processing is required on both ends for anything
other than trivial speeds; in general, the day of software-based
Internet routers is long gone, and any organization still running
software-based routers on their transit
8svojvzl>
-------
Roland Dobbins
.
so thank you for the reminder!
Sorry for the repeat, but glad the preso was helpful!
;>
---
Roland Dobbins
valid one for any cloud DDoS mitigation service provider of
which I'm aware.
---
Roland Dobbins
fairly rapidly until none of the dst ips
are available.
What source ports and breadth of purported source IPs? I'm not sure
this is reflection/amplification attack, it may be a straight packeting
of H.323 systems.
-----------
Roland Dobbins
es to perform such testing in a safe and
responsible manner, as it will also enhance the skills needed to defend
said properties.
-------
Roland Dobbins
S attacks. With regards to
TCP-based attacks, it's a subset of those which are connection-oriented
and are thus susceptible to tarpitting-type techniques.
---
Roland Dobbins
On 27 Jul 2015, at 21:12, Glen Kent wrote:
Given the state of affairs these days how difficult is it going to be
for somebody to launch a DOS attack with some other protocol?
<https://app.box.com/s/r7an1moswtc7ce58f8gg>
---
Roland Dobbins
spond.
---
Roland Dobbins
On 1 Aug 2015, at 18:47, Roland Dobbins wrote:
and Telia, as well
Got in touch with some Telia folks who're in-between flight legs -
they're reaching out internally.
-------
Roland Dobbins
On 1 Aug 2015, at 18:47, Roland Dobbins wrote:
I pinged NTT and Telia, as well - it's weekend nighttime in CONUS, and
holiday season in Scandinavia, so it may take a while for folks to
respond.
Pinged GTT, as well.
---
Roland Dobbins
On 1 Aug 2015, at 17:11, Job Snijders wrote:
I reached out to ServerCentral network engineering to ask.
ServerCentral say it's legit, and that they have the appropriate
documentation.
I encouraged them to reply here.
---
Roland Dobbins
ongst attendees.
---
Roland Dobbins
actic,
decreasing it isn't one, either.
-------
Roland Dobbins
On 2 Aug 2015, at 22:56, Mike Hammett wrote:
It's completely reasonable when the world at large is only secondary
to the local, on-net operations.
It has nothing to do with DDoS.
---
Roland Dobbins
due to the extreme asymmetry of resource ratios in favor of the
attackers.
---
Roland Dobbins
servers for matchmaking/auth purposes, etc.
-----------
Roland Dobbins
much rather use an ASR9K or CRS (I don't know much about Juniper
routers) as an edge device.
-------
Roland Dobbins
On 3 Aug 2015, at 6:16, tqr2813d376cjozqa...@tutanota.com wrote:
DDoS = multiple IPs
DoS = single IP
It seems most people colloquially use DDoS for both, and reserve DoS for
magic-packet blocking exploits like the latest BIND CVE, FYI.
---
Roland Dobbins
t he meant.
-------
Roland Dobbins
time to time, multiple sources spoofing
the same source IP.
---
Roland Dobbins
y to do so is a prerequisite for an attacker.
-------
Roland Dobbins
rt it.
If attack volume is high, it still may flood the link, but keeping the
traffic off one's own core and off the actual target(s) of the attack
are still very worthwhile.
-------
Roland Dobbins
On 3 Aug 2015, at 20:28, Mel Beckman wrote:
> Blackholing works on destination address — it’s a route to null0.
<https://tools.ietf.org/html/rfc5635>
-------
Roland Dobbins
e targeted IP(s), which is of operational
utility.
---
Roland Dobbins
ink it’s not useful to misuse the term DDoS, and
that it refers to any attack where the source addresses are
distributed across the Internet, making them difficult to identify and
therefore block.
Again, that ship sailed long ago.
-----------
Roland Dobbins
On 3 Aug 2015, at 21:00, Roland Dobbins wrote:
> due to DDoS exhaustion
That should read 'state exhaustion', apologies.
-------
Roland Dobbins
[Warning: free registration required, but you can opt-out of email as
part of the registration process]
<http://www.arbornetworks.com/resources/infrastructure-security-report>
-----------
Roland Dobbins
On 3 Aug 2015, at 21:58, Ethan wrote:
In the end, one of the griefers friends went and told on them, and
that's how they were discovered.
Pretty much how it works on the general Internet, too, it seems.
;>
---
Roland Dobbins
On 4 Aug 2015, at 4:03, mikea wrote:
In the US, the FCC has ruled that wifi jammers violate one or more
parts of the FCC Rules and Regs.
I travel quite a bit worldwide, and I've never run into this. I run my
portable AP on 5GHz, FWIW.
---
Roland Dobbins
Hz and not 5GHz?
-------
Roland Dobbins
ich I learned the actual details of what happened) that
wasn't the result of someone manually typing at the enable prompt.
-------
Roland Dobbins
essed within the civic arena.
There are no purely technical solutions to social ills. Schneier of all people
should know this.
-------
Roland Dobbins
ich have been compromised and are being
used for illicit activity.
IANAL, but I'd suggest trying to have a conversation before getting
lawyers involved. Hopefully, it's just a misunderstanding of some
sort, and can be resolved amicably.
---------
described in the post. s*BGP deployment is
a separate issue, and conflating the two doesn't necessarily follow.
---
Roland Dobbins <[EMAIL PROTECTED]> // 408.527.6376 voice
Culture eats strategy fo
in its analysis.
-------
Roland Dobbins <[EMAIL PROTECTED]> // 408.527.6376 voice
Culture eats strategy for breakfast.
-- Ford Motor Company
in
that they must invest the opex to implement and maintain these
policies (along with BCP38, iACLs, et. al.); sort of an inversion of
"The Emperor's New Clothes", heh.
---
Roland Dobbins <[EMAIL PROTECTED]> // 408.527.6376 voice
Culture eats strategy for breakfast.
-- Ford Motor Company
IMHO (full
disclosure: I was fortunate enough to have the opportunity to provide
some feedback to the authors as they worked on this tome, but have no
financial interest whatsoever in its publication or sales thereof).
----
pears to've sailed, AFAICT.
-------
Roland Dobbins // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales really well.
-- Kevin Lawton
On May 28, 2009, at 9:03 PM, david hiers wrote:
Is anyone aware of a voip-focused group similar to nanog?
VOIPSA are focused on VoIP, mainly around security:
<http://www.voipsa.org/>
---
Roland Dobbins //
use DNS-based
GSLB for the various system elements.
-------
Roland Dobbins // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales really well.
-- Kevin Lawton
- far better to go for layer-3 separation,
work with the app/database/sysadmin folks to avoid dependence on
direct adjacencies, and gain the topological freedom of routing.
---
Roland Dobbins // <http://www.arbornetworks.
tive, IMHO.
-------
Roland Dobbins // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales really well.
-- Kevin Lawton
of the virtual team working to uplift
legacy siloed OS/app stacks into more modern and flexible architectures.
;>
-----------
Roland Dobbins // <http://www.arbornetworks.com>
Unfortunately, ineffic
ng an important
supporting role.
---
Roland Dobbins // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales really well.
-- Kevin Lawton
clustered database back-end, utilizing vendor-
specific HA solutions. It can be done via a combination of caching,
sharding, distributed indexing, et. al. - i.e., via application
structuring and logic.
-------
Roland Dobbins
these posited choices are quite ugly and
tend to lead to huge operational difficulties, susceptibility to DDoS,
etc. Definitely not recommended except as a last resort in a
difficult situation, IMHO.
---
Roland Dobbins
to
be deployed in a distributed, highly-available architecture.
The Twitter *aggregation/attention model* is what is of great
interest, any merits of the specific service aside.
---
Roland Dobbins // <h
andle mpps running without the
need for these critical edge features.
---
Roland Dobbins // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales really well.
-- Kevin Lawton
And the NetFlow issues.
-----------
Roland Dobbins // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales really well.
-- Kevin Lawton
dropped traffic.
-------
Roland Dobbins // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales really well.
-- Kevin Lawton
RL8
ASIC.
-------
Roland Dobbins // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales really well.
-- Kevin Lawton
.
---
Roland Dobbins // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales really well.
-- Kevin Lawton
On Jul 20, 2009, at 5:26 PM, Neil J. McRae wrote:
GSR is far better platform.
Concur 100%.
---
Roland Dobbins // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales reall
on it.
---
Roland Dobbins // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales really well.
-- Kevin Lawton
AFAIK.
---
Roland Dobbins // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales really well.
-- Kevin Lawton
, IMHO.
---
Roland Dobbins // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales really well.
-- Kevin Lawton
On Jul 30, 2009, at 4:16 PM, Murtaza wrote:
I wanted to ask that if ISPs use any kind of caching system for peer-
to-peer traffic?
Oversi and ApplianSys are two companies which I know some SPs use.
---
Roland Dobbins
lar approach; I just think
it's the most likely scenario.]
Compression/conflation of the transport stack will likely be both a
driver and an effect of this trend, over time.
-------
Roland Dobbins // <http:
formation, IMHO.
-------
Roland Dobbins // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales really well.
-- Kevin Lawton
On Aug 5, 2009, at 10:20 PM, Erik Soosalu wrote:
Multiple systems end up with problems.
Yes, and again, I'm not advocating this approach. I just think it's
most likely where we're going to end up, long-term.
---
?)?
---
Roland Dobbins // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales really well.
-- Kevin Lawton
,
along with the DNS BCPs, and you'll be much better prepared to detect,
classify, traceback, and mitigate attacks. The key is to ensure
you're making use of hardware-based routers which can handle high pps.
----
this and related aspects . . .
-----------
Roland Dobbins // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales really well.
-- Kevin Lawton
his way lies madness.
-------
Roland Dobbins // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales really well.
-- Kevin Lawton
need to talk to one another - and it has other benefits, as well.
---
Roland Dobbins // <http://www.arbornetworks.com>
Sorry, sometimes I mistake your existential crises for technical
insights.
-- xkcd #625
ances.
---
Roland Dobbins // <http://www.arbornetworks.com>
Sorry, sometimes I mistake your existential crises for technical
insights.
-- xkcd #625
.
---
Roland Dobbins // <http://www.arbornetworks.com>
Sorry, sometimes I mistake your existential crises for technical
insights.
-- xkcd #625
yer-3. Otherwise,
you're just asking for trouble, IMHO.
-------
Roland Dobbins // <http://www.arbornetworks.com>
Sorry, sometimes I mistake your existential crises for technical
insights.
-- xkcd #625
astructure.
-------
Roland Dobbins // <http://www.arbornetworks.com>
Sorry, sometimes I mistake your existential crises for technical
insights.
-- xkcd #625
or frequent procedure is daft.'
-------
Roland Dobbins // <http://www.arbornetworks.com>
Sorry, sometimes I mistake your existential crises for technical
insights.
-- xkcd #625
e EID with inappropriate
significance which tend to cause most of the problems.
-------
Roland Dobbins // <http://www.arbornetworks.com>
Sorry, sometimes I mistake your existential crises for technical
insights.
use of IP SLA, is it not?
-------
Roland Dobbins // <http://www.arbornetworks.com>
Sorry, sometimes I mistake your existential crises for technical
insights.
-- xkcd #625
up' systems is never adequate and/
or allowed.
Layer-2 between sites is evil, as well.
Layer-3-independence and active/active/etc. is where it's at in terms
of high availability in the 21st Century. GSLB, et. al.
----------
atforms to
accomplish this without having to re-invent the wheel every time.
-------
Roland Dobbins // <http://www.arbornetworks.com>
Sorry, sometimes I mistake your existential crises for te
301 - 400 of 437 matches
Mail list logo
