Also how are folks testing ddos protection? What lab gear,tools,methods are you
using to determine effectiveness of the mitigation.
On January 8, 2015 11:01:47 AM CST, "Manuel Marín" wrote:
>Nanog group
>
>I was wondering what are are using for DDOS protection in your
>networks. We
>are current
SSL is no problem. We just had a whole thread about breaking it. :-)
On January 19, 2015 5:16:43 PM CST, George Herbert
wrote:
>Emulating game traffic... Good luck with that. You'll probably have
>to figure it out and build your own models per service, though a lot is
>encapsulated in https.
As a zenoss plugin, I agree.
On January 19, 2015 7:22:36 PM CST, Roland Dobbins wrote:
>
>On 20 Jan 2015, at 5:10, Michael O Holstein wrote:
>
>> I need something that emulates the actual game traffic as would be
>> classified by all the network crap that endeavors to mess with it.
>
>That soun
Ixia is very very expensive and has its own sets of "fun", though it is a nice
appliance for playing with packets. Though its more for protocol compliance
testing and load generation.
You'll find that protocol exploration and... h... exploitation is an
incredibly mature field in floss.
ht
There is no free lunch. If you want " tools that end users can just use" then
buy Cisco.
Otherwise you need to roll up your sleeves and take the pieces and put them
together. Or hire people like me to do it for you.
It isn't overly complicated in my opinion. Also you'll find plenty of
reason
Checkout security onion. Its got a pretty nice suite of tools and can run a (or
many) dedicated sensor system and communicate back to a central system.
As for SSL MITM, see the recent nanog thread for a full layer 2 to layer 8
ramifications of that activity.
For ssh mitm, I don't know of any t
Hmmm, I am seeing about 20ms from a VPS in Seattle, do you happen to
have a trace of the path with this issue?
/Charles
On Fri, Sep 18, 2015 at 1:50 PM, Florin Andrei wrote:
> I'm seeing 250 ms between California and Oregon. Not just AWS, but also
> between, say, Comcast and AWS.
Do you happen to have a copy of the path going in the other direction?
Based on this it seems that the issue starts after this leaves NTT.
/Charles
On Wed, Sep 23, 2015 at 9:01 PM, Paras wrote:
> Hi all,
>
> Is anyone else seeing high latency and huge packet loss at NTT's
37.689 ms 1883.235 ms
3 12.83.37.205 (12.83.37.205) 1972.528 ms !X * *
/Charles
They are in the phone book. Call them. Or walk into a field office near you.
Don't bother nanog with such a generic / teasing question, its incredibly
annoying. No one is going to provide you with a contact of any seriousness with
such a generic query.
On February 26, 2015 5:41:52 PM CST, jam
Checkout trigger for what seems to be the most viable system:
https://trigger.readthedocs.org/en/latest/
On March 13, 2015 7:59:13 PM CDT, Pablo Lucena
wrote:
>I have great hopes for Schprokits. The idea behind it is outstanding -
>an
>Ansible for networking. It must be tough though, integrat
Use a git repository.
Make tagged releases.
This enables far easier distributed editing, translating, mirroring etc. And
you can still do whatever release engineering you want.
A wiki is a horrible solution for something like this.
On March 15, 2015 8:24:49 AM CDT, Rob Seastrom wrote:
>
>Wi
Yeah, looks like this just made it to the list:
>This morning we suffered a hardware failure in our production environment.
>The outage affected nanog mail and web services. While mail services have
>recovered, web services are still down.
On Wed, Jun 3, 2015 at 8:31 AM, Bob Evans wrote:
> Not s
Does anyone at Level3 care to comment here about this event, and if
there are any plans to push BGP prefix security?
2015-06-12 8:25 GMT-05:00 Jürgen Jaritsch :
> http://www.bgpmon.net/massive-route-leak-cause-internet-slowdown/
>
>
>
> Jürgen Jaritsch
> Head of Network & Infrastructure
>
> ANEXIA
I just use SSH to ip:portnum . Used the web ui for initial setup. Never used an
applet. Didn't know one existed.
This is on an acs48 model. I forget the pdu model (cyclades i something), they
just daisychain off the acs and you can hit a key combo to powercycle.
david peahi wrote:
>We have u
Not sure how bsd handles ipip connections. If it breaks them out as a dedicated
interface (like it does for openvpn connections) , then rules can be applied
and pfsense would be quite useful. The UI is very simple.
Warren Bailey wrote:
>Look into pfsense. It's rock solid and bad based, and can
If you are OK with USB ether net for one interface, check out the tplink
wr703n. Its powered via USB, has a USB and rj45 jack. Runs OpenWrt.
Leo Bicknell wrote:
>
>On Aug 15, 2013, at 9:18 PM, Brandon Martin
>wrote:
>
>> As to why people wouldn't put them behind dedicated firewalls,
>imagine
Yes. Logstash shipper on your syslog proxy, forward to elasticsearch. Graylog2
is very cool. Tried kibana and didn't care for it.
Actually setting up graylog2 right now to do AD authentication.
So workflow is
End device -> syslog-ng vm -> graylog2/elasticsearch vm and other destinations
(it
On hp proliant gen8 servers with management and ilo on same port, with the
server off the ports show up as 100mbps.
Jimmy Hess wrote:
>On Fri, Aug 30, 2013 at 6:42 AM, Jamie Bowden wrote:
>
>> > From: Saku Ytti [mailto:s...@ytti.fi]
>> Considering that Dell and HP at least are shipping brand n
On 08/23/2010 07:40 AM, Scott Berkman wrote:
Are you looking only at Open Source tools? If not you are missing all of
the most widely deployed tools out there (including):
You will also need to look at separate security monitoring software if your
goal is to cover that. Not including any comm
ploy a service at minimal cost, using mainly open source
>software.
>
>
>All comments, suggestions, recommendations, draft, success stories are well
>come.
>
>
>Feel free to contact me for additional information.
>
>
>
>Warms regards,
>Georges-Keny PAUL
--
from
This has been a very informative thread. All sorts of acronyms to
research and so forth. :)
The mention of TR-101 took me down another rabbit hole, and I discovered
http://www.dslforum.org/trlist/trlist.php.
Very interesting info.
Charles
--
Charles N Wyble (818) 280-7059
http
ning on looking into this problem in a few weeks anyway. I'm
building a network test bed and having full BGP tables is a part of my
testing.
When I figure it out I'll post to the list unless its figured out before
then.
--
Charles N Wyble (818) 280-7059
http://charlesnw.blogspot.com
g00g could decide to never leave the
announce phase.
- --
Charles N Wyble
Linux Systems Engineer
(818)280-7059 char...@knownelement.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozde
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jared Mauch wrote:
> I think it's great!
>
> I've been preparing to float a similar idea locally.
>
> If this is how they use their market cap, I would love for them to do it in
> my local market, which does seem to hold a near-and-dear place in the
office.
Your request is pretty vague :)
What geographic area? What type (sea? land?) etc etc.
There are a few companies who sell this data as well. After 9/11 it got
really hard, but judicious use of search engines will find most stuff.
- --
Charles N Wyble
Linux Systems Engineer
char...@knownel
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jared Mauch wrote:
> On Feb 10, 2010, at 4:57 PM, Charles N Wyble wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Jared Mauch wrote:
>>> I think it's great!
>>>
>>> I
st who recently
announced a v6 beta, and impulse.net for folks in the SoCal region. Not
sure of any other CLEC types offering v6, but if you are speak up!
I guess the phrase innovate/catch up or get run over applies here. :)
- --
Charles N Wyble
Linux Systems Engineer
char...@knowne
quick. :) Ideally the more we can
stave off issues through proactive testing/fixing the better.
- --
Charles N Wyble
Linux Systems Engineer
char...@knownelement.com (818)280-7059
http://www.knownelement.com
Unless agreed upon, assume everything in this e-mail might be blogged.
-BEGIN PGP SIGNATURE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tony Finch wrote:
> On Mon, 15 Feb 2010, Charles N Wyble wrote:
>> How are folks verifying DNSSEC readiness of their environments? Any
>> existing testing methodologies / resources that folks are using?
>
> Here's my summary
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Florian Weimer wrote:
> * Charles N. Wyble:
>
>
>> It seems like this is something that will become a front and center
>> issue for help desks everywhere pretty quick. :)
>
> Why do you think so? Would you even noti
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark Andrews wrote:
> In message <4b798f1e.6080...@knownelement.com>, Charles N Wyble writes:
>> All,
>>
>> How are folks verifying DNSSEC readiness of their environments? Any
>> existing testing methodologies
p.
The biggest problem is middle mile. That is where the money needs to go.
You need something to back haul to the interwebz. There is a lot of
fiber in the ground already, but there are numerous layer 8 issues with
getting to it most of the time. Solving those is an exercise left for
the reader
Guillaume FORTAINE wrote:
> Misters,
>
> No comments ?
>
> http://docs.google.com/viewer?url=http://www.loud-fat-bloke.co.uk/obeseus2.pdf
>
>
> http://docs.google.com/viewer?url=http://www.parliament.uk/documents/upload/F012Interoute121109.pdf
>
>
> http://barometer.interoute.com/barom_main.php
Th
bit gossip wrote:
> Nessus is a vulnerability scanner:
>
> http://www.nessus.org/nessus/
>
> Ixia provides a full Nessus implementation in one of its platform.
>
Well these days I would use http://www.openvas.org and
http://www.metasploit.org
for vulnerability scanning and analysis.
However th
Nathan Ward wrote:
> Hire/buy what I know as a router tester. People call them different things.
> It's a device that generates packets,
Linux has a packet generator in the kernel as well.
More info readily available from your local search engine.
> and can normally simulate TCP etc. all the
On 03/22/2010 10:24 AM, Andrews Carl 448 wrote:
I need to setup an OpenLDAP server for proxy authentication to Microsoft
Active Directory. From what I have been able to determine this is
completely possible but I am missing something. I have the O'Reilly LDAP
book but it was written several yea
Hopefully this e-mail is considered operational content :)
The recent thread on the new linkys kit and ipv6 support got me thinking
about CPE choice.
What good off the shelf solutions are out there? Should one buy the high
end d-link/linksys/netgear products? I've had bad experiences with t
On 03/31/2010 05:04 PM, Nick Hilliard wrote:
On 31/03/2010 23:55, Charles N Wyble wrote:
Some people have said that the Fritz!box is quite good. No idea if
it's approved for use in the US.
Nick,
Thanks for posting this. I wasn't aware of this product. It looks pretty
cool.
On 03/31/2010 04:03 PM, Jack Carrozzo wrote:
Given a marked lack of $significant funding for home routing, I rock
BSD boxen all over.
Cool. I'm looking at pfsense to replace my cisco. I want to move the
router to my lab for CCIE studies.
Have you tried pfsense, or do you find the built in
fun
On 03/31/2010 04:03 PM, Joe Johnson wrote:
I have a small HP dummy terminal I installed a CFIDE card in with m0n0wall that
has run beautifully for the past 3 years.
No moving parts I take it? I think I've played with m0n0wall in the past.
Barely has any power draw and cost me a whopping $1
On 03/31/2010 04:07 PM, William Warren wrote:
I run Astaro on a p-4 celey i had lying around. Get far more than any
little router you'll see..can't beat the price.
Astaro looks cool. I hadn't heard of it before. Thanks for sharing.
Thank you everyone for your replies! :) It's been great having an
operational type discussion.
Here is my summary of the thread:
Software:
Linux:
Vyatta
IPCop
Astaro
BSD:
pfSense
m0n0wall (I didn't know this was the base for pfSense until I started
researching it today)
Appliances:
Junipe
Hmmm... it is 2pm on a Friday afternoon. I guess it's the appropriate
time for this thread.
*grabs popcorn and sits back to watch the fun*
On 2/3/2011 7:43 PM, Jay Ashworth wrote:
An armed FBI special agent shows up at your facility and tells your ranking
manager to "shut down the Internet".
Let's look at this from a different perspective. What level of
impairment would the feds face if they ordered wide spread
net shut downs. D
or me, and I hope to be at parity with v4 by
end of Q1.
I'll probably do a separate "ipv6 for datacenter/application operators"
presentation at some point in Q2. I know there will be one at SCALE this
year, by one of our frequent v6 posters. :)
- --
Charles N Wyble (char...@knownelement.c
ks for brining up a solid operational topic and giving us a break. :)
- --
Charles N Wyble (char...@knownelement.com)
Systems craftsman for the stars
http://www.knownelement.com
Mobile: 626 539 4344
Office: 310 929 8793
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Com
on with the program and get to the bargaining phase?
Isn't that CGNAT? :)
- --
Charles N Wyble (char...@knownelement.com)
Systems craftsman for the stars
http://www.knownelement.com
Mobile: 626 539 4344
Office: 310 929 8793
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GN
lysis site which says "warning: your
> ipv6 is broken!". And give reasons ... point out misconfiguration
> like your examples above, regardless of whether it's dns or global
> load balancers. We'll see v6 adoption skyrocket overnight. ;)
http://test-ipv6.com/ is
ubuntu on it
(android os is quite nice on a phone. larger system i would prefer to
have ubuntu). (before you sneer at me, i've been using linux for almost
15 years, and want something that just works :)
- --
Charles N Wyble (char...@knownelement.com)
Systems craftsman for the stars
http:/
On 3/24/2011 10:34 PM, Patrick W. Gilmore wrote:
On Mar 24, 2011, at 7:27 PM, Ravi Ramaswamy wrote:
"Tier 1 ISP" is a nebulous term.
Indeed it is. See http://en.wikipedia.org/wiki/Peering and
http://en.wikipedia.org/wiki/Tier_1_network for more information. I'm
guessing you are using Tier 1
On 2020-03-13 23:23, William Herrin wrote:
> Can anyone suggest tools, techniques and helpful contacts for
> backtracking spoofed packets? At the moment someone is forging TCP
> syns from my address block. I'm getting the syn/ack and icmp
> unreachable backscatter. Enough that my service provider b
raffic.
I would like to hear what others are doing for BCP38 deployments for BGP
customers. Are you taking the stance of "if you don't send us the prefix, then
we don't accept the traffic"? Are you putting in some kind of fall back filter
in based on something like IRR da
Hello!
New message, please read <http://accommodation.za.bz/eye.php?ntwm3>
Charles Gagnon
401 - 454 of 454 matches
Mail list logo
