Re: DDoS Mitigation Survey

2020-01-20 Thread Jean | ddostest.me via NANOG
Where can we find public information on how to use S/RTBH and which providers support it. Thanks Jean On 2020-01-14 17:31, Dobbins, Roland wrote: There are literally decades of information on these topics available publicly. Router and switch ACLs (both static and dynamically-updated via flow

Re: DDoS Mitigation Survey

2020-01-20 Thread Jean | ddostest.me via NANOG
uRPF loose or strict. Which ISP supports it? So far, I found none through public information. On 2020-01-20 10:38, Dobbins, Roland wrote: On 20 Jan 2020, at 19:59, Jean | ddostest.me via NANOG wrote: Where can we find public information on how to use S/RTBH This .pdf preso on mitigation

Re: DDoS Mitigation Survey

2020-01-20 Thread Jean | ddostest.me via NANOG
Exactly, so one of the best option to fight DDoS is not available through public information. @Lumin: You should start your investigation with uRPF loose. Best regards, Jean On 2020-01-20 11:31, Dobbins, Roland wrote: On 20 Jan 2020, at 22:49, Jean | ddostest.me wrote: uRPF loose or stri

Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC

2020-01-28 Thread Jean | ddostest.me via NANOG
Maybe we're looking at the wrong place when dealing with TCP amp. I believe there is a much easier way to solve this. @OP: can you post the tcp flags of the SYN/CK you are receiving from Sony? Thanks Jean On 2020-01-27 20:49, Damian Menscher via NANOG wrote: On Mon, Jan 27, 2020 at 5:43 PM Tö

Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC

2020-01-28 Thread Jean | ddostest.me via NANOG
But you do receive the SYN/ACK? The way to open a TCP socket is the 3 way handshake. Sorry to write that here... I feel it's useless. 1. SYN 2. SYN/ACK 3. ACK Step 1: So hackers spoof the original SYN with your source IP of your network. Step 2: You should then receive those SYN/ACK pack

Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC

2020-01-30 Thread Jean | ddostest.me via NANOG
en if the ip is not even exposed to the internet, services will blacklist us. Even if we don't respond, and block every request from the internet incoming & outgoing. On 28.01.2020 22:36:18, "Jean | ddostest.me via NANOG" wrote: But you do receive the SYN/ACK? The way

Re: Jenkins amplification

2020-02-03 Thread Jean | ddostest.me via NANOG
Netgate bought Pfsense and they already started to destroy it. You should consider to switch to Opnsense. On 2020-02-03 14:34, Matt Harris wrote: fSense on a VM with relatively minimal resources running your VPNs works very well

Re: Jenkins amplification

2020-02-03 Thread Jean | ddostest.me via NANOG
https://en.wikipedia.org/wiki/PfSense In November 2017, a World Intellectual Property Organization panel found that Netgate, the copyright holder of pfSense, had been using the domain opnsense.com in bad faith to discredi

CISCO 0-day exploits

2020-02-07 Thread Jean | ddostest.me via NANOG
CDPwn: 5 new zero-day Cisco exploits https://www.armis.com/cdpwn/ What's the impact on your network? Everything is under control? Jean

Re: CISCO 0-day exploits

2020-02-10 Thread Jean | ddostest.me via NANOG
I really thought that more Cisco devices were deployed among NANOG. I guess that these devices are not used anymore or maybe that I understood wrong the severity of this CVE. Happy NANOG #78 Cheers Jean On 2020-02-07 09:21, Jean | ddostest.me via NANOG wrote: CDPwn: 5 new zero-day Cisco

Re: CISCO 0-day exploits

2020-02-10 Thread Jean | ddostest.me via NANOG
x27;t believe me so I showed them the netflows. We were very surprised to see that. We thought that drop means drop. On 2020-02-10 08:40, Saku Ytti wrote: On Mon, 10 Feb 2020 at 13:52, Jean | ddostest.me via NANOG wrote: I really thought that more Cisco devices were deployed among NANOG. I

Re: TCP-AMP DDoS Attack - Fake abuse reports problem

2020-02-20 Thread Jean | ddostest.me via NANOG
It doesn't sound to be a real amplification.. If it is, can anyone provide the amplification factor? 1x? It sounds more like a TCP spoofing. Jean On 2020-02-20 18:22, Töma Gavrichenkov wrote: Peace, On Fri, Feb 21, 2020, 1:57 AM Filip Hruska > wrote: [..] OVH has

Re: backtracking forged packets?

2020-03-14 Thread Jean | ddostest.me via NANOG
Hi Bill, can you post some forged packets please? You can send them offlist if you prefer. It seems to be similar to what Octopus experience few weeks ago on this list. Thanks Jean St-Laurent | CISSP #634103

Re: backtracking forged packets?

2020-03-14 Thread Jean | ddostest.me via NANOG
Regards, Jean St-Laurent On 2020-03-14 11:46, William Herrin wrote: On Sat, Mar 14, 2020 at 4:02 AM Jean | ddostest.me via NANOG wrote: can you post some forged packets please? You can send them offlist if you prefer. Hi Jean, Here are a couple examples (PDT this morning): 08:22:43.413250 IP (t

Re: backtracking forged packets?

2020-03-15 Thread Jean | ddostest.me via NANOG
I believe that Oculus blocked the RST and not the SYN/ACK. It sounds the same but, it's not. I see 2 options here: 1. Continue to be DDoS and abuse. The result is maybe they will move on, but I doubt. 2. Try to block the malformed SYN/ACK and it will probably solve your issue. You have noth

Re: Viability of GNS3 network simulation for testing features/configurations.

2019-10-16 Thread Jean | ddostest.me via NANOG
I heard good stuff about Cisco Virl. It's like an ESX for network devices. On 2019-10-16 15:23, Jason Kuehl wrote: I use the server version of GNS and I love it.  I just need to VPN into my DC and use my client to connect to GNS. On Wed, Oct 16, 2019 at 2:22 PM Mike Bolitho

Re: DDoS attack

2019-12-09 Thread Jean | ddostest.me via NANOG
On which UDP port? On 2019-12-09 15:07, ahmed.dala...@hrins.net wrote: Dear All, My network is being flooded with UDP packets, Denial of Service attack, soucing from Cloud flare and Google IP Addresses, with 200-300 mbps minimum traffic, the destination in my network are IP prefixes that is c

[Tier1 ISP]: Vulnerable to a new DDoS amplification attack

2016-12-21 Thread Jean | ddostest.me via NANOG
Hello all, I'm a first time poster here and hope to follow all rules. I found a new way to amplify traffic that would generate really high volume of traffic.+10Tbps ** There is no need for spoofing ** so any device in the world could initiate a really big attack or be part of an attack. We

Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack

2016-12-22 Thread Jean | ddostest.me via NANOG
I admit that I have a lot of guts. Not sure who said that I am a booter or that I operate a booter. I fight booter since more than 5 years and who would be stupid enough to put his full name with full address to a respected network operators list? Definitely not me. I want to help and fix th

Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack

2016-12-22 Thread Jean | ddostest.me via NANOG
largest DDoS ever seen in the wild whilst 3 months into a position at a company that sells 'self-DDoS' services for testing purposes. In that absence of anything more than 'GUYZ THIS IS SERIOUS' , with no technical details, you can surely understand the skepticism. On Thu

Re: Attacks on BGP Routing Ranges

2018-04-19 Thread Jean | ddostest.me via NANOG
Maybe we are missing a key item here. Ryan, is the attack on the BGP peering range killing your router or is it an attack saturating the link? Do you have some netflow samples of one of these attacks or any kind of hints of what happened? Jean St-Laurent On 04/18/2018 11:01 PM, Roland Do

Re: IPv6 faster/better proof? was Re: Need /24 (arin) asap

2018-06-23 Thread Jean | ddostest.me via NANOG
From an Apple device point of view, ipv6 should be faster than ipv4 where both are available. Because, Apple adds a 25 ms artifical penalty to ipv4 dns resolution. https://ma.ttias.be/apple-favours-ipv6-gives-ipv4-a-25ms-penalty/ So if you test facebook from a Mac/iPhone/iPad, it will definite

Re: Any Gmail Admins on here?

2018-10-27 Thread Jean | ddostest.me via NANOG
Expired certificate, confirmation email delivered in SPAM. I agree that it looks phishy even if it's probably not. When you read the email In gmail, you can click on the 3 little dots, which will expand a menu and then on "Show original" You should see 3 important email attributes for helping

Re: Spoofer Project

2017-08-10 Thread Jean | ddostest.me via NANOG
Is it me or NANOG's AS allowing spoofing? https://spoofer.caida.org/as.php?asn=19230 On 17-08-03 09:19 PM, Matthew Luckie wrote: > Hi, > > The CAIDA Spoofer project has been collecting and publicly sharing > data on the deployment of source address validation since March 2016. > We've built up a

Re: Alternatives to ISE?

2017-12-03 Thread Jean | ddostest.me via NANOG
I'm about to try this one. https://packetfence.org/ Not sure if it covers all the features you need though, but it seems promising. In case you give it a try, could you share your experience please? Thanks Jean On 17-12-03 09:48 AM, segs wrote: > Forescout but if you want something simpler with

Re: Suggestions for a more privacy conscious email provider

2017-12-03 Thread Jean | ddostest.me via NANOG
If you plan to use it for a small group of people, you should consider hosting it yourself. You could set it up with SPF, dkim, dmarc, ipv6. It could be seen as a personal challenge to achieve. Then if you need real privacy, you will need to encrypt with public keys like PGP or S/MIME. You can up

Spectre/Meltdown impact on network devices

2018-01-07 Thread Jean | ddostest.me via NANOG
Hello, I'm curious to hear the impact on network devices of this new hardware flaws that everybody talk about. Yes, the Meltdown/Spectre flaws. I know that some Arista devices seem to use AMD chips and some say that they might be immune to one of these vulnerability. Still, it's possible to spawn

Re: Blockchain and Networking

2018-01-09 Thread Jean | ddostest.me via NANOG
BTC miners use asics. Big switches/routers use 100Gb asics. Some switches have multiple 100 Gb asics and sometimes only half is use or even less. I guess it could be nice for some smaller telcos to generate some profit during off peak period. I don't know how feasible and I fully understand that t

Re: Opensource SNMP Trap Receivers ???

2018-02-13 Thread Jean | ddostest.me via NANOG
People often brag that snmp is super easy. You soon find out that it's not always the case. Some vendors do it better than others. Whataver the tool you will use, it's important to keep in mind to start small. My biggest advice is to start with 1 small example. One that is needed for you now

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

2018-02-28 Thread Jean | ddostest.me via NANOG
I ran a full scan of the internet with zmap to find vulnerable memcached servers from an AWS server. AWS received an abuse report and forwarded it to me. I deleted the VM and the case was close... LOL OVH Is not dumb. Do you know how easy it is to deploy a VM today with all the automated fra

Re: NG Firewalls & IPv6

2018-04-03 Thread Jean | ddostest.me via NANOG
If by NextGen you meant performance, then I recommend to have a look at kipfw over Netmap driver on a FreeBSD 11 box. You buy a couple of Chelsio 40 Gbps or 100 Gbps NIC and you are in business. It was mentioned here in NANOG couple of years ago. Very good stuff, but you will need to invest a