Has anyone run across any DDoS/anomoly detection applications that are based on
netflow, preferable v9? I ran across a really old application called Panoptis,
but it does not appear to have any recent development. Does anyone have any
experience with this product or anything similar?
Thomas
>Cisco IOS has a similar feature.
>
>reload in 5
>make changes
>verify things are working
>reload cancel
There seems to be a better way to do it in IOS that will not reload the router:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtrollbk.html
I haven't tried it since all my g
> The problem is, it doesn't seem to support an automated rollback
> function. You'd need OOB to get access in many cases to do the rollback.
I thought that is what 'configure terminal revert timer x' did. It looks like
you have to do a 'configure confirm' before the revert time expires or it
Try doing it under the 'address-family ipv4'?
I've never seen any version of IOS not take it.
-Original Message-
From: Greg Whynott [mailto:greg.whyn...@oicr.on.ca]
Sent: Friday, January 14, 2011 9:00 AM
To: nanog@nanog.org list
Subject: BGP route-map options
Following a few documents o
Wait...
Does the router even accept 'neighbour' instead of ' neighbor'?
-Original Message-
From: Greg Whynott [mailto:greg.whyn...@oicr.on.ca]
Sent: Friday, January 14, 2011 9:00 AM
To: nanog@nanog.org list
Subject: BGP route-map options
Following a few documents on how to use route-m
I would consider doing it through BGP via quagga or such. Nullrouting with BGP
is much cleaner than ACLs as your config stays static and only your routing
table changes. I also imagine due to existing BGP blacklisting methods, that
much of the work is already done and all you need is to get th
Also, have you considered just using the spamhaus DROP list? They even have
code to have the list pushed to IOS available. You could simply substitute
your file for their list if you only want to use IPs caught by your honeypot.
http://www.spamhaus.org/faq/answers.lasso?section=DROP%20FAQ
--
-Original Message-
From: ML [mailto:m...@kenweb.org]
Sent: Tuesday, January 18, 2011 4:28 PM
To: nanog@nanog.org
Subject: Re: Auto ACL blocker
> I know Spamhaus doesn't offer a BGP feed of the DROP list. Has anyone
> made a homegrown solution?
"DROP is currently available only as a sim
LOL.. oops.. I guess I could just use 65xxx.
-Original Message-
From: Thomas Magill [mailto:tmag...@providecommerce.com]
Sent: Tuesday, January 18, 2011 5:23 PM
To: m...@kenweb.org; nanog@nanog.org
Subject: RE: Auto ACL blocker
-Original Message-
From: ML [mailto:m...@kenweb.org
start testing. Does
anyone see that as a useful service to be offered?
Thomas Magill
Network Engineer
Office: (858) 909-3777
Cell: (858) 869-9685
tmag...@providecommerce.com<mailto:tmag...@providecommerce.com>
provide-commerce
4840 Eastgate Mall
San Diego, CA 92121
ProFlowers
Ramasubramanian [mailto:ops.li...@gmail.com]
Sent: Wednesday, January 19, 2011 6:20 PM
To: Thomas Magill
Cc: nanog@nanog.org
Subject: Re: Update Spamhaus DROP list from Cisco CLI (TCL)
Did you try this
http://www.spamhaus.org/faq/answers.lasso?section=DROP%20FAQ#168
LInks to Marco d'Itri's &q
you have a 20:1 oversubscription?
I have read in NANOG archives 100Mbps/1,000 users for a school campus
environment; would residential be equivalent?
Any input would be greatly appreciated.
Thomas Magill
Network Engineer
Office: (858) 909-3777
Cell: (858) 869-9685
tmag...@providecommerce.com&l
I have to agree with this. Port-channels add no value with the way ESX
load-balances. In fact, we had a few issues arise because of them and
converted everything to native ESX LB.
-Original Message-
From: Jimmy Hess [mailto:mysi...@gmail.com]
Sent: Monday, June 20, 2011 3:01 PM
To: Ma
through our
backup provider and that resolved the issue, but more keep popping up due to
DNS changes. Has anyone else had any issues with akamaiedge.net today?
If an Akamai operator is on please email me offline.
Thomas Magill
Sr. Network Engineer
Office: (858) 909-3777
Cell: (858) 869-9685
2012 5:49 PM
To: Thomas Magill
Cc: nanog@nanog.org
Subject: Re: Akamai/Integra issue?
May be the attack on Facebook put Akamai into DEFCON 1 ?
http://www.readwriteweb.com/archives/anonymous_claims_responsibility_for_facebook_outag.php
Rubens
On Wed, Jan 25, 2012 at 10:14 PM, Thomas Magill
etter ways to do this? Also, if anyone has a
consolidated list of provider TE communities that would be a great
resource.
Thomas Magill
Network Engineer
Office: (858) 909-3777
Cell: (858) 869-9685
tmag...@providecommerce.com
provide-commerce
4840 Eastgate Mall
San Diego, CA 92121
ProFl
All of the major providers I have worked with have required proof of
'ownership' of address space or an LoA from the registered holder of that space
before they would allow advertisements from me, which are then filtered. Is
this not the norm? I can understand if they are talking about an oper
= 128 Bytes
This is my first attempt at a script this complex so if you have any
input/suggestions they are welcome.
#
#
#
# psize.tcl
#
# By Thomas Magill
ata I want. Other products I have used allow
such better ability to drill in to data but solarwinds has let me down
in the netflow arena.
-Original Message-
From: James Hess [mailto:mysi...@gmail.com]
Sent: Sunday, May 23, 2010 4:14 PM
To: Christopher Gatlin
Cc: Thomas Magill; nanog@nano
>From the provider side, are most of you who are implementing IP6
peerings running BGP over IP4 and just using IP6 address families to
exchange routes or doing IP6 peering?
Thomas Magill
Network Engineer
Office: (858) 909-3777
Cell: (858) 869-9685
mailto:tmag...@providecommerce.
.
-Original Message-
From: Owen DeLong [mailto:o...@delong.com]
Sent: Monday, May 24, 2010 11:30 AM
To: Thomas Magill
Cc: nanog@nanog.org
Subject: Re: Quick IP6/BGP question
At Hurricane, most of our IPv6 peerings are exchanging over IPv6
addresses.
In general, most routers work better if you run
just acting as a BGP
peer so it has one set of full tables. It seems to be a process on the
Linux OS side that has the leak as the IOS memory commands show
everything staying pretty static.
Thomas Magill
Network Engineer
Office: (858) 909-3777
Cell: (858) 869-9685
mailto:tmag...@providecommerc
-
From: Rubens Kuhl [mailto:rube...@gmail.com]
Sent: Thursday, June 10, 2010 12:34 PM
To: Thomas Magill
Cc: nanog@nanog.org
Subject: Re: Google Issues?
This usually indicates a heavily malware-contaminated userbase or
1-to-N NAT/PAT with a large N. Having both is what usually triggers
this, but
isn't really an operator issue but there are enough
knowledgeable people here that I thought I would ask.
Thomas Magill
Network Engineer
Office: (858) 909-3777
Cell: (858) 869-9685
mailto:tmag...@providecommerce.com <mailto:tmag...@providecommerce.com>
provide-commerce
4840 Ea
. Thanks in advance for any input.
Thomas Magill
Network Engineer
Office: (858) 909-3777
Cell: (858) 869-9685
mailto:tmag...@providecommerce.com <mailto:tmag...@providecommerce.com>
provide-commerce
4840 Eastgate Mall
San Diego, CA 92121
ProFlowers <http://www.profl
Thanks to everyone who replied. That settles it! I'm going to do it.
-Original Message-
From: Jack Carrozzo [mailto:j...@crepinc.com]
Sent: Friday, February 12, 2010 1:14 PM
To: Steve Bertrand
Cc: Thomas Magill; nanog@nanog.org
Subject: Re: CYMRU Bogon Peering
I agree - quick
09.172.69.128/30
y.y.y.y 0 6130 16467 64565
i
* i x.x.x.x0100 0 6130 16467 64565
i
*> 213.146.161.0y.y.y.y 0 6130 2828 174
64679 48493 i
* i x.x.x.x0100 0 6130
on of this isn't to start a "what's good or bad about IP6 and
what still doesn't work" debate.. I'm just generally curious about how
these two seem like easy ways to make more efficient use of what we have
already.
Thomas Magill
Network Engineer
Office: (858) 90
>The most we could achieve would be to extend IPv4 freepool lifespan
>by roughly 26 days. Given the amount of effort sqeezing useful
>addresses out of such a conversion would require, I proffer that
>such effort is better spent moving towards IPv6 dual stack on your
>networks.
A /8 sounded like a
>That brings a question to mind. As an ISP, with IPv4, end sites that
>are multihoming can justify a /24 from us (or another upstream) and
>announce it through multiple providers. With IPv6, are they supposed
to
>get their block from ARIN directly if they are multihoming? In other
>words, should
>According to ARIN, _IF_ you meet their requirements for obtaining an
IPv4
>block, then, you ALSO automatically meet their requirements for
obtaining
>an IPv6 block.
Thank you for the clarification. I am obviously in the very early stage
of planning IPv6 for our company with hopes of at least hav
That is the best thing I've seen today. Kudos to whoever wrote that. :)
-Original Message-
From: Joe Greco [mailto:jgr...@ns.sol.net]
Sent: Thursday, April 01, 2010 3:42 PM
To: nanog@nanog.org
Subject: Important: IPv4 Future Allocation Concept RFC
Someone suggested this be posted more v
I'm in San Diego and at my last company we had to replace all 2.4Ghz wireless
with 5Ghz when we started getting hammered across that range by a signal about
90db higher than our APs by something. We were never able to identify what it
was, but the signal looked odd and an ex-navy coworker said
Does anyone know if there is a route-server for AS 20001 available? All I can
find is TW (4323).
Thomas Magill
Network Engineer
Office: (858) 909-3777
Cell: (858) 869-9685
mailto:tmag...@providecommerce.com
provide-commerce
4840 Eastgate Mall
San Diego, CA 92121
ProFlowers<h
34 matches
Mail list logo
