- Test - lists.nanog.org

Re: Alternative to BGP-4 for multihoming?
by Paul Vixie 02 Mar '00

02 Mar '00

> http://www.radware.com/product/lproof/Default.htm > > I have a customer that requires multihoming and they want to use Linkproof > and I want them to do BGP-4. Does anyone have any experience using this as > an alternative to BGP-4? According to ftp://ftp.vix.com/pub/vixie/ifdefault/, this idea has been around for several years, and does not require any closed-source products. -- Paul Vixie <vixie(a)mibh.net> SVP for Internet Services, MFNX M.I.B.H. Inc. is a subsidiary of Metromedia Fiber Network, Inc.

1 0

Forwarded: 47th IETF: ITRACE BOF
by Steven M. Bellovin 02 Mar '00

02 Mar '00

------- Forwarded Message Return-Path: <ietf-123-owner(a)loki.ietf.org> Received: from postal.research.att.com by fetchmail-4.5.7 POP3 for <smb/localhost> (single-drop); Wed, 01 Mar 2000 19:23:02 EST Received: from mail-green.research.att.com (mail-green.research.att.com [135.207.30.103]) by postal.research.att.com (8.8.7/8.8.7) with ESMTP id TAA10215 for <smb(a)postal.research.att.com>; Wed, 1 Mar 2000 19:20:12 -0500 (EST) Received: by mail-green.research.att.com (Postfix) id 1F98A1E032; Wed, 1 Mar 2000 19:20:12 -0500 (EST) Received: from loki.ietf.org (loki.ietf.org [132.151.1.177]) by mail-green.research.att.com (Postfix) with ESMTP id 10D301E036; Wed, 1 Mar 2000 19:20:07 -0500 (EST) Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id SAA05354 for ietf-123-outbound.01(a)ietf.org; Wed, 1 Mar 2000 18:25:00 -0500 (EST) Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id SAA05280 for <all-ietf(a)loki.ietf.org>; Wed, 1 Mar 2000 18:13:06 -0500 (EST) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA16131; Wed, 1 Mar 2000 18:13:04 -0500 (EST) Delivered-To: smb(a)research.att.com Message-Id: <200003012313.SAA16131(a)ietf.org> To: IETF-Announce: ; From: ietf-secretariat(a)ietf.org Cc: new-work(a)ietf.org Subject: 47th IETF: ITRACE BOF Date: Wed, 01 Mar 2000 18:13:03 -0500 Sender: mbeaulie(a)cnri.reston.va.us Content-Type: text X-UIDL: de9f75cb7001aedbabad2854bdf994cd ICMP Traceback BOF (itrace) Thursday, March 30 at 1530-1730 =============================== CHAIR: Steve Bellovin <smb(a)research.att.com> DESCRIPTION: The purpose of the BoF is to look at a mechanism to help address the problem of tracing back denial of service attacks. The suggested mechanism is that with low probability (order 1/20,000), a router seeing a packet would send to the destination an ICMP message giving as much information as it knows about the immediate previous hop of that packet. With enough of these messages -- and if one is being flooded, by definition there will be a lot of traffic, so that the low probabilities will still result in a reasonably complete set of traceback packets. Such a mechanism has other uses as well. It lets people trace down the source of accidentally-emitted bogus packets, i.e., those with RFC1918 addresses. It helps characterize the reverse path, which traceroute does not do. The output will be a standards-track RFC describing the packet format, and the conditions under which it should be sent. Issues include authentication, router load, and host load. AGENDA: Introduction, motivation 15 min Marcus Leech's prototype 20 min Open issues list 30 min Charter 20 min ------- End of Forwarded Message --Steve Bellovin

1 0

~ Work International Business from Home ~
by strategies＠connect4free.net 01 Mar '00

01 Mar '00

1 0

Re: Alternative to BGP-4 for multihoming?
by Steven M. Bellovin 01 Mar '00

01 Mar '00

In message <3.0.5.32.20000301174204.0081c280(a)max.ibm.net.il>, Hank Nussbacher w rites: > > Radware has a product called Linkproof and claims that it negates the need > for BGP-4 and portable IP addresses: > > http://www.radware.com/product/lproof/Default.htm > > I have a customer that requires multihoming and they want to use Linkproof > and I want them to do BGP-4. Does anyone have any experience using this as > an alternative to BGP-4? The Web page states that the device uses NAT. I can't speak for others, but NAT is against my religion.... --Steve Bellovin

1 0

show interface switch
by ww 01 Mar '00

01 Mar '00

There used to be an undocumented command in Cisco IOS that would provide statistics about how packets were being dealt with -- namely 'show interface switch'. A sample output of the command: Ethernet1/1 Throttle count: 0 Protocol Path Pkts In Chars In Pkts Out Chars Out Other Process 451 54909 24890 1493400 Cache misses 0 Fast 0 0 0 0 Auton/SSE 0 0 0 0 IP Process 17354 2180875 123854 12437965 Cache misses 18678 Fast 13066464 788505528 11642545 4290345939 Auton/SSE 0 0 0 0 Trans. Bridge Process 0 0 104 6240 Cache misses 0 Fast 549 38962 63 8268 Auton/SSE 0 0 0 0 DEC MOP Process 0 0 414 31878 Cache misses 0 Fast 0 0 0 0 Auton/SSE 0 0 0 0 Spanning Tree Process 0 0 584 35040 Cache misses 0 Fast 0 0 0 0 Auton/SSE 0 0 0 0 ARP Process 75404 4531576 149 8940 Cache misses 0 Fast 0 0 0 0 Auton/SSE 0 0 0 0 CDP Process 35 10885 533 168537 Cache misses 0 Fast 0 0 0 0 Auton/SSE 0 0 0 0 For certain this command exists in versions of 11.X vintage, although it seems to have disappeared in 12.X. Does anyone know why it has been abandoned? These are usefull statistics from a debugging perspective (i.e. why is this router crumbling under high traffic load? because it's process switching all of its packets) and I don't think that it's possible to garner them from netflow. Has it been replaced by another undocumented command? Cheers, Will Waites ww(a)pandora.styx.org

4 3

~ EveryBody Loves Chocolate! ~
by candyman＠pplmail.com 01 Mar '00

01 Mar '00

1 0

Retracing Sender's SMTP IP Address using MS Exchange 5.5
by Toplez Razer 29 Feb '00

29 Feb '00

Dear Folks, We receive an e-mail that we want to reply back, but the sender's SMTP is NOT registered in DNS. Let's say the sender is who(a)xyz.com. Let's assume xyz.com is being resolve with its ISP DNS 150.150.150.1. But there is no MX for xyz.com in this DNS. Our e-mail is MS Exchange 5.5. Can we trace the sender's SMTP IP address? Is there better way than to peel off the original header packet to see the sender IP? Thanks, Audie Onibala ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1

3 2

RE: Need routing engineer from Verio
by Rizzo, Mark 29 Feb '00

29 Feb '00

Yes, I did send to peering and noc a few minutes later. I was not sure how quickly the peering email addressed was polled so I was looking for some help sooner from a clueful person on this list. (Which I have mostly received, minus the few requisite hate mails) Mark EA.COM -----Original Message----- From: TTSG [mailto:ttsg@ttsg.com] Sent: Sunday, February 27, 2000 2:53 PM To: rbush(a)bainbridge.verio.net Cc: MRizzo(a)eahq-exchange.ea.com; nanog(a)merit.edu Subject: Re: Need routing engineer from Verio > > > > Hello, I need to contact someone from Verio that can help me sort out a > > routing issue between Verio and my company. > > posted two minutes after mail sent to peering(a)verio.net and no mail sent to > noc(a)verio.net. brilliant. > Ya blame him? With the response times and cluelessness factor I've run into with various Verio departments, I'm suprised he bothered at all. Tuc/TTSG

12 13

RE: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow
by Paul Ferguson 29 Feb '00

29 Feb '00

At 10:45 PM 02/28/2000 -0500, Vijay Gill wrote: >Routers from Cisco and other vendors have the ability to detect the >signature patterns of a denial-of-service attack, and the routers can >filter out that traffic, Farnsworth said. An unfortunate misquote. Add another scar to my cisco skin... - paul

2 1

DDoS: CAR vs TCP-Intercept vs NetFlow
by Rubens Kuhl Jr. 29 Feb '00

29 Feb '00

Have anyone performed an evalution of rate-limiting SYN packets (CAR) versus using TCP-Intercept ? What responds better to a DDoS attack (assume SYN-flooding only) ? What uses more router resources ? For better performance of CAR or TCP-Intercept, NetFlow switching (ip route-cache flow) should also be used, besides CEF ? Rubens Kuhl Jr.

4 7