- NZNOG - lists.nznog.org

Re: [nznog] Further Analysis of Election Night
by Regan Murphy 21 Sep '05

21 Sep '05

I'm with xtra for DSL at home. I don't seem to transit via the US to get content from the r2 servers. -----Original Message----- From: Dan Clark [mailto:dan(a)synaptic.net.nz] Sent: Thursday, 22 September 2005 6:59 p.m. To: Richard Naylor Cc: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] Further Analysis of Election Night mostly Xtra customers connecting to the US server no doubt? Dan

4 3

Further Analysis of Election Night
by Richard Naylor 21 Sep '05

21 Sep '05

Further analysis of the Election period webcast ----------------------------------------------- We have now had some time to analyse log files from the election period. The following observations are made. It should be understood that there were 4 servers, USA - 1 AKL - 2 (CityLink and TVNZ) WLG - 1 We have not had access to the TVNZ log files and so the following comments are based on analysis of 3 servers only. These servers were carrying 62% of the load (by traffic) It also needs to be understood that these servers were not set up solely for the election event and carried on handling day to day 24x7 streaming. So in looking at log files, there are many streams and services (such as on demand video or audio files) which were operating regardless of the election. Equally many of the stations which we stream had no particular coverage of the election and carried on their usual Saturday night programmes. As a result some analysis requires a little local knowledge to make sense. In addition, R2 was providing on-demand services to 3 political parties involved in the election. Several parties had closing video clips or focussed their multi-media assets for the closing stages of the campaign. This produced extra traffic on election day. In some cases a surprising number of hits. We also carried a number of election related events such as The Labour Party Election Campaign launch The InternetNZ ICT Candidates debate Election Fiscal Update (access via Scooop.co.nz) Several Press Briefings by the PM (access via Scoop.co.nz) Candidate debates (access via RadioNZ.co.nz) As a result a very rough estimate is that the last month has seen server traffic double. On election night, over 40 countries accessed the 3 CityLink servers. They were NZ 36% Australia 12% US 8% UK 2.5% France 1.5% Canada Japan Netherlands Singapore Switzerland Germany Czech Republic Italy Brazil Thailand Poland Malaysia Austria Saudi Arabia Israel India Hungary Taiwan Turkey Spain Slovakia Belgium Sweden Denmark Norway Fiji Azerbaijan United Arab Emirates Russia Philippines The top 15 countries all accessed over 1GBytes of data Of great interest to us is the access to the USA server as its usage is designed to handle international interest under a strategy of locating servers as close to the clients as possible, so that over time, higher quality material (audio or video) can be delivered. The USA server received connections from NZ 30% Australia 20% USA 10% UK 3.7% Japan 1.5% Singapore 1.3% With 3 servers located in NZ, there was no need for traffic from the US server to NZ. This is caused solely by poor peering by NZ ISPs. It represents some 10Mbps of traffic.

3 3

Useful BGP tool
by Gordon Smith 21 Sep '05

21 Sep '05

A little something that's quite useful for looking at route advertisement trends over time. It complements the use of route-servers quite well when looking at BGP path changes internationally. Found the link on NANOG http://bgpinspect.merit.edu/

2 1

Re: [nznog] [afnog] ARIN to allocate from 74/8 & 75/8
by Rob Thomas 20 Sep '05

20 Sep '05

Hi, Randy. ] but, as you seem to understand, that's only half the story. luckily, ] the other, more useful, half is easily testable if arin/cymru would ] just follow the long-discussed path. We couldn't agree more! That's why we stood up the following three pingable IP addresses prior to announcing the test prefixes. 74.63.1.2 75.127.1.2 76.191.1.2 Sorry those weren't announced sooner! Thanks, Rob, for Team Cymru. -- Rob Thomas http://www.cymru.com Shaving with Occam's razor since 1999.

1 0

Woosh prefix update
by Nathan Ward 20 Sep '05

20 Sep '05

We are now advertising an additional prefix to our APE and WIX connected peers, including the route servers for these exchanges. I also ask that anyone not currently accepting up to 24 bit long prefixes in our advertisements, to please do so. We have no need to advertise these now, but we'd like to have the option available if needed, yadda yadda. The new prefix is 203.211.64.0/20. So, in the end it should look something like: ip prefix-list woosh-in seq 5 permit 202.74.192.0/19 le 24 ip prefix-list woosh-in seq 10 permit 203.211.64.0/20 le 24 Other potentially useful details follow: ASN 17412 APE IP 192.203.154.49 WIX IP 202.7.0.50 For those of you who are not currently peering with us and would like to arrange direct peering sessions, please contact me offlist, or on +64-9-522-3699, ext 618. -- Nathan Ward

2 1

Election Night Statistics
by Richard Naylor 20 Sep '05

20 Sep '05

Election Night Webcasting Statistics On Election night, 2005, CityLink/R2 was involved in assisting a number of broadcasters with their streaming requirements. This was in addition to the normal webcasting activites being carried out with other TV and radio stations. Particular focus was placed on TV-One (TVNZ) TV-3 NewstalkZB National Radio The streaming was carried out using servers located in Auckland, Wellington and Palo Alto (USA). Encoding was carried out by TVNZ and CityLink/R2. In terms of number of viewers, the 2003 Lord of the Rings premiere has been regarded as the biggest event webcast to date. The election night figures passed that by approximately 50%. On election night, some servers used anycast routing to spread traffic between servers, so that viewers connected to the server closest to them by Internet topology. Because not all servers used anycasting, we experienced congestion on the link feeding the US based server. As a result, some viewers used the link to NZ servers, further overloading the International capacity. In hindsight, we should have fed the US server via an alternate route to ensure the quality of its streams. In terms of traffic, the average bandwidth being consumed was Auckland (2 servers) = 110 Mbps Wellington (1 server) = 50 Mbps USA (1 server) = 50 Mbps Total average bandwidth = 210 Mbps Peaks were of course much higher. Estimates are that approximately 450Gbytes of data was transferred during the event of 6 hours. 98% of this data was carried by the anycast routing architecture. At 10 cents per megabyte this data represents approximately $45,000. CityLink delivered this event for free as a public service. Lessons Learned Our experience suggests that for large events, anycast routing delivers high performance. However, the source feed to the US servers needs to be isolated from any other traffic into or out of NZ. We could have done this using our satellite capacity or by strictly enforcing anycast routing. This would have meant that NZ ISPs not peering at NZ Internet exchanges would have to bring significant traffic into NZ on their International circuits.

1 0

Re: [nznog] New phish - Westpac
by Nic Wise 20 Sep '05

20 Sep '05

> BNZ tried using certs in 2000 for IB for public - was a > nightmare - far too early for browser compatibility usual > portability of certs etc. Ah, I might have had my banks mixed up. > And of course, and this will come > as a surprise to some, certs aren't very good for > authentication remember - their power in is in persistently > marking transactions/data or whatever That BNZ system was > tried to get round key loggers but as you say anything that > needs specific machine setups/configs will fail for retail > banking. And there are screen grabbers now anyway. Oh, I found that even without the threat of phishers etc, the pain of using it (Even after I installed Java) was just too high. > 2-factor also does not solve the problem and can introduce > more. Netcode relies on a now-defunct, unsupported product > from RSA - it was dropped from the RSA product line due to > the issues with SMS delivery and security - ask yourself how > secure the SMS network is, would you know, do you know ? I Well, personally, I'd find it more secure that not having it at all. Without something like it, anyone can get in with my username + pwd. With it, atleast if they ALSO intercept my cell transmission, they can get it for what, 10 mins (assuming they have my UN+PW as well). That's a fairly small window, and better than the current situation. > would be more concerned about that than anything. Also, the > banks cannot control SMS delivery nor guarantee anything and > therefore don't like it. 2 factor is relatively complex to > manage in big deployments, expensive (relatively compared to > a password) and probably overkill for retail but spot on for > business - which of course you'll know has been used in for a > number of years now by most banks.... I think ASB got around that by having something in there saying "if you don't get the text within X mins, call us on 0800 WHATEVER, quote ID 123456 and we'll check your details like we normally do". > Remember though - you can use a computer - most people who > use retail Internet Banking can't - IB is the pinnacle of > their PC knowledge VERY good point. Smartcards + reader look interesting, but there again - hardware compatability. Does it works on a Mac? Does it work on my mothers old P166 without USB? Etc. > And anyway banks don;t make any money from retail banking so > until phishing and e-banking scams become sufficiently common > they still pale in comparison to manual frauds. The real > answer is to remove some functionality but of course we'd all > moan...Free beers for life for the person that cracks the > portability vs security conundrum ! Very true. As long as they keep refunding people when they get all their money nicked, it's not THAT huge a long-term problem. Short term, and for the person who's cash is (for a while) gone, it's a bit of a stresser. :) Good discussion to have, me thinks, especially given the types of people on this list. :) Now, lunch and Beer :) Is it Friday yet? N

1 0

Re: [nznog] New phish - Westpac
by Nic Wise 20 Sep '05

20 Sep '05

> I'm not a application Security expert, but why can the banks > issue a authentication Certificate, and only allow > connections to those who are authenticated? > Certs would help, but they are a PITA to get working reliably. I know of one place that does use them (www.vir.co.nz - only for dealers) - but Banks are very much mass-market, and mom-and-pop would have a lot of troulbe working it out. I think one of the banks (ANZ??) tried it a while back. Not sure what they use now tho. The worst I have used was BNZ - they had a Java applet, and you had to CLICK on your password, on a keyboard on the screen. Wow, how secure, if someone is shoulder surfing, or capturing mouse clicks. And, it was just crap to use, especially if you didn't have Java (you just couldn't get in without Java!) 2-factor authentication is one of the few ways they could tighten up on security. ASB already does this, to some extent, with NetCode (ditto BankDirect - same company tho). They send you a text to confirm (you have to enter the code in the text) if the amount is over a specific value ($2500 per day). Works great. Why not do it on ALL transactions under a certain value (eg, $50)? Want to log in and check accounts? Fine. Usename + password. Want to move money? You then MUST use 2-factor authentication. I'd say that 99% of people with computers, also have cellphones, so text messages is a good way. Going overseas? Get one of those fancy SecureID cards on loan. I'm SURE that a load of people on this list know those cards - credit card sized "random" number generators on their keyrings. Same idea could be implemented for LESS cost than the banks usually loose.... Of course, the banks have to be motivated to do it.... And they are not, really, at the moment. It might still give the phishermen entry, but only within a VERY small window (60 seconds to 5 mins, usually), which would solve most of the problems. Of course, you'd need to sync it up with the Beer Tap at the pub somehow..... Maybe give the "keys" away free with every pint sold? Righto. Back to work :) Nic -- Nic Wise - Senior Developer - Microsoft MVP (.NET) t. +64.21.676.418 w. http://www.aftermail.com/ e. nic.wise(a)aftermail.com b. http://www.fastchicken.co.nz/blog/

4 4

Re: [nznog] New phish - Westpac
by David Robb 20 Sep '05

20 Sep '05

On Mon, 19 Sep 2005, Jeremy Strachan wrote: > > Given the alternative is our users bank accounts being cleaned out - I'm > all for Telco and/or ISP's blocking access to the site. So you say it's ok for bank phishing. What about ebay/trademe/other auction/sales sites? What if it were for Live Journal? --David

15 20

Notification of NZRR Database changes
by NZRR Database Notifications 19 Sep '05

19 Sep '05

Dear Colleague, This is to notify you that some object(s) in NZRR database which you either maintain or are listed as to-be-notified have been added, deleted or changed. These objects are used to configure the various NZIX route servers (http://nzix.net/) so you can expect the relevant servers to be reloaded in the near future. The reloading of the servers is staggered over a period of time so that if you are peering with both servers at an exchange, you can maintain at least one BGP session at all times and consequently a full set of routes. --- PREVIOUS OBJECT: route-set: AS9439:RS-ROUTES:AS23655 descr: advertised to AS9439 by Snap Internet Limited - AS23655 members: 132.181.0.0/16^16-29, 202.124.96.0/19^19-29, 203.97.28.0/22^22-29, 202.27.186.0/23^23-29, 202.36.178.0/23^23-29, 202.36.218.0/23^23-29, 202.37.100.0/23^23-29, 202.37.124.0/23^23-29, 210.55.30.0/23^23-29, 210.55.206.0/23^23-29, 192.156.225.0/24^24-29, 202.50.117.0/24^24-29, 202.50.169.0/24^24-29, 210.54.15.0/24^24-29, 210.55.4.0/24^24-29, 210.55.7.0/24^24-29 admin-c: RPA1-NZRR tech-c: RPA1-NZRR notify: rpsl-admin(a)nzix.net notify: nznog(a)list.waikato.ac.nz notify: noc(a)snap.net.nz mnt-by: MAINT-NZRR-NZ changed: rpsl-admin(a)nzix.net 20050913 source: NZRR REPLACED BY: route-set: AS9439:RS-ROUTES:AS23655 descr: advertised to AS9439 by Snap Internet Limited - AS23655 members: 132.181.0.0/16^16-29, 202.124.96.0/20^20-29, 203.97.28.0/22^22-29, 202.27.186.0/23^23-29, 202.36.178.0/23^23-29, 202.36.218.0/23^23-29, 202.36.220.0/23^23-29, 202.37.100.0/23^23-29, 202.37.124.0/23^23-29, 202.49.120.0/23^23-29, 210.55.30.0/23^23-29, 210.55.206.0/23^23-29, 192.156.225.0/24^24-29, 202.49.115.0/24^24-29, 202.49.125.0/24^24-29, 202.50.117.0/24^24-29, 202.50.169.0/24^24-29, 203.96.112.0/24^24-29, 210.54.15.0/24^24-29, 210.55.4.0/24^24-29, 210.55.7.0/24^24-29 admin-c: RPA1-NZRR tech-c: RPA1-NZRR notify: rpsl-admin(a)nzix.net notify: nznog(a)list.waikato.ac.nz notify: noc(a)snap.net.nz mnt-by: MAINT-NZRR-NZ changed: rpsl-admin(a)nzix.net 20050920 source: NZRR

1 0