Re: [nznog] NZNOG Digest, Vol 81, Issue 12

newer
2/8 and 46/8 allocated to the RIPE...

older
Re: [nznog] fx connection issues...

Alan Maher

17 Sep 2009 17 Sep '09

7:45 a.m.

Attachments:

attachment.htm (text/html — 8.8 KB)

Show replies by date

Tom

17 Sep 17 Sep

9:08 a.m.

New subject: fx connection issues {was some digest}

Loads ok here, on orcon. You with TCL? Alan Maher wrote:

...

My apologies for this (my first) post. As a former Sys Admin, I retain an interest in this area for purely personal & academic reasons. After observing the post, I attempted to access http://www.fx.net.nz/ and it timed out. And is doing so again this evening. Your thoughts? All else is functioning fine. ( I run PClos linux on my desktop & use Open DNS) Alan Maher

nznog-request(a)list.waikato.ac.nz wrote:

...
Send NZNOG mailing list submissions to nznog(a)list.waikato.ac.nz

To subscribe or unsubscribe via the World Wide Web, visit http://list.waikato.ac.nz/mailman/listinfo/nznog or, via email, send a message with subject or body 'help' to nznog-request(a)list.waikato.ac.nz

You can reach the person managing the list at nznog-owner(a)list.waikato.ac.nz

When replying, please edit your Subject line so it is more specific than "Re: Contents of NZNOG digest..."

------------------------------------------------------------------------

Today's Topics:

1. Re: DoS against TCL last night (David Robb) 2. Re: DoS against TCL last night (Nathan Ward) 3. Re: DoS against TCL last night (Neil Fenemor)

------------------------------------------------------------------------

Subject: Re: [nznog] DoS against TCL last night From: David Robb Date: Wed, 16 Sep 2009 15:54:06 +1200 To: nznog(a)list.waikato.ac.nz

To: nznog(a)list.waikato.ac.nz

On Mon, 14 Sep 2009 09:52:34 David Robb wrote:

...
Hi all,

In case anyone noticed/was wondering why things were running a bit slowly through TCL last night, we were receiving somewhere >1Gbit of DoS traffic (mostly large TCP, random ports) across a couple of links which got a bit saturated.

And it's back again, even bigger this time. Filters are in place, but if anyone notices things being a little slow, this is probably why.

--David

------------------------------------------------------------------------

Subject: Re: [nznog] DoS against TCL last night From: Nathan Ward Date: Wed, 16 Sep 2009 16:07:46 +1200 To: nznog(a)list.waikato.ac.nz

To: nznog(a)list.waikato.ac.nz

On 16/09/2009, at 3:54 PM, David Robb wrote:

...
On Mon, 14 Sep 2009 09:52:34 David Robb wrote:

...
Hi all,

In case anyone noticed/was wondering why things were running a bit slowly through TCL last night, we were receiving somewhere >1Gbit of DoS traffic (mostly large TCP, random ports) across a couple of links which got a bit saturated.

And it's back again, even bigger this time. Filters are in place, but if anyone notices things being a little slow, this is probably why.

Appreciate the updates David - it's good to see people sharing this sort of stuff.

-- Nathan Ward

------------------------------------------------------------------------

Subject: Re: [nznog] DoS against TCL last night From: Neil Fenemor Date: Wed, 16 Sep 2009 22:20:32 +1200 To: nznog(a)list.waikato.ac.nz

To: nznog(a)list.waikato.ac.nz

2009/9/16 David Robb mailto:ender(a)paradise.gen.nz>

On Mon, 14 Sep 2009 09:52:34 David Robb wrote: > In case anyone noticed/was wondering why things were running a bit slowly > through TCL last night, we were receiving somewhere >1Gbit of DoS traffic > (mostly large TCP, random ports) across a couple of links which got a bit > saturated.

And it's back again, even bigger this time. Filters are in place, but if anyone notices things being a little slow, this is probably why.

Yeah, we've (FX Networks) been hit by a couple over the last few days. Tonights one was particularly bad. And I have heard of another couple of ISPs that have been targeted as well (well, customers thereof).

Anyone else? Is this a bit of a trend starting?

--David

Cheers,

neil ------------------------------------------------------------------------

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

------------------------------------------------------------------------

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

Blair Harrison

10:05 a.m.

New subject: NZNOG Digest, Vol 81, Issue 12

Hi Alan, Do you have ipv6 enabled on your computer? www.fx.net.nz is ipv6 enabled, and I suspect if the website is loading slowly it may have to do with faulty v6 transit. (ie, if you are accessing it over a tunnel going via the US or EU) You could try www2.fx.net.nz which will go to the same place, but does not have a v6 DNS record. We haven't had any DoS attacks this evening that I'm aware of. Regards, Blair Harrison FX Networks On Thu, Sep 17, 2009 at 7:45 PM, Alan Maher wrote:

...

My apologies for this (my first) post. As a former Sys Admin, I retain an interest in this area for purely personal & academic reasons. After observing the post, I attempted to access http://www.fx.net.nz/ and it timed out. And is doing so again this evening. Your thoughts? All else is functioning fine. ( I run PClos linux on my desktop & use Open DNS) Alan Maher

Brian E Carpenter

18 Sep 18 Sep

12:15 a.m.

New subject: fx.net.nz [Re: NZNOG Digest, Vol 81, Issue 12]

Yes, the IPv6 path across town is a bit comnvoluted and seems to involve Seattle.

...

tracert www.fx.net.nz

Tracing route to www.fx.net.nz [2402:6000:200:100::4] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms 2001:df0:0:2006::254 2 <1 ms <1 ms <1 ms 2001:df0:0:201f::1022:400 3 1 ms <1 ms <1 ms 2001:df0:0:1::14:400 4 1 ms <1 ms <1 ms 2001:df0:0:1::7:be 5 1 ms <1 ms <1 ms 2001:df0:0:1::3:b2 6 1 ms <1 ms <1 ms 2001:df0:0:1::3:b1 7 12 ms 11 ms 13 ms 2404:138:0:1::2 8 11 ms 11 ms 11 ms 2404:138:0:4:214:f601:2d88:dc7e 9 159 ms 153 ms 153 ms 2404:138:2000::a 10 153 ms 153 ms 153 ms kreonet-1-lo-jmb-706.sttlwa.pacificwave.net [2001:504:b:10::6] 11 268 ms 267 ms 267 ms 2001:320:1b00:1::1 12 348 ms 348 ms 348 ms hurricaneelectric-RGE.hkix.net [2001:7fa:0:1::ca28:a19e] 13 348 ms 348 ms 348 ms gige-g0-1.tserv19.hkg1.ipv6.he.net [2001:470:0:b8::2] 14 546 ms 474 ms 474 ms fxnetworks-3-pt.tunnel.tserv19.hkg1.ipv6.he.net [2001:470:17:86::2] 15 * 474 ms 735 ms as9503.akl01.akl.VOCUS.net.au [2402:7800:110:501::3] 16 746 ms 482 ms 482 ms palmy-fw1.ip6.fx.net.nz [2402:6000:f000::100] 17 487 ms 568 ms 482 ms palmy-web1.fx.net.nz [2402:6000:200:100::4] Trace complete. Brian On 2009-09-17 22:05, Blair Harrison wrote:

...

Hi Alan,

Do you have ipv6 enabled on your computer?

www.fx.net.nz is ipv6 enabled, and I suspect if the website is loading slowly it may have to do with faulty v6 transit. (ie, if you are accessing it over a tunnel going via the US or EU)

You could try www2.fx.net.nz which will go to the same place, but does not have a v6 DNS record.

We haven't had any DoS attacks this evening that I'm aware of.

Regards, Blair Harrison FX Networks

On Thu, Sep 17, 2009 at 7:45 PM, Alan Maher wrote:

...
My apologies for this (my first) post. As a former Sys Admin, I retain an interest in this area for purely personal & academic reasons. After observing the post, I attempted to access http://www.fx.net.nz/ and it timed out. And is doing so again this evening. Your thoughts? All else is functioning fine. ( I run PClos linux on my desktop & use Open DNS) Alan Maher

------------------------------------------------------------------------

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

McDonald Richards

12:21 a.m.

New subject: fx.net.nz [Re: NZNOG Digest, Vol 81, Issue 12]

Out of curiosity is that through a tunnel broker of some sort? The lack of reverse dns on the path is making it difficult to tell ;) Macca -----Original Message----- From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Brian E Carpenter Sent: Friday, 18 September 2009 10:16 AM To: Blair Harrison Cc: nznog(a)list.waikato.ac.nz; Alan Maher Subject: [nznog] fx.net.nz [Re: NZNOG Digest, Vol 81, Issue 12] Yes, the IPv6 path across town is a bit comnvoluted and seems to involve Seattle.

...

tracert www.fx.net.nz

...

Hi Alan,

Do you have ipv6 enabled on your computer?

www.fx.net.nz is ipv6 enabled, and I suspect if the website is loading slowly it may have to do with faulty v6 transit. (ie, if you are accessing it over a tunnel going via the US or EU)

You could try www2.fx.net.nz which will go to the same place, but does not have a v6 DNS record.

We haven't had any DoS attacks this evening that I'm aware of.

Regards, Blair Harrison FX Networks

On Thu, Sep 17, 2009 at 7:45 PM, Alan Maher wrote:

...
My apologies for this (my first) post. As a former Sys Admin, I retain an interest in this area for purely personal & academic reasons. After observing the post, I attempted to access http://www.fx.net.nz/ and it timed out. And is doing so again this evening. Your thoughts? All else is functioning fine. ( I run PClos linux on my desktop & use Open DNS) Alan Maher

------------------------------------------------------------------------

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

Brian E Carpenter

12:43 a.m.

New subject: fx.net.nz [Re: NZNOG Digest, Vol 81, Issue 12]

It appears to go out of here native through KAREN, which makes the Seattle hop plausible. Brian On 2009-09-18 12:21, McDonald Richards wrote:

...

Out of curiosity is that through a tunnel broker of some sort? The lack of reverse dns on the path is making it difficult to tell ;)

Macca

-----Original Message----- From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Brian E Carpenter Sent: Friday, 18 September 2009 10:16 AM To: Blair Harrison Cc: nznog(a)list.waikato.ac.nz; Alan Maher Subject: [nznog] fx.net.nz [Re: NZNOG Digest, Vol 81, Issue 12]

Yes, the IPv6 path across town is a bit comnvoluted and seems to involve Seattle.

...
tracert www.fx.net.nz

Tracing route to www.fx.net.nz [2402:6000:200:100::4] over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 2001:df0:0:2006::254 2 <1 ms <1 ms <1 ms 2001:df0:0:201f::1022:400 3 1 ms <1 ms <1 ms 2001:df0:0:1::14:400 4 1 ms <1 ms <1 ms 2001:df0:0:1::7:be 5 1 ms <1 ms <1 ms 2001:df0:0:1::3:b2 6 1 ms <1 ms <1 ms 2001:df0:0:1::3:b1 7 12 ms 11 ms 13 ms 2404:138:0:1::2 8 11 ms 11 ms 11 ms 2404:138:0:4:214:f601:2d88:dc7e 9 159 ms 153 ms 153 ms 2404:138:2000::a 10 153 ms 153 ms 153 ms kreonet-1-lo-jmb-706.sttlwa.pacificwave.net [2001:504:b:10::6] 11 268 ms 267 ms 267 ms 2001:320:1b00:1::1 12 348 ms 348 ms 348 ms hurricaneelectric-RGE.hkix.net [2001:7fa:0:1::ca28:a19e] 13 348 ms 348 ms 348 ms gige-g0-1.tserv19.hkg1.ipv6.he.net [2001:470:0:b8::2] 14 546 ms 474 ms 474 ms fxnetworks-3-pt.tunnel.tserv19.hkg1.ipv6.he.net [2001:470:17:86::2] 15 * 474 ms 735 ms as9503.akl01.akl.VOCUS.net.au [2402:7800:110:501::3] 16 746 ms 482 ms 482 ms palmy-fw1.ip6.fx.net.nz [2402:6000:f000::100] 17 487 ms 568 ms 482 ms palmy-web1.fx.net.nz [2402:6000:200:100::4]

Trace complete.

Brian

On 2009-09-17 22:05, Blair Harrison wrote:

...
Hi Alan,

Do you have ipv6 enabled on your computer?

www.fx.net.nz is ipv6 enabled, and I suspect if the website is loading slowly it may have to do with faulty v6 transit. (ie, if you are accessing it over a tunnel going via the US or EU)

You could try www2.fx.net.nz which will go to the same place, but does not have a v6 DNS record.

We haven't had any DoS attacks this evening that I'm aware of.

Regards, Blair Harrison FX Networks

On Thu, Sep 17, 2009 at 7:45 PM, Alan Maher wrote:

...
My apologies for this (my first) post. As a former Sys Admin, I retain an interest in this area for purely personal & academic reasons. After observing the post, I attempted to access http://www.fx.net.nz/ and it timed out. And is doing so again this evening. Your thoughts? All else is functioning fine. ( I run PClos linux on my desktop & use Open DNS) Alan Maher

------------------------------------------------------------------------

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

Nathan Ward

12:54 a.m.

New subject: fx.net.nz [Re: NZNOG Digest, Vol 81, Issue 12]

Yeah, UoA prefer KAREN routes over Internet routes. For some reason, people are advertising public IPv6 routes in to internet2 (or some connected research network). They really shouldn't, it would make the public IPv6 network work a whole lot better for early adopters like research networks. On 18/09/2009, at 12:43 PM, Brian E Carpenter wrote:

...

It appears to go out of here native through KAREN, which makes the Seattle hop plausible.

Brian

On 2009-09-18 12:21, McDonald Richards wrote:

...
Out of curiosity is that through a tunnel broker of some sort? The lack of reverse dns on the path is making it difficult to tell ;)

Macca

-----Original Message----- From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Brian E Carpenter Sent: Friday, 18 September 2009 10:16 AM To: Blair Harrison Cc: nznog(a)list.waikato.ac.nz; Alan Maher Subject: [nznog] fx.net.nz [Re: NZNOG Digest, Vol 81, Issue 12]

Yes, the IPv6 path across town is a bit comnvoluted and seems to involve Seattle.

...
tracert www.fx.net.nz

Tracing route to www.fx.net.nz [2402:6000:200:100::4] over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 2001:df0:0:2006::254 2 <1 ms <1 ms <1 ms 2001:df0:0:201f::1022:400 3 1 ms <1 ms <1 ms 2001:df0:0:1::14:400 4 1 ms <1 ms <1 ms 2001:df0:0:1::7:be 5 1 ms <1 ms <1 ms 2001:df0:0:1::3:b2 6 1 ms <1 ms <1 ms 2001:df0:0:1::3:b1 7 12 ms 11 ms 13 ms 2404:138:0:1::2 8 11 ms 11 ms 11 ms 2404:138:0:4:214:f601:2d88:dc7e 9 159 ms 153 ms 153 ms 2404:138:2000::a 10 153 ms 153 ms 153 ms kreonet-1-lo-jmb-706.sttlwa.pacificwave.net [2001:504:b:10::6] 11 268 ms 267 ms 267 ms 2001:320:1b00:1::1 12 348 ms 348 ms 348 ms hurricaneelectric-RGE.hkix.net [2001:7fa:0:1::ca28:a19e] 13 348 ms 348 ms 348 ms gige-g0-1.tserv19.hkg1.ipv6.he.net [2001:470:0:b8::2] 14 546 ms 474 ms 474 ms fxnetworks-3-pt.tunnel.tserv19.hkg1.ipv6.he.net [2001:470:17:86::2] 15 * 474 ms 735 ms as9503.akl01.akl.VOCUS.net.au [2402:7800:110:501::3] 16 746 ms 482 ms 482 ms palmy-fw1.ip6.fx.net.nz [2402:6000:f000::100] 17 487 ms 568 ms 482 ms palmy-web1.fx.net.nz [2402:6000:200:100::4]

Trace complete.

Brian

On 2009-09-17 22:05, Blair Harrison wrote:

...
Hi Alan,

Do you have ipv6 enabled on your computer?

www.fx.net.nz is ipv6 enabled, and I suspect if the website is loading slowly it may have to do with faulty v6 transit. (ie, if you are accessing it over a tunnel going via the US or EU)

You could try www2.fx.net.nz which will go to the same place, but does not have a v6 DNS record.

We haven't had any DoS attacks this evening that I'm aware of.

Regards, Blair Harrison FX Networks

On Thu, Sep 17, 2009 at 7:45 PM, Alan Maher wrote:

...
My apologies for this (my first) post. As a former Sys Admin, I retain an interest in this area for purely personal & academic reasons. After observing the post, I attempted to access http://www.fx.net.nz/ and it timed out. And is doing so again this evening. Your thoughts? All else is functioning fine. ( I run PClos linux on my desktop & use Open DNS) Alan Maher

------------------------------------------------------------------------

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

!DSPAM:22,4ab2d7b426431827514789!

Joe Abley

1:32 a.m.

New subject: fx.net.nz [Re: NZNOG Digest, Vol 81, Issue 12]

On 2009-09-17, at 20:54, Nathan Ward wrote:

...

Yeah, UoA prefer KAREN routes over Internet routes. For some reason, people are advertising public IPv6 routes in to internet2 (or some connected research network).

I thought I heard some time ago that the AUP for Internet2 was specifically modified for IPv6 to encourage commercial traffic to be carried there. Perhaps this was a reaction to the fact that the carriers that typically sell bargain-basement commercial transit to universities are typically not the ones offering v6. Joe

Alan Maher

10:38 a.m.

New subject: fx.net.nz [Re: NZNOG Digest, Vol 81, Issue 12]

Brian E Carpenter

8:26 p.m.

New subject: fx.net.nz [Re: NZNOG Digest, Vol 81, Issue 12]

What you need for IPv6 to be enabled in FF is network.dns.disableIPv6 default boolean false That means that FF *will* use AAAA records and therefore try IPv6. If you flip it to true, FF will not use AAAA records and will only try IPv4. Regards Brian Carpenter University of Auckland On 2009-09-18 22:38, Alan Maher wrote:

...

Thanks for all replies. The issue was simple (as always) but I will post this in case others come across similar problems. In Firefox "about:config", disable ipv6, and then ipv6 will work. Strange, but true, and would appear to be one of "those" programming errors. Or someone with a perverse sense of humour.

Alan Maher

Brian E Carpenter wrote:

...
Yes, the IPv6 path across town is a bit comnvoluted and seems to involve Seattle.

...
tracert www.fx.net.nz

Tracing route to www.fx.net.nz [2402:6000:200:100::4] over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 2001:df0:0:2006::254 2 <1 ms <1 ms <1 ms 2001:df0:0:201f::1022:400 3 1 ms <1 ms <1 ms 2001:df0:0:1::14:400 4 1 ms <1 ms <1 ms 2001:df0:0:1::7:be 5 1 ms <1 ms <1 ms 2001:df0:0:1::3:b2 6 1 ms <1 ms <1 ms 2001:df0:0:1::3:b1 7 12 ms 11 ms 13 ms 2404:138:0:1::2 8 11 ms 11 ms 11 ms 2404:138:0:4:214:f601:2d88:dc7e 9 159 ms 153 ms 153 ms 2404:138:2000::a 10 153 ms 153 ms 153 ms kreonet-1-lo-jmb-706.sttlwa.pacificwave.net [2001:504:b:10::6] 11 268 ms 267 ms 267 ms 2001:320:1b00:1::1 12 348 ms 348 ms 348 ms hurricaneelectric-RGE.hkix.net [2001:7fa:0:1::ca28:a19e] 13 348 ms 348 ms 348 ms gige-g0-1.tserv19.hkg1.ipv6.he.net [2001:470:0:b8::2] 14 546 ms 474 ms 474 ms fxnetworks-3-pt.tunnel.tserv19.hkg1.ipv6.he.net [2001:470:17:86::2] 15 * 474 ms 735 ms as9503.akl01.akl.VOCUS.net.au [2402:7800:110:501::3] 16 746 ms 482 ms 482 ms palmy-fw1.ip6.fx.net.nz [2402:6000:f000::100] 17 487 ms 568 ms 482 ms palmy-web1.fx.net.nz [2402:6000:200:100::4]

Trace complete.

Brian

On 2009-09-17 22:05, Blair Harrison wrote:

...
Hi Alan,

Do you have ipv6 enabled on your computer?

www.fx.net.nz is ipv6 enabled, and I suspect if the website is loading slowly it may have to do with faulty v6 transit. (ie, if you are accessing it over a tunnel going via the US or EU)

You could try www2.fx.net.nz which will go to the same place, but does not have a v6 DNS record.

We haven't had any DoS attacks this evening that I'm aware of.

Regards, Blair Harrison FX Networks

On Thu, Sep 17, 2009 at 7:45 PM, Alan Maher wrote:

...
My apologies for this (my first) post. As a former Sys Admin, I retain an interest in this area for purely personal & academic reasons. After observing the post, I attempted to access http://www.fx.net.nz/ and it timed out. And is doing so again this evening. Your thoughts? All else is functioning fine. ( I run PClos linux on my desktop & use Open DNS) Alan Maher

------------------------------------------------------------------------

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

5677

Age (days ago)

5679

Last active (days ago)

List overview

Download

9 comments

7 participants

participants (7)

Alan Maher
Blair Harrison
Brian E Carpenter
Joe Abley
McDonald Richards
Nathan Ward
Tom