I've been looking into how to protect MX80 11.4R5 from various accidental and intentional attempts to congest control plane and I'm drawing pretty much blank.
Main discoveries so far.
ISIS is punted with different code than IP packets, but resolving the punt path it goes to the same path. This path is still seeing full wire rate, i.e. there isn't magic 10kpps limit before it
HCFPC2(le_ruuter vty)# show jnh 0 exceptions control pkt punt via nh PUNT(34) 9134818 1065269880 HCFPC2(le_ruuter vty)# show jnh 0 exceptions nh 34 punt Nexthop Chain: CallNH:desc_ptr:0xc02bbc, mode=0, rst_stk=0x0, count=0x3 0xc02bb8 0 : 0x127fffffe00003f0 0xc02bb9 1 : 0x2ffffffe07924a00 0xc02bba 2 : 0xda00601499000a04 0xc02bbb 3 : Continue reading
Today I downloaded a the full set of Configuration and Command references for the HP 12500 Series Switch from HP.com. When I looked in my download finder they were all helpfully named "cXXXXXX.pdf". Interestingly enough the title in the metadata seemed to be correct, so I wrote an AppleScript to batch rename them.
set theFiles to choose file with multiple selections allowed
repeat with theFile in theFiles
set filePath to quoted form of POSIX path of theFile
set theName to do shell script "mdls -name kMDItemTitle " & filePath & " -raw"
set theName to theName & ".pdf"
if theName is not "(null)" then try
tell application "System Events" to set name of theFile to theName
end try
end repeat
References: Apple Support Fourms
Today I downloaded a the full set of Configuration and Command references for the HP 12500 Series Switch from HP.com. When I looked in my download finder they were all helpfully named "cXXXXXX.pdf". Interestingly enough the title in the metadata seemed to be correct, so I wrote an AppleScript to batch rename them.
How does the internet work - We know what is networking
Sytek Inc developed NetBIOS in 1983 as an API (a specification proposed for using it as an interface to communicate by software parts) for software contact over IBM PC LAN networking technology. The Network Basic Input/Output System (NetBIOS) was at first introduced by IBM (a company, which is running IT consultation and computer technology business […]
Today I downloaded a the full set of Configuration and Command references for the HP 12500 Series Switch from HP.com. When I looked in my download finder they were all helpfully named "cXXXXXX.pdf". Interestingly enough the title in the metadata seemed to be correct, so I wrote an AppleScript to batch rename them.
IETF drafts get no love from my Tablet. I 've tried sending drafts to Instapaper for offline reading, I've tried using Readability but all of these fail to render correctly. Is it too much to ask to be able to read RFC's on the go?
Fortunately I found that the RFCs and I-D's are published to tools.ietf.org in both epub and mobi formats. To pull the full list of epub:
rsync -avz --include="*.epub" --exclude="*" rsync.tools.ietf.org::tools/ebook/ /destination
And for mobi:
rsync -avz --include="*.mobi" --exclude="*" rsync.tools.ietf.org::tools/ebook/ /destination
These are pretty hefty downloads so you might want to tailor these to your current needs by creating using a txt file full of include rules, lets call it filter.txt
Add lines like this to your filter.txt to download the latest RFCs and I-Ds for the WGs you are following:
*lisp*.mobi
*conex*.mobi
*nvo3*.mobi
*tsvwg*.mobi
To download the mother load of RFCs add the following line:
rfc.mobi
To download RFCs by Area add the following:
area.rtg.mobi
area. Continue reading
IETF drafts get no love from my Tablet. I 've tried sending drafts to Instapaper for offline reading, I've tried using Readability but all of these fail to render correctly. Is it too much to ask to be able to read RFC's on the go?
IETF drafts get no love from my Tablet. I 've tried sending drafts to Instapaper for offline reading, I've tried using Readability but all of these fail to render correctly. Is it too much to ask to be able to read RFC's on the go?
How does the internet work - We know what is networking
The response and prevention In order to defend against Denial of Service attacks the combination of attack detection use is typically involved in it, classification of traffic as well as response tools, and the target is to block traffic if identified as illegal and permit the legal traffic only after identifying it. Below is a […]
Cisco’s BGP decision process basically decides which BGP route to take when comparing multiple prefixes to the same destination. It is a rather long process and somewhat tricky. Below, I created a quick reference to its steps.
Before I talk about each step I would like to discuss in what order are multiple prefixes compared. For example if you have three prefixes to 10.2.0.0/16 how do you compare all three at once? By default Cisco’s algorithm will compare the younger prefixes to the older and finally compare the oldest to the winner.
The rest of this post are my notes on the BGP decision process. Hopefully you’ll find it useful.
For any path to be considered valid it has to meet these requirements.
How does the internet work - We know what is networking
A PDoS or permanent denial-of-service, also referred to as phlashing, is a severe attack that completely damage a system as a result of which the system’s reinstallation of hardware or replacement is required. A PDoS attack exploits the flaws of security which further permits the administration present far away on the hardware of the victim […]
How does the internet work - We know what is networking
There is so much about MPLS and how MPLS works. Here I wrote some simple introductory lines about it but only from one perspective. The costumer side one. There is nothing here about BGP and all the things that need to be done and configured in order for MPLS to function in ISP cloud. As […]
How does the internet work - We know what is networking
ICMP flood Smurf attack is one specific form of a flooding DoS attack that occurs on the public Internet. It solely depends on incorrect configuration network equipments that permit packets that are supposed to be sent to all hosts of computer on a specific network not via any machine but only via network’s broadcast address. […]
DoS Methods – ICMP and SYN flood, Teardrop and Low-rate DoS attacks
As many of you are aware, BGPmon.net has been offered as a free service since becoming publically available in 2008. From its inception the service has been funded largely by myself. Now, due to ever-increasing popularity, it has become unsustainable to run the service on personal funds and my available time. I have reached a branch in the road: BGPmon.net must either become financially self-supporting, reduce its scope or cease. Clearly the latter options would waste the project’s potential and accomplishments.
So I’m happy to announce that as of today BGPmon.net services will be available in two flavors: a free ‘entry level’ service and a full-featured premium commercial service.
With these changes, BGPmon.net will become more sustainable and provide better support, and allow us to continue improving services while adding new features.
What to expect
Our base services remain free, but with a limited feature set and up to 5 prefixes per account.
The premium commercial service allows you to monitor as many prefixes as needed and provides the full-feature set on a new powerful platform. The routing report, SOAP API and additional email address features are now part of the premium service. Pricing details can Continue reading
How does the internet work - We know what is networking
When a number of systems i.e. one or more than one web server floods the resources and bandwidth of a targeted system then a distributed denial of service attack (DDoS) takes place, Different types of methods are used by attackers in order to compromise the systems. It is the malware that can carry out the […]