Interesting NANOG topic summaries

Mobile Phone Addresses for Monitoring

• 7 September 2007: http://www.merit.edu/mail.archives/nanog/msg02823.html

240/4 experimental use

• 18 October 2007: http://www.merit.edu/mail.archives/nanog/msg03818.html

P2P Application "Fairness" / Comcast blocking P2P

• 22 Oct 2007: http://www.merit.edu/mail.archives/nanog/msg03992.html
• 22 Oct 2007: http://www.merit.edu/mail.archives/nanog/msg03996.html

Youtube IP Range Hijacking (Hi Pakistan!)

• http://www.merit.edu/mail.archives/nanog/msg06384.html
• 27 Feb 2008: http://arstechnica.com/news.ars/post/20080225-insecure-routing-redirects-youtube-to-pakistan.html
• 29 Feb 2008: http://www.ripe.net/news/study-youtube-hijacking.html
• 3 March 2008 - Understanding Resiliency of Internet Topology Against Prefix Hijacking Attacks (2007) - http://www.cs.ucla.edu/~mohit/cameraReady/hijack-dsn.pdf

Internet Alert Registry Peering / "Pretty Good BGP"

• Initial Post: 10 Mar 2008: http://www.merit.edu/mail.archives/nanog/msg06605.html

Customer-Facing ACLs

• 7 Mar 2008: Initial post: http://www.merit.edu/mail.archives/nanog/msg06546.html

Filtering Information

• Mark Tinka: filtering when supplying transit to multiple ISPs: http://www.merit.edu/mail.archives/nanog/msg06583.html
• Justin Streiner: filtering SMTP in a previous life: http://www.merit.edu/mail.archives/nanog/msg06547.html
• Kameron Gasso: filtered SMTP to dialup but not DSL - specifically mentions a fast abuse desk to deal with complaints and how customers are filtered until the complaint has been addressed: http://www.merit.edu/mail.archives/nanog/msg06552.html
• SBC Dallas: http://www.merit.edu/mail.archives/nanog/msg06559.html
• Christopher Morrow - pointing out UUNET has been doing SMTP filtering for clients since 2002 - http://www.merit.edu/mail.archives/nanog/msg06624.html
• Joel Jaeggli: bot filtering based on connection rate thresholds: http://www.merit.edu/mail.archives/nanog/msg06572.html

Projects

• Robert Beverley - talking about a recent project to measure filtering prevalence - http://www.merit.edu/mail.archives/nanog/msg06551.html
  • .. and the relevant data - http://ana.csail.mit.edu/rsp/
• Danny McPherson - Arbor Networks asked this in their latest Internet Infrastructure Survey - http://www.merit.edu/mail.archives/nanog/msg06554.html
  • .. and the relevant site - http://www.arbornetworks.com/report ; the paper is at http://www.tcb.net/wisr_2007_v3.pdf
• Internet Alert Registry - http://iar.cs.unm.edu/
• Pretty Good BGP - http://cs.unm.edu/~karlinjf/pgbgp/
• SANS Internet Storm Centre: an example relevant story: http://www.incidents.org/diary.html?storyid=4045
  • Linked to an ISC Diary article: http://isc.incidents.org/diary.html?storyid=3529 ; includes some data
  • Linked to a Usenix LEET '08 submission: A Study of Passwords and Methods Used in Brute-Force SSH Attacks (Jim Owens and Jeanna Matthews) - http://people.clarkson.edu/~owensjp/pubs/leet08.pdf

Technologies

• Filtering technologies for different connection types? ADSL? Cable? Wireless? Fibre/Ethernet termination?
• TBD

Should things be filtered?

• Justin Shore: http://www.merit.edu/mail.archives/nanog/msg06558.html
• Scott Weeks: where should the line be drawn :http://www.merit.edu/mail.archives/nanog/msg06560.html
• Dave Pooser: why filter FTP/Telnet: are they being actively exploited: http://www.merit.edu/mail.archives/nanog/msg06562.html
• Justin Shore: blocking outbound telnet/SSH? Most SSH versions on his netblocks (customers, I assume -ed) are old or vulnerable; customers paying for static IPs get the ability to have the filter removed: http://www.merit.edu/mail.archives/nanog/msg06578.html

Filtering: Data

• Frank Bulk - spam outflow rates (2/sec): http://www.merit.edu/mail.archives/nanog/msg06571.html
• Dave Pooser - probe rates (SSH bruteforcing): http://www.merit.edu/mail.archives/nanog/msg06573.html

SMP Filtering Effects on Roaming Customers

• TBD

Third-Party Network Monitoring

• TBD

Books for the NOC guys..

4-April-2010

Print books:

• Cisco Network Professional's Advanced Internetworking Guide (CCNP Series); by Patrick J. Conlan ISBN: 978-0-470-38360-5 (Paperback, 888 pages, published May 2009) [1]
• Router Security Strategies: Securing IP Network Traffic Planes; by Gregg Schudel, David J. Smith [2]
• Practical BGP; by Russ White [3]
• The TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference; by Charles M. Kozierok [4]
• TCP/IP Illustrated Volumes 1-3 Boxed Set; by W. Richard Stevens, Gary R. Wright [5]
• T1: A Survival Guide; by Matthew Gast [6]
• Network Maintenance and Troubleshooting Guide: Field Tested Solutions for Everyday Problems (2nd Edition); by Neal Allen [7]
• Network Warrior; by Gary A Donahue [8]
• Network Analysis and Troubleshooting; by J. Scott Haugdahl [9]
• Troubleshooting Campus Networks: Practical Analysis of Cisco and LAN Protocols; by Priscilla Oppenheimer, Joseph Bardwell [10]
• "the illustrated network" isbn 978-0-12-374541-5
• Practice of System and Network Administration by Thomas A. Limoncelli, Christina J. Hogan, and Strata R. Chalup [11]
• Router Security Strategies: Securing IP Network Traffic Planes; by Gregg Schudel, David J. Smith [12]
• Time Management for System Administrators by Thomas A. Limoncelli [13] [14]
• The Illustrated Network: How TCP/IP Works in a Modern Network; by Walter Goralski [15]

Online stuff:

• http://www.howstuffworks.com/internet-infrastructure.htm/printable
• http://www.inetdaemon.com/tutorials/internet/ip/routing/bgp/troubleshooting/
• http://www.nanog.org/meetings/nanog29/presentations/smith.pdf