[EXT] Fwd: Re: problems sending to prodigy.net hosted email

Wed Mar 21 17:06:26 UTC 2018

LaBrea Tarpit http://labrea.sourceforge.net/ can do this as well, though perhaps only for IPv4.  Basically it looks for unanswered ARP requests and answers them.  What it does with the ensuing session data is configurable.

---
The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.

>-----Original Message-----
>From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Stephen
>Satchell
>Sent: Tuesday, 20 March, 2018 19:39
>To: nanog at nanog.org
>Subject: Fwd: RE: [EXT] Fwd: Re: problems sending to prodigy.net
>hosted email
>
>Linux systems have the ability, given enough RAM, to associate almost
>any number of IP addresses to a given interface.  Our IP allocation
>database kept track of who was using what IP address.  I wrote some
>queries to collect all unassigned IP addresses, and to construct the
>appropriate shell commands to assign those IP addresses to Ackbar's
>interface.  Part of the program would also remove any allocated IP
>addresses from the server automtically.
>
>Worked like a charm.
>
>Whenever someone would nmap our address space, there would be at most
>one ARP request for the address; the router would then remember the
>IP->MAC association for the subsequent scans for a period of time --
>30
>minutes if we were renumbering, 12 hours otherwise.
>
>The Ackbar server lived attached to our main distribution switch, so
>that subsequent traffic to those unused IP addresses stayed out of
>the
>server farm.  We had some, er, "interesting" denial of service
>attacks
>that didn't do as much damage as they could have.
>
>
>-------- Forwarded Message --------
>Subject: RE: [EXT] Fwd: Re: problems sending to prodigy.net hosted
>email
>Date: Tue, 20 Mar 2018 17:15:25 +0000
>From: Charles Bronson <cbronson at iec-electronics.com>
>To: nanog at nanog.org <nanog at nanog.org>
>
>If this isn't pertinent to the list, feel free to answer privately.
>How
>did you implement the server that got rid of ARP storms?
>
>
>Charles Bronson
>
>
>
>-----Original Message-----
>From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Stephen
>Satchell
>Sent: Monday, March 19, 2018 9:31 PM
>To: nanog at nanog.org
>Subject: [EXT] Fwd: Re: problems sending to prodigy.net hosted email
>
>Two DNS servers hosted on one box (or VM object), even with two
>addresses, is easily compromised by DDoS amplification attacks.
>That's
>the norm for a number of "web control panel" systems like Plesk and
>CPanel.
>
>It depends on the scale of your operations.  Last time I was in that
>situation, I had roughly 25,000 domains spread across 30 servers.
>Life
>became MUCH simpler when I put up dedicated, and high-power, physical
>systems running non-recursive BIND for DNS1 and DNS2, as well as
>another
>pair of boxes running recursive servers as DNS3 and DNS4.
>
>Getting QMail and Exim to "smart host" to my monster MX servers
>proved
>to be pretty easy, and I even was able to get the web servers to tell
>me
>when a mailbox was full so I could reject the SMTP exchange at the
>edge,
>instead of generating backscatter.
>
>And, with a pool of roughly 4,000 IP addresses, I got rid of ARP
>storms
>in our network by putting up a little server called "ackbar", that
>was
>configured to respond to all otherwise unused IP address in our pool.
>(Edge routers were Cisco 7000 class, with DS3 uplinks.)
>
>Lessons learned well.
>
>-------- Forwarded Message --------
>Subject: Re: problems sending to prodigy.net hosted email
>Date: Mon, 19 Mar 2018 17:55:33 +0100
>From: Chris <chris2014 at postbox.xyz>
>To: C. Jon Larsen <jlarsen at richweb.com>
>CC: nanog at nanog.org
>
>On Mon, 19 Mar 2018 11:56:16 -0400 (EDT) C. Jon Larsen wrote:
>
>> > Why not? Never had a problem with multiple services on linux, in
>> > contrast to windows where every service requires its own box (or
>at
>> > least vm).
>>
>> Go for it ! Failure is an awesome teacher :)
>
>Don't really see a problem, especially since you normally always have
>two DNS servers...
>
>--
>Papst Franziskus ruft zum Kampf gegen Fake News auf. Wir finden, der
>Mann, der sich als Stellvertreter Christi ausgibt, von dem er
>behauptet,
>dessen Mutter sei zeitlebens Jungfrau gewesen, er hätte über Wasser
>gehen und selbiges in Wein verwandeln können, hat vollkommen recht.