dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
35
cabletecht
join:2012-06-08

cabletecht to OOLost

Member

to OOLost

Re: Need help configuring my Cisco871W with Optimum Static IP

said by OOLost :

said by cablewizzard:

One man's defective P-o-crap Belkin router generating a DNS flood is another man's DDoS. Can you be specific about the inbound traffic? Is it coming from a very large number of IP source addresses, and going to port 53/udp on one of your 5 static IPs?

I've identified two networks which I've now denied in the ACL instead of killing off all port 53 traffic:

ip access-list extended Deny-DDoS-ACL
deny ip 72.8.128.0 0.0.63.255 any
deny ip 209.205.64.0 0.0.31.255 any
permit ip any any

This ACL is applied to the interface as:

ip access-group Deny-DDoS-ACL in

Yesterday, this ACL had been:

deny udp any any eq domain

The above was a temporary fix until I had the time today to sort out all of the IPs which were sourcing the flood.

I'll leave it to you to determine if the routers in these networks are "P-o-crap Belkins."
said by cablewizzard:

Do you run a (registered) authoritative DNS server as a matter of regular business at the IP the traffic is going to?

Yes.
said by cablewizzard:

How does this impact your service, specifically your outbound traffic (DNS, HTTP)? If you have nothing responding to that traffic, it should NOT be filling your upstream.

Since ACLing the offenders, it's not too too bad. There's still a load of crap banging away on the incoming WAN interface.
said by cablewizzard:

No, OOL will not do anti-DDoS filtering for static-IP, unless the DDoS becomes so great that other subscriber's service is impacted - this is not part of the service as described.

Also, your ACL'ing of such traffic is likely wrong: if DoS traffic is inbound to 53/udp, then that's all you should filter, not OUTBOUND TO 53/udp, cause that's your own, presumably legit DNS queries.

Right. Learn Cisco IOS.
ip access-group Deny-DDoS-ACL in
--------------------------------------^^

It's BEcause, not cause... learn English too.
Acronyms are suffixed with just the suffix sans the apostrophe.

Sorry but don't get acrimonious with me.

isn't there a networking forum you can post this on? don't see how this issue is being caused by cablevisions services

OOLost
@optonline.net

OOLost

Anon

said by cabletecht:

isn't there a networking forum you can post this on? don't see how this issue is being caused by cablevisions services

Isn't this forum's title: Forums > US Cable Support > OptimumOnline ???

Nobody said it was "being CAUSED by cablevisions services." There WAS a problem with the service. I was getting no help with the problem from the service provider. The service provider failed to listen to the customer. The service provider wasted both party's time, money and resources because they wouldn't (or couldn't) listen. OOL treated the whole event like a loss of TV service issue. All the techs in the world (5 here in the past week) replacing the cable drops, connections and splitters would not/could not have mitigated the issue.

Well, it's clear now that Optimum Online is NOT a internet company; they're a TV service and continue to offer cable-TV support instead of internet support.

Is there a Forums > US Cable Support > OptimumOnline ? Business Service forum?
frdrizzt
join:2008-05-03
Ronkonkoma, NY

frdrizzt

Member

said by OOLost :

said by cabletecht:

isn't there a networking forum you can post this on? don't see how this issue is being caused by cablevisions services

Isn't this forum's title: Forums > US Cable Support > OptimumOnline ???

Nobody said it was "being CAUSED by cablevisions services." There WAS a problem with the service. I was getting no help with the problem from the service provider. The service provider failed to listen to the customer. The service provider wasted both party's time, money and resources because they wouldn't (or couldn't) listen. OOL treated the whole event like a loss of TV service issue. All the techs in the world (5 here in the past week) replacing the cable drops, connections and splitters would not/could not have mitigated the issue.

Well, it's clear now that Optimum Online is NOT a internet company; they're a TV service and continue to offer cable-TV support instead of internet support.

Is there a Forums > US Cable Support > OptimumOnline ? Business Service forum?

Any company who provides advanced support for configuring your LAN setup/equipment is going to make you pay a premium for that. You just aren't going to find that with a $50 service (really no difference in the support you are requesting from standard BOOL & Boost/Ultra & STIP). Not to say the support is poor, just that it does not cover the area you are looking for. The end point of the support is the CV-provided equipment, not the chair at the connected computer that is being accessed.

OOLost
@optonline.net

OOLost

Anon

Whether OOL can not or simply will not assist with configuration of the company's LAN and kit past the interface OOL provides does not concern me. That's perfectly fine with me. However, they then, without having any knowledge thereof, tell their customer that IT IS configuration beyond that point that IS at fault. In this case, it was clearly NOT at fault; it was functioning perfectly and properly. The router(s) connected to the DPQ3925 was(were) properly configured. The incessant traffic -- due to a DNS DDoS -- was THIS issue. OOL could have easily taken a look at the traffic that was being sent to my subnet -- and much easier than I too -- and, at least, offered an explanation for it. This is simply NOT a business class service, regardless of how much or how little is paid for it.

The "level" of service provided smacks in the face at the claims made in all of the OOL advertisement upon the television and such. The latest claim is that they will not be one of those "life interruptions." Having one's business brought to a virtual halt isn't a "life interruption?"

I do hope that OOL "techs" have been reading this. My hope would be that OOL management might have been reading along too. Rolling out the wire jockeys costs OOL money and, in this case, needless costs. It keeps other customers waiting when they are deployed needlessly too.

FWIW, the DNS DDoS ceased sometime in the late afternoon yesterday and has not started up again. ACLing the 2 networks on the router interface had nothing to do with it. Either the source(s) of the attack was(were) discovered or the other machine(s) in the exploit was(where) finally secured.
root
join:2002-12-11

1 recommendation

root

Member

said by OOLost :

I do hope that OOL "techs" have been reading this. My hope would be that OOL management might have been reading along too. Rolling out the wire jockeys costs OOL money and, in this case, needless costs. It keeps other customers waiting when they are deployed needlessly too.

I'm sure some CV employees have read this...and while some may have even responded out of their own free will and desire to help, your complete lack of respect for people taking their own time to offer help probably made them not give a shit anymore.

jaa
Premium Member
join:2000-06-13

jaa to OOLost

Premium Member

to OOLost
I'm sure CV has closed out the ticket - "CPE Issue Resolved by Customer".

Glad you are up and running again.

OOLost
@optonline.net

OOLost

Anon

said by jaa:

I'm sure CV has closed out the ticket - "CPE Issue Resolved by Customer".

Glad you are up and running again.

But this was NOT a CPE issue! Is that how they sweep this under the rug?

jaa
Premium Member
join:2000-06-13

jaa

Premium Member

said by OOLost :

said by jaa:

I'm sure CV has closed out the ticket - "CPE Issue Resolved by Customer".

Glad you are up and running again.

But this was NOT a CPE issue! Is that how they sweep this under the rug?

Just telling you how they see it. Works with their laptop, your Mac - to them any other problem is CPE.