Beagle Networks
Ryan Werber
CCIE and Network Guy
rss
archive
What I learned from being a fleeting internet celeb
As I mentioned before I never in a million years figured my little gimmick would take off. I knew I had done something special but most people just ignore the stupid stuff I do. A buddy of mine aptly named ‘someonefromhell’ tweeted the IP of my little gimmick and a few hours later, cmdrtaco of slashdot fame retweeted it. From there my poor little T1 hit near 100% utilization (this is fine, its for testing only) and my 15 minutes were created.
From all of this ive learned that people get jealous really quickly and want to destroy what they didnt create. beaglenetworks.net was under relentless attack, harming my upstream. Now as a CCIE specializing in large networks, I knew what was going on, and I knew what equipment I had at hand would never be able to fend this off. I moved the website to tumblr, and domain to godaddy.
I was worried the IP itself would get hammered and late Sunday, unfortunately it did. The DDoS to the website was insignificant to the amount of bandwidth launched at 216.81.59.173. While the server was getting hammered with approx 25mbps of various attack vectors, the DDoS on the ip was enormous. Over 1 GBPS of data coming in all at once. Thankfully, a well engineered network stood up to this, but the T1 was no match. My upstream ISP needed to contact thier peers to shut down that ip.. probably forever. Ironically, because of the way the traceroute was designed, a simple ping -f would have taken out the poor 1841s. No need to throw a few gigs at me!
These DDoS’s are nothing more than network bullying. I was bullied all through school and early in my career as well. Bullying is a horrific event, however it made me stronger. Ive learned that bullies always end up alone, and the bullied usually come out on top.
It was great while it lasted. Thank you all for the very nice comments, emails and tweets.
1 minute ago
Relentless DDoS
This is why we cant have nice things. Beaglenetworks.net has been ddos’ed all day. 216.81.59.173 has recently come under massive attack at > 1gbps. I cannot allow my upstreams to deal with this so I have no choice but to take it off line.
Appologies to all
4 hours ago
1 notes
There is a new version coming.
Been fighting off the script kiddies all day.. slowed down my work..
1 day ago
configs for both routers
http://beaglenetworks.net/configs.html
1 day ago
Star Wars Traceroute
Bored in the blizzard in Boston; I was inspired by my IRC friend ‘Plazma’ constantly making fun of my reverse dns of scrye.net I came up with this pretty neat hack.
It is accomplished using many vrfs on (2) Cisco 1841s. For those less technical, VRFs are essentially private routing tables similar to a VPN. When a packet destined to 216.81.59.173 (AKA obiwan.scrye.net) hits my main gateway, I forward it onto the first VRF on the “ASIDE” router on 206.214.254.1. That router then has a specific route for 216.81.59.173 to 206.214.254.6, which resides on a different VRF on the “BSIDE” router. It then has a similar set up which points it at 206.214.254.9 which lives in another VPN on “ASIDE” router. All packets are returned using a default route pointing at the global routing table. This was by design so the packets TTL expiration did not have to return fully through the VRF Maze. I am a consultant to Epik Networks who let me use the Reverse DNS for an unused /24, and I used PowerDNS to update all of the entries through mysql. This took about 30 minutes to figure out how to do it, and about 90 minutes to implement. All VRFs and DNS were generated by a PHP script.
Disclaimer: I am not a very elegant programmer. I can do whatever I need to. I think very linearly and do not plan very well. Below is the code I used to generate the VRFs.
Traceroute posted below for posterity.
$BASE="206.214.251.";
$NUMBER=1;
while ($NUMBER<250) {
$VLAN=$NUMBER+199;
$VLAN2=$NUMBER+203;
$NH = $NUMBER+5;
$SRCIP = $NUMBER+4;
$ASIDE="
vrf definition FOO$NUMBER
rd 10:$NUMBER
address-family ipv4
int fa0/0.$VLAN
encap dot1q $VLAN
vrf forwarding FOO$NUMBER
ip addr $BASE$NUMBER 255.255.255.252
ip route vrf FOO$NUMBER 216.81.59.173 255.255.255.255 $BASE$NH
ip route vrf FOO$NUMBER 0.0.0.0 0.0.0.0 216.81.59.175 global
int fa0/0.$VLAN2
encap dot1q $VLAN2
vrf forwarding FOO$NUMBER
ip addr $BASE$SRCIP 255.255.255.252
";
$DSTNUMBER=$SRCIP+1;
$DSTIP2=$SRCIP+5;
$VLAN3=$VLAN2+4;
$OUTIP=$DSTIP2-1;
echo "VLAN2 is $VLAN2 VLAN3 is $VLAN3\n";
$BSIDE="
vrf definition FOO$NUMBER
rd 10:$NUMBER
address-family ipv4
int fa0/0.$VLAN2
encap dot1q $VLAN2
vrf forwarding FOO$NUMBER
ip addr $BASE$DSTNUMBER 255.255.255.252
ip route vrf FOO$NUMBER 216.81.59.173 255.255.255.255 $BASE$OUTIP
ip route vrf FOO$NUMBER 0.0.0.0 0.0.0.0 216.81.59.175 global
int fa0/0.$VLAN3
encap dot1q $VLAN3
vrf forwarding FOO$NUMBER
ip addr $BASE$DSTIP2 255.255.255.252
";
$tmp = `echo "$ASIDE" >> OUT1.TXT`;
$tmp = `echo "$BSIDE" >> OUT2.TXT`;
$NUMBER=$NUMBER+8;
}
6 Episode.IV (206.214.251.1) 68.642 ms 67.307 ms 67.005 ms
7 A.NEW.HOPE (206.214.251.6) 65.986 ms 68.502 ms 68.708 ms
8 It.is.a.period.of.civil.war (206.214.251.9) 67.067 ms 70.139 ms 66.52
9 Rebel.spaceships (206.214.251.14) 70.214 ms 70.192 ms 71.622 ms
10 striking.from.a.hidden.base (206.214.251.17) 71.427 ms 74.206 ms
11 have.won.their.first.victory (206.214.251.22) 71.665 ms 70.434 ms 7
12 against.the.evil.Galactic.Empire (206.214.251.25) 69.218 ms 70.621
13 During.the.battle (206.214.251.30) 69.059 ms 68.931 ms 69.981 ms
14 Rebel.spies.managed (206.214.251.33) 77.247 ms 72.757 ms 77.61
15 to.steal.secret.plans (206.214.251.38) 71.224 ms 71.164 ms 69.543
16 to.the.Empires.ultimate.weapon (206.214.251.41) 68.744 ms 68.824
17 the.DEATH.STAR (206.214.251.46) 72.316 ms 74.551 ms 66.354 ms
18 an.armored.space.station (206.214.251.49) 69.413 ms 70.334 ms 6
19 with.enough.power.to (206.214.251.54) 66.182 ms 66.627 ms 71.23
20 destroy.an.entire.planet (206.214.251.57) 71.926 ms 71.266 ms 70.
21 Pursued.by.the.Empires (206.214.251.62) 67.298 ms 65.956 ms 66.
22 sinister.agents (206.214.251.65) 65.020 ms 67.806 ms 70.508 ms
23 Princess.Leia.races.home (206.214.251.70) 68.894 ms 71.147 ms 71
24 aboard.her.starship (206.214.251.73) 72.130 ms 71.093 ms 74.026
25 custodian.of.the.stolen.plans (206.214.251.78) 68.568 ms 67.939 ms
26 that.can.save.her (206.214.251.81) 67.063 ms 69.874 ms 68.889 m
27 people.and.restore (206.214.251.86) 70.395 ms 70.144 ms
28 freedom.to.the.galaxy (206.214.251.89) 66.098 ms 65.432 ms
29 0-------------------0 (206.214.251.94) 75.931 ms 74.159 ms 80.012
30 0------------------0 (206.214.251.97) 73.026 ms 73.403 ms 73.256
31 0-----------------0 (206.214.251.102) 83.602 ms 82.079 ms 70.743
32 0----------------0 (206.214.251.105) 70.459 ms 69.403 ms 68.782 m
33 0---------------0 (206.214.251.110) 68.516 ms 72.472 ms 71.811 ms
34 0--------------0 (206.214.251.113) 69.056 ms 65.981 ms 68.202 ms
35 0-------------0 (206.214.251.118) 66.790 ms 71.556 ms 74.292 ms
36 0------------0 (206.214.251.121) 68.286 ms 71.042 ms 71.587 ms
37 0-----------0 (206.214.251.126) 72.702 ms 71.785 ms 72.442 ms
38 0----------0 (206.214.251.129) 78.143 ms 74.411 ms 72.828 ms
39 0---------0 (206.214.251.134) 69.692 ms 66.187 ms 67.369 ms
40 0--------0 (206.214.251.137) 69.184 ms 70.678 ms 67.445 ms
41 0-------0 (206.214.251.142) 70.383 ms 68.220 ms 67.543 ms
42 0------0 (206.214.251.145) 67.593 ms 72.970 ms 73.220 ms
43 0-----0 (206.214.251.150) 70.964 ms 69.082 ms 70.831 ms
44 0----0 (206.214.251.153) 73.856 ms 71.848 ms 70.311 ms
45 0---0 (206.214.251.158) 71.517 ms 69.204 ms 69.538 ms
46 0--0 (206.214.251.161) 68.076 ms 68.179 ms 67.620 ms
47 0-0 (206.214.251.166) 68.738 ms 70.518 ms 68.757 ms
48 00 (206.214.251.169) 68.281 ms 70.225 ms 74.811 ms
49 I (206.214.251.174) 70.203 ms 71.668 ms 71.672 ms
50 By.Ryan.Werber (206.214.251.177) 68.900 ms 71.461 ms 72.297 ms
51 When.CCIEs.Get.Bored (206.214.251.182) 75.816 ms 73.957 ms 71.333 ms
52 read.more.at.beaglenetworks.net (206.214.251.185) 70.254 ms 73.799 ms
1 day ago
40 notes
© 2013 Beagle Networks