What is IP takeover?
What is TUN/TAP?
TUN and TAP are virtual network kernel drivers. They implement network devices that are entirely supported in software. TAP simulates an Ethernet device and it operates with layer 2 packets such as Ethernet frames. TUN simulates a network layer device and it operates with layer 3 packets such as IP packets. TAP is used to create a network bridge, while TUN is used with routing.
What is a Network Bridge?
A network bridge connects multiple network segments at the data link layer (layer 2) of the OSI model. The term layer 2 switch is very often used interchangeably with bridge. Bridges are similar to repeaters or network hubs, devices that connect network segments at the physical layer. However with bridging, traffic from one network is managed rather than simply rebroadcast to adjacent network segments. Bridge is also commonly known as network switch. Bridges tend to be more complex than hubs or repeaters due to the fact that bridges are capable of analyzing incoming data packets on a network to determine if the bridge is able to send the given packet to another segment of that same network. Since bridging takes place at the data link layer of the OSI model, a bridge processes the information from each frame of data it receives. In an Ethernet frame, this provides the MAC address of the frame's source and destination.
How can we monitor network congestion?
I don't know yet.
How can we improve your network performance by choosing better DNS servers?
How can we determine if a port is open on a Windows server?
Assuming that it's a TCP (rather than UDP) port, on the server itself, use netstat -an to check to see which ports are listening. From outside, just telnet host port (or telnet host:port on Unix systems) to see if the connection is refused, accepted, or timeouts. In general:
- connection refused means that nothing is running on that port
- accepted means that something is running on that port
- timeout means that a firewall is blocking access
How can I edit a Windows Firewall to allow a port through?
- Open Control Panel
- Click on System and Security
- Click on Windows Firewall
- Click on Advanced settings
- Click on Inbound Rules (on the left hand side)
- Click on New Rule (on the right hand side)
- Choose Port
- Click Next
- Choose Specific local port and provide the port number that you wish to allow.
- Click Next
- Give this rule a name
- Click Next
How can we interpret the network traffic graph?
Refer to the graph on http://furbo.org/2015/01/22/fear-china/
Unless you’re a network engineer, that graph won’t mean much. The data shown is the amount of bandwidth into the Iconfactory’s main server. The blue line is the number of megabits per second for requests and the green area is the amount for responses to those requests. Normally, the blue line is much smaller than the green area: a small HTTP request returns larger HTML, CSS and images.
How can we response to a network emergency or a DDoS attack?
The first course of business was to regain control of the server. Every service on the machine was unresponsive, including SSH. The only thing to do was perform a remote restart and wait for things to come back online. As soon as I got a shell prompt, I disabled the web server since that was the most likely source of the traffic.
If you still have access to the firewall, you may be able to use it to reject the traffic as well, but still try to remote reboot so that the server comes back online faster.
Another option to consider is moving the server’s IP address. You’ll have to deal with the normal DNS propagation and reconfigure reverse DNS (especially if you’re running a mail server on the box), but this may be quick and effective way to avoid the firehose.
How can I get a list of IP address blocks for a given country?
The first step is to get a list of all the IP address blocks in the country. At present that’s 5,244 separate zones. You’ll then need to feed them to your firewall. See http://furbo.org/2015/01/22/fear-china/