There's path MTU blackhole detection. See RFC 4821. This or similar systems are enabled in most mainstream operating systems (but not Android, because Google would rather replace TCP with TCP over UDP than fix TCP with existing fixes).
Like cesarb's sibling comment, I think router driven packet truncation would be useful. IP fragmentation is generally problematic and router driven fragmentation was eliminated from IPv6, but truncation with in-band indication would work a lot better. For TCP, the kernel on the receiver of a truncated packet could send an in-band ack of the received bytes, with a tcp option indicating the effective MTU.
For UDP, it would be a bit more complicated, you would need to alter the recvmsg syscall to provide both the original size and the received size, and transmitting that information back to the sender would be protocol specific of course. The sender would then either trigger IP fragmentation to appropriate sizes or some protocol specific fragmentation.
In my opinion (with hindsight), the IPv4/IPv6 model of "drop packets which exceed MTU" as the alternative to fragmenting packets was a bad choice. It would have been much better to take a third option and truncate the oversized packet. That would avoid both the bad effects of fragmentation (slow path in the routers, memory use in the receivers, non-initial fragments which lack the higher level headers making it a pain for firewalls) and the bad effects of dropping (waste of the bandwidth to send the dropped packet, broken firewalls discarding the ICMP message, CPU use in the router to send the ICMP message).
Except in practice this is useless because you're now transmitting what is basically a corrupted packet.
For this to work, L4 protocols would need to be completely redone to consider and work with this concept.
Also, what is actually meant to happen is that an ICMP(v6) packet too big message is supposed to be sent back to inform the sender that they need to reduce the packet size.
Unfortunately, with the pervasiveness of idiotic firewall configurations that blanket block ICMP, this falls apart which is why we have to deal with ugly hacks like TCP MSS mangling.
Yes. Phone phreaking in the 90s involved a ton of learning the lingo and the ins and outs of the phone company. It was even weirder to go work there later on and found how much that paid off and earned trust with a lot of the older folks there.
spoofers who generate a ton of syns to legit destinations which result in a lot of syn+ack to the victim. Bcp38 would help here.
Botnets generating a ton of UDP to destinations. Hosters, cloud providers (especially those with vulnerable/open EMR clusters) and broadband ISPs with easily compromised customers are the problem here. Kudos to those who take down the botnet command and controls.
Memached/ntp/cldap amplifiers. Still out there, still a problem. Thankfully a few of these services are policed at large peering interconnection points.
Yes. As someone who has to support network infrastructure and had many network issues (at all levels) bubble up to them since the start of covid/wfh - broadband networks are being stressed during work hours. You can run your own monitoring at home to validate it to differentiate between last mile vs. peering related.
The challenge is some of thr broadband networks aren't being transparent about it. They won't admit to it, etc. Luckily I've found folks in a few companies who are willing to go off the record and explain what is the state of the last mile and give dates around planned upgrades (which are impacted due to permitting delays due to city employees struggling with covid restrictions).
I highly recommend getting two ISPs at home (cable + DSL/fttx/etc.) if you can.
As for Corp networks...they should be doing more with providing their employees some tooling to indicate if the issue is their ISP or the Corp network. It's a sad state that VPN appliances cost as much as they do (surprise - you could probably build a cheaper/better one but something something no one ever got fired for buying Cisco/etc).
I remember as a pc tech (before they did that geek squad stuff) having to validate computer returns. The amount of stuff people would pull daily always amazed me. Putting bricks in a computer box, an old video card for a matrix vga card, the most wild was some video equipment where they replaced it with a two liter bottle of urine. I remember confronting people once I opened it and they would always pull the "well my son packed it and gave it to me" and promptly leave (with their item). They usually worked multiple stores in the area and sometimes we'd chat with the other stores, but usually that was for the bigger scams (people using altered receipts, asking for cash refunds on multi thousand dollar purchases).
It'd be nice if we could address some things like BCP38 (anti spoofing), RPKI, route filtering and folks who knowingly support infrastructure that's used for outbound ddos (c2s and regular hosts), spam and malware phishing. Plenty of hosting shops in US and Canada have these problems. That seems a bit more within our reach whereas an ISP in India is more than happy to pay a vendor to implement middlebox packet molesters.
I've been dealing with a ban evader/forum shock image spammer for months now, and the place he is buying proxies from is actively doing BGP hijacking on resources owned by AT&T, Windstream, hospitals and universities - for the primary purpose of carding and fraud. I haven't managed to get anyone knowledgeable at those companies to figure out how to pressure the small upstreams (that are not those T1s) to stop it.
Good luck. When I wrote forum software, moderation controls, what people might call shadow banning these days, and other filtering took up 70% development time. Retaliation was DDOS. I was one of Cloudflare’s first customers.
I'm about to start down a road that might lead to where you are, but my target audience is a bit more mature and laid back so it might not be an issue.
But what you said reminded me of a conversation we had here a month ago. I think it may be that I reserve image upload functionality for users who have proven their humanness (and their humanity).
In my case image quality matters much more than quantity, so I can afford to make that choice.
That depends on perspective, and what you consider trolling. Yeah...the 5 dollars is a great filter for the vast majority of the Greater Internet Fuckwad Theory[1] posters, but that just narrowed posters and moderation down to a particular echo chamber (not unlike HN, fwiw). If you are down with the content/tone of the majority of MF posts, you prolly think it's great. But just like HN, there are posters with 'cred' who can say most anything (things I would definitely consider a troll), the 'little people' who can say things, including trolling, as long as they don't deviate to far from orthodoxy, and the unclean who get moderated away (hey...they paid 5 bucks so can't just punt them). They have done a remarkable job at maintaining the illusion that they're some moderation utopia for a long time.
Sounds like you have an axe to grind with some of the political or ideological positions of the people who run Metafilter. I never said it was run as a user-administered democracy, it's run by a core group of about five people who also own the servers. It's their pet project.
It's their pet project with their pet axe to grind. I said as much. If you disagree specifically with the points I made about moderation, which was all I commented on, then cite where I'm wrong. Otherwise, accept it's just as much an echo chamber as all the others and not some magical moderation utopia is made out to be by it's uncritical fanbois. But "you just don't agree with their politics", which mostly I do, is just sad, lame apologist crap.
Could you drop some IP prefixes you believe are hijacked and timestamps? I can probably help out and bring this to folks who can take action.
(I have to deal with hijacks frequently and part of our investigation is beating on folks who have permissive filters and pressuring their peers to improve things)
Absolutely agreed. It is really easy to be a shitty, lazy colocation/hosting/VPS hosting company. It is somewhat more effort and more difficult to be a proper one. Margins are so thin in the hosting business that it would be own version of a personal hell... I feel a lot better about operating symmetric gigabit last mile residential services.
Yes. Many of these shops follow the same design patterns. Ports for hosts at L2 that they bill on that are part of a big Vlan/L3/SVI interface that has tons of customers. I've seen these configs where folks have hundreds of "secondary" ip addresses setup where any customer can steal other customer IPs in addition to lack of anti spoofing. It's slop and it's tolerated.
They're already doing massive flow sampling at the GFW complexes today. They can police down to individual flows if they want to. They scale wide by distributing out traffic based upon src or dst IP.
Friend of mine in Toronto told me a story how a CRTC (canadian telcom/radio regulator aka like the US FCC) tech was walking around his apt bldg with a spectrum analyzer. Pin pointed an apartment down the hall and was able to make contact and remove the offending device that was bleeding into mobile frequencies. Was a Chinese manufactured baby monitor that was interfering with mobile service. Said they had this problem all over the country with shoddy imports.
