Re: [44net] AMPRNet outage?

Generaly speaking, yes, but not in this case. If I understand correctly, the traffic drop was inbound from ipip-mesh, that means: some-ham-host -> ipip -> ucsd (-> inet or 44.0.0.1). ^ Measure in the Graph => Thus we're not talking about a faked IP address. It was either a case (or legitimite use) of - a ham-host sending traffic to ucsd (or via ucsd to the inet, or via ucsd to the inet to a bgp announced ham host (wich is even more legitimte)) - responses of inet attacks to a ham-host (good connected, the drop was abt. 3MBit) and this host has enabled his firewall for not sending RST, icmp unreachable, etc.. Without more detailed information, all we can do is to speculate. If you ask me, it was - a ham who looked for weeks two or more HAM Webcam streams has closed his browser or - a ham has forgotton to switch off his file sharing tool before going online in the amprnet or - a ham has his default-route to the internet via ucsd and watched TV or - perhaps, somewhere in the world there was a huge ham event with many visitors? (then 3MBit is "nothing") or - a ham computer with a virus, attacking the world or - some services like DMR changed their infrastructure or - an ampr ipip host had a service which was used from an internet bgp-announced network and it delivered ham content (dmr, etc..) via ipip->ucsd->44-inet-host. or much more cases If we'd have sflow/netflow data, we'd know what happened. vy 73, - Thomas dl9sau