Re: Sabotage: several severed cables at the origin of a major internet outage in France

/www.telegraph.co.uk/world-news/2022/04/27/internet-multiple-cities-across-france-suspected-sabotage/ Cheers, - ferg -- Paul Ferguson Tacoma, WA USA Illegitimi non carborundum.

Re: Squat space is now being advertised by AS 749 (DoD Network Information Center)

ea why this change was made?  Is the DoD planning on actually legitimately putting services on the space soon instead of using it as a giant honeypot?  Or maybe even selling it? Thanks, Rich -- Paul Ferguson Tacoma, WA USA Illegitimi non carborundum.

Re: Don Smith, RIP.

upon that foundation, for the betterment of the Internet community as a whole. Once Don’s family have established plans for his memorial, they will be posted here. Roland Dobbins -- Paul Ferguson Tacoma, WA USA Illegitimi non carborundum.

IP Route Hijacking Bad Actor: AS57129/RU-SERVERSGET-KRSK, RU/Optibit LLC

anks in advance, - - ferg - -- Paul Ferguson Seattle, WA USA -BEGIN PGP SIGNATURE- Version: GnuPG v2 iF4EAREIAAYFAl1i4CEACgkQKJasdVTchbJVHAEA0s7Ej73VPQth2Rho4xwTnv8e qQFJ6SB+qulM1HFHoUgA/RXAL1BFJC3wq9GsXYJ4sqLSrje/gPm1JzVMeEJMTGlQ =r3mY -END PGP SIGNATURE-

Re: Spamming of NANOG list members

fit is burning > >     through quite a bit of stolen credentials. > >     Richard Golodner > >     Infratection > It's Emotet (again). Cheers, - ferg -- Paul Ferguson Principal, Threat Intelligence Gigamon Seattle, WA USA

Re: 29 May 2019: Emotet malspam: 'Mykolab Ref Id: I32560' [Was: Re: Spamming of NANOG list members]

> On May 29, 2019, at 9:14 AM, Niels Bakker wrote: > > * fergdawgs...@mykolab.com (Paul Ferguson) [Wed 29 May 2019, 18:04 CEST]: >> This is apparently (?) part of a wave of spoofed malspams impersonating >> messages with ‘weaponized' attachments sent to the NANOG (North

29 May 2019: Emotet malspam: 'Mykolab Ref Id: I32560' [Was: Re: Spamming of NANOG list members]

/pipermail/nanog/2019-May/101140.html Details: Date: Wed, 29 May 2019 10:03:04 -0500 From: "NANOG" To: "Paul Ferguson" Subject: Mykolab Ref Id: I32560 X-Authenticated-Sender: s214.panelboxmanager.com Return-Path: Attachment: "ATTACHMENT 654860 I32560.doc" MD5:49fbc31d

Re: Packetstream - how does this not violate just about every provider's ToS?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 4/24/2019 10:07 PM, Anne P. Mitchell, Esq. wrote: > Just ran into packetstream.io: > > "Sell Your Unused Bandwidth > > Earn passive income while you sleep > What could possibly go wrong? :-) - - ferg - -- Paul Fer

Re: FYI - Major upgrade this weekend to www.arin.net and ARIN Online

ecause you are subscribed to >> the ARIN Announce Mailing List (arin-annou...@arin.net). >> Unsubscribe or manage your mailing list subscription at: >> https://lists.arin.net/mailman/listinfo/arin-announce >> Please contact i...@arin.net if you experience any issues. — Paul Ferguson Principal, Threat Intelligence Gigamon Seattle, Washington, USA signature.asc Description: Message signed with OpenPGP

Re: Comcast and DGA like behavior

d consumer’s computer gets pwned, there’s nothing really stopping a criminal from registering any sort of domain/hostname and pointing a DNS A record at it. In fact, that’s pretty routine. But the aspect that it could be a DGA is a bit more difficult insofar as planning and logistics, but no

listserv hosed? [Was: Fwd: nanog.org mailing list memberships reminder]

info and how to use it to change it or unsubscribe from a list. [...] - -- Paul Ferguson ICEBRG.io, Seattle USA -BEGIN PGP SIGNATURE- Version: GnuPG v2 iF4EAREIAAYFAlpz4g8ACgkQKJasdVTchbIYkwD/YKFV2FP6R+Ow0o2HuiWfAD/H +7s2kWMowu0L3rpu1ssA/j+NTaDvydw99/BHG3ZAfj8XYItxDU8zYC976kS81AvF =Rexp

Re: Suggestions for a more privacy conscious email provider

d, for a lot of personal e-mail communications. They are very, very privacy conscious: - --> https://kolabnow.com/feature/confidence They are *not* free, but quite reasonable, and I am quite happy with the m. - - ferg - -- Paul Ferguson ICEBRG.io, Seattle USA -BEGIN PGP SIGNATURE- Ve

Re: 19 years ago today (Oct 16th, 1998) we lost our guide - Jon Postel - RFC2468

001. http://www.neebu.net/~khuon/abha/ > > Sigh. > - -- Paul Ferguson ICEBRG.io, Seattle USA -BEGIN PGP SIGNATURE- Version: GnuPG v2 iF4EAREIAAYFAlnj8i8ACgkQKJasdVTchbIlkwD/ZvveS3X+xLlanPe1VuLb88eu WfPsP69wcm8sr+V5TpABAKBUv7+KSuo8EITlhOiq2Rp1caQl6FarxbXIi6KH1hvU =cdBp -END PGP SIGNATURE-

Re: Avalanche botnet takedown

t; manage to get many domain registrars and somtimes even domain registries > to lift a finger to help. Even some of us international law enforcement > guys, who have badges and everything, were also told to go pound sand by > several of the world's worst and most unhelpful registrars and regi

Re: Death of the Internet, Film at 11

r! Cheers, - - ferg - -- Paul Ferguson ICEBRG.io, Seattle USA -BEGIN PGP SIGNATURE- Version: GnuPG v2 iF4EAREIAAYFAlgK2ukACgkQKJasdVTchbJDywD/frHeNpPnlwT1ddgh4kZyi5MJ YkH5lbx41an0WNpg3NAA/043VNnfKK5JQ7+dCsXyx8LEno8aIoIPvIvPGsWyjY50 =HMfV -END PGP SIGNATURE-

Re: Death of the Internet, Film at 11

not much point to running an internet > business website anymore. > Don't let the perfect be the enemy of the good. - - ferg (BCP38 instigator) - -- Paul Ferguson ICEBRG.io, Seattle USA -BEGIN PGP SIGNATURE- Version: GnuPG v2 iF4EAREIAAYFAlgKunAACgkQKJasdVTchbJJCQD+N6cosKffmfTqERBJ8q3

Re: Request for comment -- BCP38

> On Sep 26, 2016, at 7:47 AM, Stephen Satchell <l...@satchell.net> wrote: > > On 09/26/2016 07:11 AM, Paul Ferguson wrote: >> No -- BCP38 only prescribes filtering outbound to ensure that no >> packets leave your network with IP source addresses which are not >

Re: Request for comment -- BCP38

No -- BCP38 only prescribes filtering outbound to ensure that no packets leave your network with IP source addresses which are not from within your legitimate allocation. - ferg On September 26, 2016 7:05:49 AM PDT, Stephen Satchell wrote: >Is this an accurate thumbnail

Re: Handling of Abuse Complaints

use of this message, its contents or any > attachments is prohibited. Any wrongful interception of this message is > punishable as a Federal Crime. If you have received this message in error, > please notify the sender immediately by telephone (800) 801-2300 or by > electronic mail at postmas...@warnerpacific.com. — Paul Ferguson ICEBRG.io Seattle, Washington, USA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Turning Off IPv6 for Good (was Re: Netflix VPN detection - actual engineer needed)

alk about this, >> the only response is to say "call your ISP and have them turn off >> the VPN software they've added to your account". And they >> absolutely refuse to escalate. Even if you tell them that you are >> essentially your own ISP. >> >&

Re: ICYMI: FBI looking into LA fiber cuts, Super Bowl

al" network issues >> then we would of heard of injuries before. > > I think that line refers to drone operators ... > - -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -BEGIN PG

Re: configuration sanity check

Be careful in your search for RATs -- in the security world it also stands for Remote Access Trojan. :-) - ferg On October 29, 2015 3:06:23 PM EDT, Jesse McGraw wrote: >Historically there was RAT (Router Audit Tool). You'll have to do some > >googling to see where it's

Fw: new message

Hey! New message, please read <http://bambooco.ru/life.php?gasg> Paul Ferguson

Re: Quick Update on the North American BCOP Efforts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 9/30/2015 8:25 PM, Jay Ashworth wrote: > Guessing no one cares. Darwinism. - - ferg - -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -BEGIN PGP SIGNATURE- Vers

Re: Synful Knock questions...

the time to check. You would need to capture > the MD5 from a known good image, and watch for changes. > - -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2 iF4EAREIA

Re: Experience on Wanguard for 'anti' DDOS solutions

. That is sometimes more of an art than a science. :-) - - ferg - -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2 iF4EAREIAAYFAlXJT7EACgkQKJasdVTchbJXoQD+Mhyy7gwtMkp+mdaEUiqvwlWe

Re: Working with Spamhaus

to make use. Spamhaus ever attend a NANOG meetings ? Thank You Bob Evans CTO - -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2 iF4EAREIAAYFAlW5DBsACgkQKJasdVTchbIznQD/ac

Re: Working with Spamhaus

. Spamhaus ever attend a NANOG meetings ? Thank You Bob Evans CTO - -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2 iF4EAREIAAYFAlW5C

Re: Yandex DNS with Sophos antivirus blocking TrendMicro services

for yourself. Alan Moore. - -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2 iF4EAREIAAYFAlW3r+EACgkQKJasdVTchbLmuAEAhUYZUBE2KtIqoyKZmZmb2svp NTBKe3jCyYdYOfwkr+MBAIgDqQ97YzIgsWPv

Re: Dual stack IPv6 for IPv4 depletion

frustrating. - - ferg - -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2 iF4EAREIAAYFAlWnA/oACgkQKJasdVTchbJAWAD8DhRq1QlPZlZhH8Apr66od+NU Tz8F1bLqu6+3dymwNJEBANjyOh0jwwHhIZk1hOy

Re: BIS re-regulating crypto is on the table...

-intrusion-and-surv eillance-items manning bmann...@karoshi.com PO Box 12317 Marina del Rey, CA 90295 310.322.8102 - -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2

Re: Possible Sudden Uptick in ASA DOS?

, I am still looking for a reaction. Eddi: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cis co-sa-20141008-asa - - ferg - -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -BEGIN PGP SIGNATURE

Re: United Airlines is Down (!) due to network connectivity problems

...@gmail.com wrote: http://www.reuters.com/article/2015/07/08/us-ual-flights-idUSKCN0PI1 IX20150708 At least, that's what I just heard on the radio. I know no other details . Regards Marshall Eubanks - -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8

Re: United Airlines is Down (!) due to network connectivity problems

in amateur investigation: an early opinion will lead you into confirmation bias, irrationally accepting data agreeing with your opinions and rejecting that disproving it. -mel beckman On Jul 8, 2015, at 10:07 AM, Paul Ferguson fergdawgs...@mykolab.com wrote: NYSE: The issue we

Re: United Airlines is Down (!) due to network connectivity problems

for various applications. We fixed the router. https://twitter.com/barronstechblog/status/618816643821633536 - - ferg On 7/8/2015 9:36 AM, Paul Ferguson wrote: All completely coincidental networking issues, not related to anything malicious. - ferg On 7/8/2015 9:26 AM, Matthew Huff wrote

Re: Dual stack IPv6 for IPv4 depletion

/256th of that. Pop history: 640k should been enough for anyone... http://archive.wired.com/politics/law/news/1997/01/1484 - - ferg - -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -BEGIN PGP SIGNATURE- Version: GnuPG

Re: Dual stack IPv6 for IPv4 depletion

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 7/8/2015 6:51 PM, Mel Beckman wrote: This is where we have to excise our IPv4 fear of waste reflex. Excise or exercise? I am partially serious. - - ferg - -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8

[no subject]

---BeginMessage--- -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Does anyone any else find it weird that the last dozen or so messages from the list have been .eml attachments? Or is it just me? - - ferg - -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8

Re:

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 5/7/2015 7:23 PM, Paul Ferguson wrote: I'm on a gazillion lists, and this is the only one which seems to have this particularly annoying problem. And fixed! Apologies for the noise. - - ferg - -- Paul Ferguson PGP Public Key ID

Re:

and everyone is being treated as a DMARC encumbered sender. I'm on a gazillion lists, and this is the only one which seems to have this particularly annoying problem. - - ferg - -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2

Transit, Exchange Point Agreements, and Acceptable Use?

://www.channel4.com/news/spy-cable-revealed-how-telecoms-firm-worked-with-gchq My question is this: Do willful actions such as these violate peering, transit, and/or exchange agreements in any way? Thanks, - - ferg - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 Key fingerprint

Re: Transit, Exchange Point Agreements, and Acceptable Use?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 11/21/2014 7:07 AM, Daniel Corbe wrote: Paul Ferguson fergdawgs...@mykolab.com writes: I'll apologize up front if this offends anyone's sensitivities as to what is relevant for list conversation... but one sentence in this Channel4 News

Re: Transit, Exchange Point Agreements, and Acceptable Use?

[mailto:nanog-boun...@nanog.org] On Behalf Of Paul Ferguson Sent: Friday, November 21, 2014 7:59 AM To: NANOG Subject: Transit, Exchange Point Agreements, and Acceptable Use? I'll apologize up front if this offends anyone's sensitivities as to what is relevant for list conversation... but one

Fwd: Interesting problems with using IPv6

2014 09:28:45 + From: l.w...@surrey.ac.uk To: i...@ietf.org http://blog.bimajority.org/2014/09/05/the-network-nightmare-that-ate-my-week/ Interesting scaling concerns... Lloyd Wood http://about.me/lloydwood [end] - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID

Re: The Next Big Thing: Named-Data Networking

. :-) - - ferg - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iF4EAREIAAYFAlQJyEYACgkQKJasdVTchbIF0QD9FFwhgIKz7ssn9olaQHhIO6rO

Re: The Next Big Thing: Named-Data Networking

/~yuksem - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32

Re: The Next Big Thing: Named-Data Networking

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 9/5/2014 12:49 PM, valdis.kletni...@vt.edu wrote: On Fri, 05 Sep 2014 12:38:13 -0700, Paul Ferguson said: The principle questions still stand unanswered: What is the motivation for this? What do you gain? Does it create some large

Re: So Philip Smith / Geoff Huston's CIDR report becomes worth a good hard look today

a reference at the moment - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iF4EAREIAAYFAlPrcJ8ACgkQKJasdVTchbINbAD9FKCQYHW2QTHrUB7NFOzJMpAx

Re: So Philip Smith / Geoff Huston's CIDR report becomes worth a good hard look today

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Apologies for replying to my own post, but... below: On 8/13/2014 7:05 AM, Paul Ferguson wrote: On 8/13/2014 6:52 AM, Warren Kumari wrote: Am I overly cynical, or does this all work out perfectly for some vendors? I'm guessing that a certain

Re: So Philip Smith / Geoff Huston's CIDR report becomes worth a good hard look today

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 8/13/2014 11:09 AM, joel jaeggli wrote: On 8/13/14 8:55 AM, Paul Ferguson wrote: Apologies for replying to my own post, but... below: On 8/13/2014 7:05 AM, Paul Ferguson wrote: p.s. I recall some IPv6 prefix growth routing projections

Re: Owning a name

that ISO has a procedure for determining which entities should be and should not be on that list. - Jon Postel, RFC 1591 - - ferg - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -BEGIN PGP SIGNATURE

Re: Team Cymru / Spamhaus

, Adam - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net

Dyn Acquires Internet Intelligence Service Renesys

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Interesting development. http://techcrunch.com/2014/05/21/dyn-acquires-internet-intelligence-service-renesys/ FYI, - - ferg - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -BEGIN PGP SIGNATURE- Version

Re: Observations of an Internet Middleman (Level3)

, then call it the faster lane or the uncongested lane or something that actually reflects bias and preferential treatment. It's a done deal now: http://www.washingtonpost.com/blogs/the-switch/wp/2014/05/15/fcc-approves-plan-to-allow-for-paid-priority-on-internet FYI, - - ferg - -- Paul Ferguson VP

Re: Observations of an Internet Middleman (Level3)

for Flash on my Mac. Owen On May 15, 2014, at 10:17 AM, Paul Ferguson fergdawgs...@mykolab.com wrote: On 5/15/2014 10:06 AM, Ryan Brooks wrote: It's a shame the use of 'fast lane' is ubiquitous in this argument. If the local distribution networks would like to actually build something fast

New Zealand Spy Agency To Vet Network Builds, Provider Staff

- -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlNyHw4ACgkQKJasdVTchbLwDgD/WVHo2iTapJ90l8MRcwUZ5OQ7

Re: New Zealand Spy Agency To Vet Network Builds, Provider Staff

permission to remediate. On Tue, May 13, 2014 at 3:33 PM, Paul Ferguson fergdawgs...@mykolab.com mailto:fergdawgs...@mykolab.com wrote: I realize that New Zealand is *not* in North America (hence NANOG), but I figure that some global providers might be interested here. This sounds rather

How the NSA tampers with US-made Internet routers

on anyone using them. Yet what the NSA's documents show is that Americans have been engaged in precisely the activity that the US accused the Chinese of doing. Much more: http://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-internet-routers-snowden Enjoy! - - ferg - -- Paul

Fwd: Serious bug in ubiquitous OpenSSL library: Heartbleed

) OpenSSL 1.0.0 branch is NOT vulnerable OpenSSL 0.9.8 branch is NOT vulnerable - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net

Re: why IPv6 isn't ready for prime time, SMTP edition

* to send mail. I migrated all of my personal e-mail off of free webmail platforms some time ago to a paid service (e.g. If you are not paying for a service, you are the product.). - - ferg - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -BEGIN PGP SIGNATURE

Re: why IPv6 isn't ready for prime time, SMTP edition

. It is very easy for some to forget that not everyone has a gigabit fiber connection to their homes with ARIN assigned IPv4/IPv6 blocks announced over BGP. Some of us actually have to make do with (sometimes very) limited budgets and what the market is offering us and has made available. - -- Paul

Re: why IPv6 isn't ready for prime time, SMTP edition

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 3/25/2014 2:38 PM, Elizabeth Zwicky wrote: Local policy, sure; local DMARC policy, wait what? My goof. Apparently just local policy sans DMARC. - - ferg - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -BEGIN

Re: why IPv6 isn't ready for prime time, SMTP edition

. Most people would say that was unreliable even before knowing you're talking about IPv6 instead of IPv4. shrug Also, please do *not* expect folks to toss anti-spam measures out the window just because they might move to v6. That would be naive. - - ferg - -- Paul Ferguson VP Threat

Re: 59.229.189.0/24

** route-viewssho ip bgp 59.229.189.0 % Network not in table route-views - - ferg - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG

Re: 59.229.189.0/24

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 3/24/2014 2:13 PM, Paul Ferguson wrote: On 3/24/2014 1:53 PM, Christopher Morrow wrote: On Mon, Mar 24, 2014 at 4:49 PM, greg whynott greg.whyn...@gmail.com wrote: 59.229.189.0 $ whois -h whois.cymru.com 59.229.189.0 AS | IP

Re: IPv6 Security [Was: Re: misunderstanding scale]

compasses. And as Randy Bush always like to say (paraphrased), I encourage my competitors to dismiss customer concerns over IPv6 migration. Cheers, - - ferg On 3/24/2014 6:18 PM, Owen DeLong wrote: On Mar 23, 2014, at 2:45 PM, Paul Ferguson fergdawgs...@mykolab.com wrote: -BEGIN PGP

Re: misunderstanding scale

) to move to IPv6 while their IPv4 networks work just fine. Also, IPv6 introduces some serious security concerns, and until they are properly addressed, they will be a serious barrier to even considering it. $.02, - - ferg - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID

IPv6 Security [Was: Re: misunderstanding scale]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 3/23/2014 2:27 PM, Timothy Morizot wrote: On Mar 23, 2014 11:27 AM, Paul Ferguson fergdawgs...@mykolab.com mailto:fergdawgs...@mykolab.com wrote: Also, IPv6 introduces some serious security concerns, and until they are properly addressed

Re: US to relinquish control of Internet

-announce/current/msg12562.html [4] http://1net-mail.1net.org/mailman/listinfo/discuss [5] http://blogs.cisco.com/gov/cisco-supports-u-s-department-of-commerce-decision-to-transition-internet-management-functions/ - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID

Re: Level 3 blames Internet slowdowns on ISPs' refusal to upgrade networks | Ars Technica

spend money with digital ocean. :) You should too. uhh, no. It's the 21st century. I prefer to spend my money with those that, at a bare minimum, provide IPv6. -Jim P. - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -BEGIN PGP SIGNATURE

Re: new DNS forwarder vulnerability

be interesting to have a matrix of which CPEs utilize which reference implementation. That may start giving some clues. Has someone / is someone doing this? - merike - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -BEGIN PGP SIGNATURE- Version

Re: Filter NTP traffic by packet size?

useful than trying to push the tide back with a teaspoon. Yes, udp is here to stay, and I quote Randy Bush on this, I encourage my competitors to block udp. :-p - - ferg - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -BEGIN PGP SIGNATURE- Version: GnuPG

Changing the way we talk about BCP38 [Was: Re: Everyone should be deploying BCP 38! Wait, they are ....]

on tracking back spoofed packets and reporting the attacks, and securing devices. - Jared - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http

Permitting spoofed traffic [Was: Re: ddos attack blog]

is to deny any spoofed traffic from abusing these services altogether. NTP is not the only one; there is also SNMP, DNS, etc. - - ferg - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG

Re: Permitting spoofed traffic [Was: Re: ddos attack blog]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2/14/2014 3:00 PM, Larry Sheldon wrote: On 2/14/2014 12:42 PM, Paul Ferguson wrote: Taken to the logical extreme, the right thing to do is to deny any spoofed traffic from abusing these services altogether. Since the 1990s I have argued

Re: Permitting spoofed traffic [Was: Re: ddos attack blog]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2/14/2014 4:09 PM, Joe Provo wrote: On Fri, Feb 14, 2014 at 10:42:55AM -0800, Paul Ferguson wrote: [snip] Taken to the logical extreme, the right thing to do is to deny any spoofed traffic from abusing these services altogether. NTP

Re: ddos attack blog

spoofing should be encouraged. - - ferg - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net

Re: Blocking of domain strings in iptables

out and script them for automation. Can someone suggest a way out for this within IPTables or may be some other open source firewall? Thanks. - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22

Re: Why won't providers source-filter attacks? Simple.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2/5/2014 7:06 PM, Jimmy Hess wrote: The last-mile is the best possible place to filter, without breaking things. I could not agree more. :-) - - ferg - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -BEGIN

Re: Why won't providers source-filter attacks? Simple.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2/5/2014 7:35 PM, Mark Andrews wrote: In message 52f2ff98.2030...@mykolab.com, Paul Ferguson writes: On 2/5/2014 7:06 PM, Jimmy Hess wrote: The last-mile is the best possible place to filter, without breaking things. I could not agree

Re: Why won't providers source-filter attacks? Simple.

motivate some younger, brighter, ingenious people who have not been tilting at this for 15 years to consider new ways to approach this problem. :-) -- Smiley! - - ferg - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22

BCP38 [Was: Re: TWC (AS11351) blocking all NTP?]

, - - ferg - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlLxLL4ACgkQKJasdVTchbJ95AEAm5GcMZUKvy5WDjycH8f4C4Dq 7t1inFCPmGhbmo

Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2/4/2014 10:47 AM, valdis.kletni...@vt.edu wrote: On Tue, 04 Feb 2014 10:09:02 -0800, Paul Ferguson said: I'd like to echo Jared's sentiment here -- collectively speaking, service providers need to figure out a way to deal with this issue

Re: BCP38 is hard, was TWC (AS11351) blocking all NTP?

if it is, not all of the customers do BGP, some are just stub networks. If we could figure out a reasonable way (i.e., one that the customers might be willing to implement) to handle this, it'll make BCP38 a lot more doable. BCP84? :-) - - ferg - -- Paul Ferguson VP Threat Intelligence

BCP38 [Was: Re: TWC (AS11351) blocking all NTP?]

a lot of kicking. $.02, - - ferg (co-author of BCP38) - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net

Re: TWC (AS11351) blocking all NTP?

with the provider, although with it being the weekend, I have doubts it'll be a quick resolution. I'm sure its a strange knee-jerk response to the monlist garbage. Still, stopping time without warning is Uncool, Man. -- Jonathan Towne - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key

Re: NetSol opts domain customers into $1800 Security program?

moved to Domain Discover almost immediately... but this seems *wildly* over the top. How many domains do *you* have? Cheers, -- jra - -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http

Re: NetSol opts domain customers into $1800 Security program?

#7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV - -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) Comment

Re: Internet Routing Registries - RADb, etc

of either RADb or Level3)? Thanks in advance, --Blake - -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlLW/kkACgkQKJasdVTchbJL0AD/eU

Re: OpenNTPProject.org

attacking (but whole world). That does *not* make it an unworthy goal, nor should it stop people from encouraging it's implementation. - - ferg (co-author of BCP38) - -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG

Re: turning on comcast v6

, it is logical to make those ports default to RA allowed while defaulting to not allowing RAs from other ports by default. Some people do not want switches making IP address assignments. That's all. :-) - - ferg - -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 -BEGIN PGP SIGNATURE- Version

Re: turning on comcast v6

not to include default route in the configuration for DHCPv6, and it's long overdue. As I’ve said before, if we’re going to bother doing it, we should just include RIO options, but otherwise, I agree with you. Owen -- Paul Ferguson PGP Public Key ID: 0x63546533

Re: NSA able to compromise Cisco, Juniper, Huawei switches

SIGNATURE- -- Paul Ferguson PGP Public Key ID: 0x63546533

Re: NSA able to compromise Cisco, Juniper, Huawei switches

are these Cisco devices manufactured? - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 10.2.0 (Build 2317) Charset: utf-8 wj8DBQFSw1z/q1pz9mNUZTMRAvbIAKCYZn3slg1wMak/nlc/hb3ZHkS29wCg3ucb OJTl+SLgBtQDMGi+cTdDRtQ= =VAdw -END PGP SIGNATURE- -- Paul Ferguson PGP Public Key ID: 0x63546533

Re: ddos attacks

- -- Paul Ferguson PGP Public Key ID: 0x63546533

Re: Best practice on TCP replies for ANY queries

poor at first. -BEGIN PGP SIGNATURE- Version: PGP Desktop 10.2.0 (Build 2317) Charset: utf-8 wj8DBQFSqhvyq1pz9mNUZTMRAiXgAKCDaQ1KmlVCjXKffz0bVmHRGpbwxgCfXEk7 tHQx8SXtY/xNFLm2L3Uu8x8= =tTIW -END PGP SIGNATURE- -- Paul Ferguson PGP Public Key ID: 0x63546533

Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet

at the route-views data. Most recently the past two days 701 has done a large MITM of traffic. In other news, you can go read the other thread on this that happened already. http://mailman.nanog.org/pipermail/nanog/2013-November/062257.html - Jared -- Paul Ferguson PGP Public Key ID: 0x63546533

Re: A new forum for discussing large scale TLS/SSL and other crypto deployment issues

) Charset: utf-8 wj8DBQFShq/fq1pz9mNUZTMRArY9AJ4xUozLVnzPsMUPTuYPpFpjm0mZswCfcT/r H/jH8L1Hk1Ra4/CYkRF3KRc= =kPz+ -END PGP SIGNATURE- -- Paul Ferguson Vice President, Threat Intelligence IID, Tacoma, Washington USA PGP Public Key ID: 0x63546533 IID -- Connect and Collaborate

Re: comcast ipv6 PTR

PGP SIGNATURE- Version: PGP Desktop 10.2.0 (Build 2317) Charset: utf-8 wj8DBQFSXJwqq1pz9mNUZTMRAkJKAKCGLnO9qEGXv5LIKxCBiZhwf7HwHQCggksf Fn3GhVzeKyHG5cSc7y5GXJw= =Gtw1 -END PGP SIGNATURE- -- Paul Ferguson Vice President, Threat Intelligence Internet Identity, Tacoma, Washington USA

Re: google / massive problems

wj8DBQFSVYDTq1pz9mNUZTMRArDeAJ44GjAt1uzY4++dKDmrPWhBfm3a2wCcCqGB w6FrRdogRvpTomaMdcqO9hU= =OMUq -END PGP SIGNATURE- -- Paul Ferguson Vice President, Threat Intelligence Internet Identity, Tacoma, Washington USA IID -- Connect and Collaborate -- www.internetidentity.com

  1   2   3   4   >