Re: DHCPv6 authentication
I similarly was counting on 802.1x + RA-Guard and other techniques. I can easier do an insider attack by gaining console or connecting to a trusted wire as most places I've seen don't do 802.1x on wired but do on wireless. I'm not going to enumerate the universe for the sake of 6man/dhc or v6ops, and this seems like a futile effort. - Jared (who sometimes runs a network) On Thu, Aug 21, 2014 at 03:46:18AM +, Templin, Fred L wrote: Hi Jared, I am assuming 802.1x (or equivalent) security at L2, but the link between my DHCPv6 client and server is actually a tunnel that may travel over many network layer hops. So, it is possible for legitimate client A to have its leases canceled by rogue client B unless DHCPv6 auth or something similar is used. Yes, rogue client B would also have to be authenticated to connect to the network the same as legitimate client A, but it could be an insider attack (e.g., where B is a disgruntled employee trying to get back at a corporate adversary A). Thanks - Fred fred.l.temp...@boeing.com -Original Message- From: Jared Mauch [mailto:ja...@puck.nether.net] Sent: Wednesday, August 20, 2014 5:14 PM To: Templin, Fred L Cc: nanog list Subject: Re: DHCPv6 authentication If you are already connected to the network you are going to be deemed as authenticated. I'm unaware of anyone doing dhcp authentication. Jared Mauch On Aug 20, 2014, at 6:45 PM, Templin, Fred L fred.l.temp...@boeing.com wrote: Hi - does anyone know if DHCPv6 authentication is commonly used in operational networks? If so, what has been the experience in terms of DHCPv6 servers being able to discern legitimate clients from rogue clients? Thanks - Fred fred.l.temp...@boeing.com -- Jared Mauch | pgp key available via finger from ja...@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
RE: DHCPv6 authentication
Hi, the question is simply whether anyone is using, or knows of any use of) DHCPv6 Authentication. Does it work? What is the operational experience? Thanks - Fred fred.l.temp...@boeing.com
Ebay/Paypal blocking HTTP access based on SORBS DUHL / Spamhaus PBL
hey, For a while now, we have been getting complains from our broadband customers about not being able to reach ebay.com/paypal.com We have nailed it down to some small prefixes and they are all listed in SORBS DUHL / Spamhaus PBL and have been listed for ages. These are indeed dynamic IP pools and should not send any email (not that SMTP has anything to do with HTTP). For some reason, it looks like ebay/paypal is now blocking HTTP access based on these blacklists. Does anyone have working contact in their NOC or with security people? All emails to public contacts have not been answered to. -- tarko
Re: Ebay/Paypal blocking HTTP access based on SORBS DUHL / Spamhaus PBL
On Aug 21, 2014, at 6:23 AM, Tarko Tikan ta...@lanparty.ee wrote: hey, For a while now, we have been getting complains from our broadband customers about not being able to reach ebay.com/paypal.com We have nailed it down to some small prefixes and they are all listed in SORBS DUHL / Spamhaus PBL and have been listed for ages. These are indeed dynamic IP pools and should not send any email (not that SMTP has anything to do with HTTP). For some reason, it looks like ebay/paypal is now blocking HTTP access based on these blacklists. That seems really unlikely. If they were blocking access purely due to it being from dynamically assigned ranges, someone else would have noticed. High fraud rate or other misbehaviour from those ranges seems more likely. Can you share the data that makes you think it's the former? Does anyone have working contact in their NOC or with security people? All emails to public contacts have not been answered to. Cheers, Steve
Re: Ebay/Paypal blocking HTTP access based on SORBS DUHL / Spamhaus PBL
That seems really unlikely. If they were blocking access purely due to it being from dynamically assigned ranges, someone else would have noticed. My home IP is in both the PBL and the SORBS DUL and I have no trouble using ebay or paypal. Given that the problem range is in Estonia, I expect that it's some combination of abuse from the specific range and general issues with traffic from Estonia. R's, John
Cabling contractors
Hey folks, I wonder if anybody knows of some good cabling contractors (structured cabling, communication racks, patch panels, all cat5e/6) in the Toronto area? My office desperately needs a clean-up. Thanks! Hank
Re: Ebay/Paypal blocking HTTP access based on SORBS DUHL / Spamhaus PBL
hey, Can you share the data that makes you think it's the former? I can't say I'm absolutely sure, hence the question to wider audience. But I can say that it's only subset of prefixes that are blocked What I can do, is provide some blocked IPs as example: 90.190.226.239 90.191.156.199 84.50.65.135 -- tarko
Re: Ebay/Paypal blocking HTTP access based on SORBS DUHL / Spamhaus PBL
hey, My home IP is in both the PBL and the SORBS DUL and I have no trouble using ebay or paypal. Thanks for confirmation. Given that the problem range is in Estonia, I expect that it's some combination of abuse from the specific range and general issues with traffic from Estonia. What makes you say that? Any specific examples of trouble you are getting from Estonian networks? -- tarko