Re: Craigslist hacked?
Probably a good time to remind folks of HTTPS everywhere plugin for Chrome and Firefox :-) Cheers, Harry On Nov 24, 2014 1:04 AM, Christopher Morrow morrowc.li...@gmail.com wrote: On Sun, Nov 23, 2014 at 11:51 PM, Randy Bush ra...@psg.com wrote: and what tasty things did the hijacker's web site serve? probably not much for very long... :( CL traffic is a bit crushy.
Re: Craigslist hacked?
Probably a good time to remind folks of HTTPS everywhere plugin for Chrome and Firefox :-) what? and deter natural selection? i have hope for this really being improved next year https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-entire-web randy
RE: Multi-homing with multiple ASNs
Thanks to everyone for your input on our less than desirable BGP situation. I do want to make sure I add that the state network we are a part of serves everything from elementary schools, to universities. to the traffic cameras on the interstate.Many of these are in rural locations and in the past each state entity had created their own network including two separate state university networks.The state vendor managed network was created to save money and provide higher level services than just an ISP. Among other things it serves as the private WAN for some state agencies.As our internet redundancy and bandwidth demands have increased we have outgrown the need for the high touch services offered by the state network but we must participate in order to maintain WAN access to other state universities. Thanks again for the feedback. Curtis Curtis Parish Senior Network Engineer Middle Tennessee State University -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of joel jaeggli Sent: Sunday, November 23, 2014 1:21 PM To: mark.ti...@seacom.mu; nanog@nanog.org Subject: Re: Multi-homing with multiple ASNs On 11/21/14 1:07 AM, Mark Tinka wrote: On Friday, November 21, 2014 12:00:47 AM Curtis L. Parish wrote: We have recently added a second ISP (third if you count I2). Our first ISP is actually a private state network that peers with two Tier 1 providers. We own an AS number and our IP space but at the last minute learned our state network is advertising our network using two different ASNs (neither ours) so they can load balance their connections.If you hit the right looking glass server you can see our network advertised by three different ASNs.We were told by the new ISP that this is a problem but the state network says it is not. Looking for opinions and words of wisdom on this split advertising issue. Why aren't you originating your own prefixes and ASN by yourselves, since you own both? The practical problem here is that the control of prefix origination is distributed. so if there is a need to withdraw it from the state network or advertise it no export for some reason (e.g. performance problem maintenance etc) you likely can't. Their grasp of load-balancing seems a bit shallow also. Mark.
Re: Craigslist hacked?
Well, NetSol? Is it just me or they came up a few times lately (past year) in high profil case of DNS Hijacking? On 11/23/14 23:06, Mehmet Akcin wrote: yes it's been hijacked thru registrar level and someone was able to change name servers, now it's back to normal but you will need to clear your caches and perhaps your ISP too. (if you are using 8.8.8.8 , they have already cleared the caches) Sponsoring Registrar:Network Solutions, LLC (R63-LROR) seems to be registrar, would be fun to read the post-mortem. On Sun, Nov 23, 2014 at 7:48 PM, Brian Artschwager br...@artschwager.com wrote: Same here, New Jersey. On Sun, Nov 23, 2014 at 10:43 PM, aUser au...@mind.net wrote: I can't reach my local one or the Fresno one. Server unreachable. Sent from my iPhone 5S. On Nov 23, 2014, at 7:41 PM, Brian Henson marin...@gmail.com wrote: Is anyone else seeing their local craigslist redirected to another site other than craigslist? I see it loading http://digitalgangster.com/5um . -- -- Brian
Re: Craigslist hacked?
On 11/24/2014 08:41 AM, Alain Hebert wrote: Well, NetSol? Is it just me or they came up a few times lately (past year) in high profil case of DNS Hijacking? Someone was kind enough to break into one of my domains at Register.com -- and to their credit Register.com detected the intrusion and reported it to me so I could go fix the problem. Perp added DNS records to my zone file, which I deleted, and reported the incident to the owner of the IP address. Yes, I changed the passwords.
Re: Multi-homing with multiple ASNs
On 11/23/2014 11:20 AM, joel jaeggli wrote: Their grasp of load-balancing seems a bit shallow also. Are there discussion/guidance papers that one can point to, to improve the depth of understanding, or at least get better configuration choices? (Those are independent points of improvement...) d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
eBGP Graceful-Restart and GR Helper Mode with external networks.
Is there a BCOP (or substantiated opinion) for negotiating eBGP Graceful-Restart and Graceful-Restart Helper-Mode with external networks? Implementation looks varied across a few larger transit providers, and in some cases implemented inconsistently within the same provider. Seeing most IX peers with GR disabled, although I don't see they've disabled GR Helper Mode. Apparently, Junos (12.3, at least) doesn't offer disabling GR Helper Mode for BGP. Thanks.
Re: eBGP Graceful-Restart and GR Helper Mode with external networks.
On Monday, November 24, 2014 10:08:11 PM Chris Costa wrote: Is there a BCOP (or substantiated opinion) for negotiating eBGP Graceful-Restart and Graceful-Restart Helper-Mode with external networks? Implementation looks varied across a few larger transit providers, and in some cases implemented inconsistently within the same provider. Seeing most IX peers with GR disabled, although I don't see they've disabled GR Helper Mode. Apparently, Junos (12.3, at least) doesn't offer disabling GR Helper Mode for BGP. We generally disable GR on eBGP sessions because different peers (be they customers, upstreams or peers) have different hardware/software that could make this tricky. Internally, we run NSR on boxes with dual control planes. This is recent, as several of your garden-variety (and exotic) service provider network protocols and services are now reasonably supported that it makes sense to migrate from GR to NSR. We don't generally run GR on boxes with single control planes, as there could be operational impact when BFD is involved under some circumstances. That said, GR Helper mode tends to always be available even when GR is not enabled. Mark. signature.asc Description: This is a digitally signed message part.
Re: Craigslist hacked?
I hate to say this, But I think that Network Operators have not see the last of of this DNS Hijacking. Craigslist might have been a test to see how far they could get and how long it would take for it to be discovered. I hope the FBI and the other Federal agencies out there are involved with Craigslist to determine how this happened and put in safeguards in place to help prevent this from happening again. -Mike Michael T. Voity Network Engineer University of Vermont On 11/24/2014 11:52 AM, Stephen Satchell wrote: On 11/24/2014 08:41 AM, Alain Hebert wrote: Well, NetSol? Is it just me or they came up a few times lately (past year) in high profil case of DNS Hijacking? Someone was kind enough to break into one of my domains at Register.com -- and to their credit Register.com detected the intrusion and reported it to me so I could go fix the problem. Perp added DNS records to my zone file, which I deleted, and reported the incident to the owner of the IP address. Yes, I changed the passwords.
Re: Craigslist hacked?
It still seems broken in some areas. Mail is bouncing from Hotmail to craigslist. On Mon, Nov 24, 2014 at 5:08 PM, Michael T. Voity mvo...@uvm.edu wrote: I hate to say this, But I think that Network Operators have not see the last of of this DNS Hijacking. Craigslist might have been a test to see how far they could get and how long it would take for it to be discovered. I hope the FBI and the other Federal agencies out there are involved with Craigslist to determine how this happened and put in safeguards in place to help prevent this from happening again. -Mike Michael T. Voity Network Engineer University of Vermont On 11/24/2014 11:52 AM, Stephen Satchell wrote: On 11/24/2014 08:41 AM, Alain Hebert wrote: Well, NetSol? Is it just me or they came up a few times lately (past year) in high profil case of DNS Hijacking? Someone was kind enough to break into one of my domains at Register.com -- and to their credit Register.com detected the intrusion and reported it to me so I could go fix the problem. Perp added DNS records to my zone file, which I deleted, and reported the incident to the owner of the IP address. Yes, I changed the passwords.
Re: Craigslist hacked?
On 11/24/14, 5:08 PM, Michael T. Voity mvo...@uvm.edu wrote: I hate to say this, But I think that Network Operators have not see the last of of this DNS Hijacking. Craigslist might have been a test to see how far they could get and how long it would take for it to be discovered. I hope the FBI and the other Federal agencies out there are involved with Craigslist to determine how this happened and put in safeguards in place to help prevent this from happening again. -Mike Michael T. Voity Network Engineer University of Vermont Anyone heard from Eugene Kashpureff lately? Hello 1996. :)
It's 7pm. Do you know where *your* domains are? (was Re: Craigslist hacked?)
In light of the CL domain hijacking, it seems like a good time to ask if everyone has an inventory system that keeps track of all the details (including renewal dates) for their domain registy and SSL certificate accounts. If you use a tool to keep track of this, which one? Do you have things set up in your monitoring system to watch for changes in this stuff? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Craigslist hacked?
He didn't hack the registry, he hijacked its records. And this is far from the first time a registry account was hacked. But, yeah, *still* not secure enough. George William Herbert Sent from my iPhone On Nov 24, 2014, at 2:17 PM, Randy Epstein na...@hostleasing.net wrote: On 11/24/14, 5:08 PM, Michael T. Voity mvo...@uvm.edu wrote: I hate to say this, But I think that Network Operators have not see the last of of this DNS Hijacking. Craigslist might have been a test to see how far they could get and how long it would take for it to be discovered. I hope the FBI and the other Federal agencies out there are involved with Craigslist to determine how this happened and put in safeguards in place to help prevent this from happening again. -Mike Michael T. Voity Network Engineer University of Vermont Anyone heard from Eugene Kashpureff lately? Hello 1996. :)
Re: It's 7pm. Do you know where *your* domains are? (was Re: Craigslist hacked?)
Xymon has a built in test to check SSL cert expiration. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Nov 24, 2014 7:14 PM, Jay Ashworth j...@baylink.com wrote: In light of the CL domain hijacking, it seems like a good time to ask if everyone has an inventory system that keeps track of all the details (including renewal dates) for their domain registy and SSL certificate accounts. If you use a tool to keep track of this, which one? Do you have things set up in your monitoring system to watch for changes in this stuff? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Craigslist hacked?
On 11/24/14, 7:16 PM, George Herbert george.herb...@gmail.com wrote: He didn't hack the registry, he hijacked its records. And this is far from the first time a registry account was hacked. But, yeah, *still* not secure enough. Actually, he didn’t hack its records either. He exploited a bug in BIND. George William Herbert Sent from my iPhone On Nov 24, 2014, at 2:17 PM, Randy Epstein na...@hostleasing.net wrote: On 11/24/14, 5:08 PM, Michael T. Voity mvo...@uvm.edu wrote: I hate to say this, But I think that Network Operators have not see the last of of this DNS Hijacking. Craigslist might have been a test to see how far they could get and how long it would take for it to be discovered. I hope the FBI and the other Federal agencies out there are involved with Craigslist to determine how this happened and put in safeguards in place to help prevent this from happening again. -Mike Michael T. Voity Network Engineer University of Vermont Anyone heard from Eugene Kashpureff lately? Hello 1996. :)
Re: Craigslist hacked?
And that was July 1997 not 96, though that does nothing to make me feel younger ... George William Herbert Sent from my iPhone On Nov 24, 2014, at 4:16 PM, George Herbert george.herb...@gmail.com wrote: He didn't hack the registry, he hijacked its records. And this is far from the first time a registry account was hacked. But, yeah, *still* not secure enough. George William Herbert Sent from my iPhone On Nov 24, 2014, at 2:17 PM, Randy Epstein na...@hostleasing.net wrote: On 11/24/14, 5:08 PM, Michael T. Voity mvo...@uvm.edu wrote: I hate to say this, But I think that Network Operators have not see the last of of this DNS Hijacking. Craigslist might have been a test to see how far they could get and how long it would take for it to be discovered. I hope the FBI and the other Federal agencies out there are involved with Craigslist to determine how this happened and put in safeguards in place to help prevent this from happening again. -Mike Michael T. Voity Network Engineer University of Vermont Anyone heard from Eugene Kashpureff lately? Hello 1996. :)
Re: It's 7pm. Do you know where *your* domains are? (was Re: Craigslist hacked?)
Jay Ashworth wrote: In light of the CL domain hijacking, it seems like a good time to ask if everyone has an inventory system that keeps track of all the details (including renewal dates) for their domain registy and SSL certificate accounts. If you use a tool to keep track of this, which one? Do you have things set up in your monitoring system to watch for changes in this stuff? And a registrar that has an API compatible with the tool! Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra
Re: Craigslist hacked?
On 11/24/14, 7:18 PM, George Herbert george.herb...@gmail.com wrote: And that was July 1997 not 96, though that does nothing to make me feel younger ... http://archive.wired.com/politics/law/news/1997/07/5325 Yep. He did it to one of my domains (besides internic.net). George William Herbert Sent from my iPhone On Nov 24, 2014, at 4:16 PM, George Herbert george.herb...@gmail.com wrote: He didn't hack the registry, he hijacked its records. And this is far from the first time a registry account was hacked. But, yeah, *still* not secure enough. George William Herbert Sent from my iPhone On Nov 24, 2014, at 2:17 PM, Randy Epstein na...@hostleasing.net wrote: On 11/24/14, 5:08 PM, Michael T. Voity mvo...@uvm.edu wrote: I hate to say this, But I think that Network Operators have not see the last of of this DNS Hijacking. Craigslist might have been a test to see how far they could get and how long it would take for it to be discovered. I hope the FBI and the other Federal agencies out there are involved with Craigslist to determine how this happened and put in safeguards in place to help prevent this from happening again. -Mike Michael T. Voity Network Engineer University of Vermont Anyone heard from Eugene Kashpureff lately? Hello 1996. :)
Re: Craigslist hacked?
On Nov 24, 2014, at 4:18 PM, Randy Epstein na...@hostleasing.net wrote: Actually, he didn’t hack its records either. He exploited a bug in BIND. ...returned a legit response plus a tacked-on glue record for www.internic.net anytime you queried his nameserver, which he tricked people into doing with mixtures of sending you mail, hitting open DNS servers with queries for his domain, and another thing I still don't want to talk about. Paul was more widely quoted and knew his BIND vulnerability better; he can always out-pedant me on this one. I did get a few press quotes, though. Your fu is weak, Randyhopper. Train harder! ;-) George William Herbert Sent from my iPhone
Re: Craigslist hacked?
In message d09934e0.be620%na...@hostleasing.net, Randy Epstein writes: On 11/24/14, 7:16 PM, George Herbert george.herb...@gmail.com wrote: He didn't hack the registry, he hijacked its records. And this is far from the first time a registry account was hacked. But, yeah, *still* not secure enough. Actually, he didnât hack its records either. He exploited a bug in BIND. And your evidence for that is what? Feel free to send to security-offi...@isc.org. Mark George William Herbert Sent from my iPhone On Nov 24, 2014, at 2:17 PM, Randy Epstein na...@hostleasing.net wrote: On 11/24/14, 5:08 PM, Michael T. Voity mvo...@uvm.edu wrote: I hate to say this, But I think that Network Operators have not see the last of of this DNS Hijacking. Craigslist might have been a test to see how far they could get and how long it would take for it to be discovered. I hope the FBI and the other Federal agencies out there are involved with Craigslist to determine how this happened and put in safeguards in place to help prevent this from happening again. -Mike Michael T. Voity Network Engineer University of Vermont Anyone heard from Eugene Kashpureff lately? Hello 1996. :) -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: It's 7pm. Do you know where *your* domains are? (was Re: Craigslist hacked?)
It's pretty easy to roll out a Nagios box that checks on your domains, NS results and SSL status. On Mon, Nov 24, 2014 at 4:20 PM, Miles Fidelman mfidel...@meetinghouse.net wrote: Jay Ashworth wrote: In light of the CL domain hijacking, it seems like a good time to ask if everyone has an inventory system that keeps track of all the details (including renewal dates) for their domain registy and SSL certificate accounts. If you use a tool to keep track of this, which one? Do you have things set up in your monitoring system to watch for changes in this stuff? And a registrar that has an API compatible with the tool! Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: Craigslist hacked?
On 11/24/14, 7:51 PM, Mark Andrews ma...@isc.org wrote: In message d09934e0.be620%na...@hostleasing.net, Randy Epstein writes: On 11/24/14, 7:16 PM, George Herbert george.herb...@gmail.com wrote: He didn't hack the registry, he hijacked its records. And this is far from the first time a registry account was hacked. But, yeah, *still* not secure enough. Actually, he didnâ•˙t hack its records either. He exploited a bug in BIND. And your evidence for that is what? Feel free to send to security-offi...@isc.org. Mark I could be wrong. This is what was reported by a few back in 1997. If not true, so be it. I have no further details from something that occurred 17 years ago. George William Herbert Sent from my iPhone On Nov 24, 2014, at 2:17 PM, Randy Epstein na...@hostleasing.net wrote: On 11/24/14, 5:08 PM, Michael T. Voity mvo...@uvm.edu wrote: I hate to say this, But I think that Network Operators have not see the last of of this DNS Hijacking. Craigslist might have been a test to see how far they could get and how long it would take for it to be discovered. I hope the FBI and the other Federal agencies out there are involved with Craigslist to determine how this happened and put in safeguards in place to help prevent this from happening again. -Mike Michael T. Voity Network Engineer University of Vermont Anyone heard from Eugene Kashpureff lately? Hello 1996. :) -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: Craigslist hacked?
In message fdf98a3e-6bdc-4d85-8826-b3b8dc6ec...@gmail.com, George Herbert writes: On Nov 24, 2014, at 4:18 PM, Randy Epstein na...@hostleasing.net wrote: Actually, he didnât hack its records either. He exploited a bug in BIND. ...returned a legit response plus a tacked-on glue record for www.internic.net anytime you queried his nameserver, which he tricked people into doing with mixtures of sending you mail, hitting open DNS servers with queries for his domain, and another thing I still don't want to talk about. Paul was more widely quoted and knew his BIND vulnerability better; he can always out-pedant me on this one. More a protocol bug which lead to DNSSEC, which allows you to accept a answer from anywhere so long as it is signed and validates as secure, which most of you have yet to deploy. I did get a few press quotes, though. Your fu is weak, Randyhopper. Train harder! ;-) George William Herbert Sent from my iPhone -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: Craigslist hacked?
In message 20141125005124.0c4bf243a...@rock.dv.isc.org, Mark Andrews writes: In message d09934e0.be620%na...@hostleasing.net, Randy Epstein writes: On 11/24/14, 7:16 PM, George Herbert george.herb...@gmail.com wrote: He didn't hack the registry, he hijacked its records. And this is far from the first time a registry account was hacked. But, yeah, *still* not secure enough. Actually, he didnât hack its records either. He exploited a bug in BIND. Ignore. Lost track of context. Mark And your evidence for that is what? Feel free to send to security-offi...@isc.org. Mark George William Herbert Sent from my iPhone On Nov 24, 2014, at 2:17 PM, Randy Epstein na...@hostleasing.net wrote: On 11/24/14, 5:08 PM, Michael T. Voity mvo...@uvm.edu wrote: I hate to say this, But I think that Network Operators have not see the last of of this DNS Hijacking. Craigslist might have been a test to see how far they could get and how long it would take for it to be discovered. I hope the FBI and the other Federal agencies out there are involved with Craigslist to determine how this happened and put in safeguards in place to help prevent this from happening again. -Mike Michael T. Voity Network Engineer University of Vermont Anyone heard from Eugene Kashpureff lately? Hello 1996. :) -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org