Re: Peering BOF/Peering social @NANOG69?

[John Kemp]

I would like to see the session continue in some form.
Social was close to good.

The peering presentations weren't as useful to me personally.
They sometimes made the time for actual peering conversations
too short.

The extra food and drinks were not important to me personally.

...

Perhaps an "extended break" 45 minutes, with typical
break food, and no presentations.  Or if you want, a *silent*
rolling slide show on a screen, with 1-slide per submitter,
for peering news items or general peering requests...

Cheaper... quieter... shorter...  But having all the people
in the same room at the same time for the same purpose, usually
pretty useful.

2 cents,
John Kemp


On 2/6/17 9:17 PM, Dave Temkin wrote:
> Hi Bob,
> 
> This was inadvertent and we will bring this back for NANOG 70.
> 
> Regards,
> 
> -Dave
> 
> On Feb 6, 2017, 6:58 PM -0500, Bob Evans , 
> wrote:
>> I suggest in the future NOT to get rid of something because a new method
>> is attempted. I.E nanog had a nice method of identifying potential and
>> existing peers with a simple green dot at registration to indicate an
>> individual was involved with BGP in their company. That went away and
>> today there is nothing. Cost of implementation was less than 5 dollars at
>> any office supply retailer.
>>
>> Just a thought.
>>
>> Thank You
>> Bob Evans
>> CTO
>>
>>
>>
>>
>>> The Peering Personals has been shelved while we try to figure out a better
>>> option.
>>>
>>> There was no peering content submitted to the Program Committee that
>>> justified a separate track, and so they chose to include the content in
>>> the general session throughout the program.
>>>
>>> Regards,
>>>
>>> -Dave
>>>
>>> On Feb 6, 2017, 8:12 AM -0500, Matthew Petach ,
>>> wrote:
 I'm squinting at the Guidebook for NANOG69,
 and I don't seem to see any peering BOF or
 peering social this time around. Am I being
 blind again, and it's on the agenda somewhere
 but I'm just overlooking it?
 Pointers in the right direction would be appreciated.

 Thanks! :)

 Matt
>>>
>>
>>

Re: IoT security

[William Herrin]

On Mon, Feb 6, 2017 at 7:14 PM, joel jaeggli  wrote:
> On 2/6/17 2:31 PM, William Herrin wrote:
>> This afternoon's panel about IoT's lack of security got me thinking...

Hi Joel,

For clarification I was referring to this:

http://nanog.org/meetings/abstract?id=3051

The long and short of the panel was: as an industry (device vendors
and service providers both) it behooves us to voluntarily get on top
of the IoT security problem before some catastrophic event requires
the government to dictate the precise manner in which we will get on
top of the problem.


>> What about some kind of requirement or convention that upon boot and
>> successful attachment to the network (and maybe once a month
>> thereafter), any IoT device must _by default_ emit a UDP packet to an
>> anycast address reserved for the purpose which identifies the device
>> model and software build.

> self identification is privacy hostile and tantamount to indicating a
> willingness to be subverted (this is why we disable lldp on external
> interfaces) even if it would otherwise be rather useful. the use of
> modified eui64 addresses as part of v6 address selection hash basically
> gone away for similar reasons.

I'm not sure how we get on top of the problem without offering an
effective network kill switch to the nearest security-competent
person. I think I'd prefer a user-disableable kill-switch used on a
single piece of equipment to a kill switch for my entire Internet
connection.

The IPv6 SLAAC address suffers a rather worse case of the privacy
problem since it allows the entire Internet to track your hardware,
not just your local ISP.

In any case, I thought "how do we fix this long term" could stand
discussion on the list. Because yes, the IoT device vendors mostly
produce trash and if (to borrow a phrase) it saves them a buck at
retail they will keep producing trash. But we're the ones letting that
trash cause nation-scale problems and when the regulatory hammer
crashes down it's gonna hit us all.


On Mon, Feb 6, 2017 at 7:10 PM, Michael Thomas  wrote:
> Uh, yuck at many levels. Do you leak your cisco ios versions to the
> internet?

Hi Michael,

I'm not aware of any Cisco IOS devices that qualify as IoT. Some
lighter weight Cisco gear, yes. And no, I do not want to broadcast my
information. But I'm professional who customizes my gear when I plug
it in. I don't run with the defaults.


> Do you really want the responsibility for the remote kill switch for IoT S
> gear?

I already have the kill switch for the customer's entire S transit
link. I'd prefer to also have a smaller hammer whose use won't net me
a furious call from Sales.


> And of course, you're depending on rfc 3514, right?

Nope. I'll decide what's evil and what's not (more likely I'll pay a
service to provide me a regularly updated database) and I depend only
on a high enough percentage of the devices offering themselves up for
that decision that it becomes impractical to construct another Mirai.

Regards,
Bill Herrin



-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Owner, Dirtside Systems . Web: 

Re: Peering BOF/Peering social @NANOG69?

[Dave Temkin]

Hi Bob,

This was inadvertent and we will bring this back for NANOG 70.

Regards,

-Dave

On Feb 6, 2017, 6:58 PM -0500, Bob Evans , wrote:
> I suggest in the future NOT to get rid of something because a new method
> is attempted. I.E nanog had a nice method of identifying potential and
> existing peers with a simple green dot at registration to indicate an
> individual was involved with BGP in their company. That went away and
> today there is nothing. Cost of implementation was less than 5 dollars at
> any office supply retailer.
>
> Just a thought.
>
> Thank You
> Bob Evans
> CTO
>
>
>
>
> > The Peering Personals has been shelved while we try to figure out a better
> > option.
> >
> > There was no peering content submitted to the Program Committee that
> > justified a separate track, and so they chose to include the content in
> > the general session throughout the program.
> >
> > Regards,
> >
> > -Dave
> >
> > On Feb 6, 2017, 8:12 AM -0500, Matthew Petach ,
> > wrote:
> > > I'm squinting at the Guidebook for NANOG69,
> > > and I don't seem to see any peering BOF or
> > > peering social this time around. Am I being
> > > blind again, and it's on the agenda somewhere
> > > but I'm just overlooking it?
> > > Pointers in the right direction would be appreciated.
> > >
> > > Thanks! :)
> > >
> > > Matt
> >
>
>

Re: ticketmaster.com 403 Forbidden

[joel jaeggli]

On 2/6/17 8:49 AM, Suresh Ramasubramanian wrote:
> My guess is you have or had sometime in the long distant past a scalper 
> operating on your network, using automated ticket purchase bots.
>
> If you still have that scalper around, you might want to turf him.  If he’s 
> ancient history, saying so might induce them to remove the block.
Note that scalper bots benefit from pools of residential ip addresses to
work with in subverting the anti-bot countermeasures of ticket sale
platforms. so there are the legitimate possibility that subverted hosts
are being used for that sort of thing.
> --srs
>
> On 06/02/17, 8:45 AM, "nanog-boun...@nanog.org on behalf of 
> mike.l...@gmail.com"  mike.l...@gmail.com> wrote:
>
> Yup, i have a /22 that has the same problem. Support is useless...
> 
> > On Feb 6, 2017, at 08:35, Ethan E. Dee  wrote:
> > 
> > It gives me a Forbidden error.
> > It has for over a year.
> > There support says they are not allowed to me why by their policy.
> > it is across an entire /19.
> > I gave up after the fifth time and encourage the customers to call them 
> individually.
> > 
> >> On 02/06/2017 11:09 AM, Niels Bakker wrote:
> >> * charles.man...@charter.com (Manser, Charles J) [Mon 06 Feb 2017, 
> 16:21 CET]:
> >>> It seems that browsing to ticketmaster.com or any of the associated 
> IP addresses results in a 403 Forbidden for our customers today. Is anyone 
> else having this issue?
> >> 
> >> 
> http://help.ticketmaster.com/why-am-i-getting-a-blocked-forbidden-or-403-error-message/
>  
> >> 
> >> 
> >>-- Niels.
> > 
> 
>
>
>




signature.asc
Description: OpenPGP digital signature

Re: IoT security

[joel jaeggli]

On 2/6/17 2:31 PM, William Herrin wrote:
> This afternoon's panel about IoT's lack of security got me thinking...
>
>
> On the issue of ISPs unable to act on insecure devices because they
> can't detect the devices until they're compromised and then only have
> the largest hammer (full account ban) to act...
>
> What about some kind of requirement or convention that upon boot and
> successful attachment to the network (and maybe once a month
> thereafter), any IoT device must _by default_ emit a UDP packet to an
> anycast address reserved for the purpose which identifies the device
> model and software build. The ISP can capture traffic to that anycast
> address, compare the data against a list of devices known to be
> defective and, if desired, respond with a fail message. If the IoT
> device receives the fail message, it must try to report the problem to
> its owner and remove its default route so that it can only communicate
> on the local lan.  The user can override the fail and if desired
> configure the device not to emit the init messages at all. But by
> default the ISP is allowed to disable the device by responding to the
> init message.
self identification is privacy hostile and tantamount to indicating a
willingness to be subverted (this is why we disable lldp on external
interfaces) even if it would otherwise be rather useful. the use of
modified eui64 addresses as part of v6 address selection hash basically
gone away for similar reasons.
> Would have to cryptographically sign the fail message and let the
> device query the signer's reputation or something like that to avoid
> the obvious security issue. Obvious privacy issues to consider.
> Anyway, throwing it out there as a potential discussion starting
> point.
>




signature.asc
Description: OpenPGP digital signature

Re: IoT security

[Michael Thomas]

On 2/6/17 2:31 PM, William Herrin wrote:

This afternoon's panel about IoT's lack of security got me thinking...


On the issue of ISPs unable to act on insecure devices because they
can't detect the devices until they're compromised and then only have
the largest hammer (full account ban) to act...

What about some kind of requirement or convention that upon boot and
successful attachment to the network (and maybe once a month
thereafter), any IoT device must _by default_ emit a UDP packet to an
anycast address reserved for the purpose which identifies the device
model and software build. The ISP can capture traffic to that anycast
address, compare the data against a list of devices known to be
defective and, if desired, respond with a fail message. If the IoT
device receives the fail message, it must try to report the problem to
its owner and remove its default route so that it can only communicate
on the local lan.  The user can override the fail and if desired
configure the device not to emit the init messages at all. But by
default the ISP is allowed to disable the device by responding to the
init message.


Uh, yuck at many levels. Do you leak your cisco ios versions to the 
internet?


Do you really want the responsibility for the remote kill switch for IoT 
S gear?


And of course, you're depending on rfc 3514, right?

Mike

Re: Peering BOF/Peering social @NANOG69?

[Bob Evans]

I suggest in the future NOT to get rid of something because a new method
is attempted. I.E nanog had a nice method of identifying potential and
existing peers with a simple green dot at registration to indicate an
individual was involved with BGP in their company. That went away and
today there is nothing. Cost of implementation was less than 5 dollars at
any office supply retailer.

Just a thought.

Thank You
Bob Evans
CTO




> The Peering Personals has been shelved while we try to figure out a better
> option.
>
> There was no peering content submitted to the Program Committee that
> justified a separate track, and so they chose to include the content in
> the general session throughout the program.
>
> Regards,
>
> -Dave
>
> On Feb 6, 2017, 8:12 AM -0500, Matthew Petach ,
> wrote:
>> I'm squinting at the Guidebook for NANOG69,
>> and I don't seem to see any peering BOF or
>> peering social this time around. Am I being
>> blind again, and it's on the agenda somewhere
>> but I'm just overlooking it?
>> Pointers in the right direction would be appreciated.
>>
>> Thanks! :)
>>
>> Matt
>

Technical contact at Yahoo

[Joel Pinnow]

Sorry for the added noise, but I need to reach out to a technical contact
at Yahoo regarding incorrect geolocation on a /24 block. I've had no luck
getting in contact with anyone via WHOIS or other contact info.

Can someone from Yahoo please private email me at: jpin...@xipe.net

Thanks,
Joel

Re: Peering BOF/Peering social @NANOG69?

[Mehmet Akcin]

Someone will need to volunteer and organize this track just like others. It
has been challenging to find content. Topic can be contraversial and of
course people might not want to always speak as open as they should in
order to make the time useful.

I have really liked peering bof personally from many years ago where it
provided a great platform to speak. I will volunteer to organize peering
bof in nanog 70 and present it to PC's consideration as it seems some folks
want to see that back including myself

Mehmet


On Mon, Feb 6, 2017 at 6:14 PM Jay Hanke  wrote:

> The peering social at previous NANOG meetings has been excellent and
> very useful. As you mentioned, the peering personals are perhaps not
> as valuable. It would be great to see the social portion come back in
> some form.
>
> Jay
>
> On Mon, Feb 6, 2017 at 4:06 PM, Dave Temkin  wrote:
> > The Peering Personals has been shelved while we try to figure out a
> better option.
> >
> > There was no peering content submitted to the Program Committee that
> justified a separate track, and so they chose to include the content in the
> general session throughout the program.
> >
> > Regards,
> >
> > -Dave
> >
> > On Feb 6, 2017, 8:12 AM -0500, Matthew Petach ,
> wrote:
> >> I'm squinting at the Guidebook for NANOG69,
> >> and I don't seem to see any peering BOF or
> >> peering social this time around. Am I being
> >> blind again, and it's on the agenda somewhere
> >> but I'm just overlooking it?
> >> Pointers in the right direction would be appreciated.
> >>
> >> Thanks! :)
> >>
> >> Matt
>

Re: Peering BOF/Peering social @NANOG69?

[Jay Hanke]

The peering social at previous NANOG meetings has been excellent and
very useful. As you mentioned, the peering personals are perhaps not
as valuable. It would be great to see the social portion come back in
some form.

Jay

On Mon, Feb 6, 2017 at 4:06 PM, Dave Temkin  wrote:
> The Peering Personals has been shelved while we try to figure out a better 
> option.
>
> There was no peering content submitted to the Program Committee that 
> justified a separate track, and so they chose to include the content in the 
> general session throughout the program.
>
> Regards,
>
> -Dave
>
> On Feb 6, 2017, 8:12 AM -0500, Matthew Petach , wrote:
>> I'm squinting at the Guidebook for NANOG69,
>> and I don't seem to see any peering BOF or
>> peering social this time around. Am I being
>> blind again, and it's on the agenda somewhere
>> but I'm just overlooking it?
>> Pointers in the right direction would be appreciated.
>>
>> Thanks! :)
>>
>> Matt

IoT security

[William Herrin]

This afternoon's panel about IoT's lack of security got me thinking...


On the issue of ISPs unable to act on insecure devices because they
can't detect the devices until they're compromised and then only have
the largest hammer (full account ban) to act...

What about some kind of requirement or convention that upon boot and
successful attachment to the network (and maybe once a month
thereafter), any IoT device must _by default_ emit a UDP packet to an
anycast address reserved for the purpose which identifies the device
model and software build. The ISP can capture traffic to that anycast
address, compare the data against a list of devices known to be
defective and, if desired, respond with a fail message. If the IoT
device receives the fail message, it must try to report the problem to
its owner and remove its default route so that it can only communicate
on the local lan.  The user can override the fail and if desired
configure the device not to emit the init messages at all. But by
default the ISP is allowed to disable the device by responding to the
init message.

Would have to cryptographically sign the fail message and let the
device query the signer's reputation or something like that to avoid
the obvious security issue. Obvious privacy issues to consider.
Anyway, throwing it out there as a potential discussion starting
point.



The presentation on bandwidth policers...

Seems like we could use some form of ICMP message similar to
destination unreachable that provides some kind of arbitrary string
plus the initial part of the dropped packet. One of the potential
strings would be an explicit notice to the sender that packets were
dropped and the bandwidth available.

Yes, we already have ECN, but ECN tells the receiver about congestion,
not the sender. More to the point, ECN can only be flagged on packets
that are passed, not the packets that are dropped, so the policer
would have to be complicated enough to note on the next packet that
the prior packet was dropped. Also, ECN only advises that you're close
to the limit not any information about the policer's target limit.

This thought is not fully baked. Throwing it out for conversation purposes.

Regards,
Bill Herrin



-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Owner, Dirtside Systems . Web: 

Re: ticketmaster.com 403 Forbidden

[Rich Kulawiec]

On Mon, Feb 06, 2017 at 12:39:44PM -0500, Ken Chase wrote:
> Seems to me this random prefix-based blocking by major sites, 
> then let's-use-nanog-to-fix-it, is not a great methodology.

You're correct.  It's not.

> What more 'official' and formalized mechanisms can we use?

RFC 2142 stipulates role addresses for a variety of functions, many of
which were in common use and some of which were considered best practices
even before they were formalized 20 years ago.  A *lot* of the traffic
here (and on other mailing lists) winds up here (and on other mailing lists)
because some incompetent/negligent operations don't support those.

---rsk

Re: Peering BOF/Peering social @NANOG69?

[Dave Temkin]

The Peering Personals has been shelved while we try to figure out a better 
option.

There was no peering content submitted to the Program Committee that justified 
a separate track, and so they chose to include the content in the general 
session throughout the program.

Regards,

-Dave

On Feb 6, 2017, 8:12 AM -0500, Matthew Petach , wrote:
> I'm squinting at the Guidebook for NANOG69,
> and I don't seem to see any peering BOF or
> peering social this time around. Am I being
> blind again, and it's on the agenda somewhere
> but I'm just overlooking it?
> Pointers in the right direction would be appreciated.
>
> Thanks! :)
>
> Matt

Brainstorming acceptance issues - WAN impediment

[Kasper Adel]

Hi,

I am in the process of testing an 'automation/sdn' kind of controller, it
will be managing configuration on our routers and also deploying some VNFs
too.

Before accepting it, i'd like to perform some testing, to make sure of the
behavior if there are network issues between the controller and the devices
(routers or servers), during creation of services.

>From the top of my head, I can think of the basic tests like introducing
jitter and delay but i would appreciate more ideas or even test cases that
i can re-use.

Thanks

Re: ticketmaster.com 403 Forbidden

[Ken Chase]

Seems to me this random prefix-based blocking by major sites, 
then let's-use-nanog-to-fix-it, is not a great methodology.

I block whole /18s and such to deal with .cn/.ru botnets too, but luckily my
cxs' cxs are mostly North American, few complaints yet. Sledgehammer style -
indelicate.

Is there a better method other than us sheep bleating helplessly at behemoths
who might not even have a presence on Nanog-l? 

This sledgehammer blacklisting results in a filter where smaller than /16
doesnt get addressed due to time cost of dealing with fewer revenue-generating
eyeballs per ticket.

Result: big ISPs win though sieve effect.

Google has adopted a 'blacklist for a while' policy with their spam control,
which mostly works but can leave you in the dark as to why you're continually
relisted for no obvious reason - no humans out there to help directly, so it's
back to bleating on nanog by Nate and friends.

What more 'official' and formalized mechanisms can we use?

/kc


On Mon, Feb 06, 2017 at 12:19:00PM -0500, Ethan E. Dee said:
  >So their policy says, if an ISP has one scalper, we'll block their entire
  >subnet and not tell them why?

-- 
Ken Chase - m...@sizone.org Guelph Canada

Re: ticketmaster.com 403 Forbidden

[Ethan E. Dee]

I'm interested to see if any one has beat this.

On 02/06/2017 12:22 PM, Ken Matlock wrote:
Honestly, I'm surprised they don't try and charge a 'convenience fee' 
while implementing the block! ;-)


Ken

On Mon, Feb 6, 2017 at 10:19 AM, Ethan E. Dee > wrote:


So their policy says, if an ISP has one scalper, we'll block their
entire subnet and not tell them why?



On 02/06/2017 11:49 AM, Suresh Ramasubramanian wrote:

My guess is you have or had sometime in the long distant past
a scalper operating on your network, using automated ticket
purchase bots.

If you still have that scalper around, you might want to turf
him.  If he’s ancient history, saying so might induce them to
remove the block.

--srs

On 06/02/17, 8:45 AM, "nanog-boun...@nanog.org
 on behalf of
mike.l...@gmail.com "
 on
behalf of mike.l...@gmail.com > wrote:

 Yup, i have a /22 that has the same problem. Support is
useless...
  > On Feb 6, 2017, at 08:35, Ethan E. Dee
> wrote:
 >
 > It gives me a Forbidden error.
 > It has for over a year.
 > There support says they are not allowed to me why by
their policy.
 > it is across an entire /19.
 > I gave up after the fifth time and encourage the
customers to call them individually.
 >
 >> On 02/06/2017 11:09 AM, Niels Bakker wrote:
 >> * charles.man...@charter.com
 (Manser, Charles J) [Mon
06 Feb 2017, 16:21 CET]:
 >>> It seems that browsing to ticketmaster.com
 or any of the associated IP
addresses results in a 403 Forbidden for our customers today.
Is anyone else having this issue?
 >>
 >>

http://help.ticketmaster.com/why-am-i-getting-a-blocked-forbidden-or-403-error-message/


 >>
 >>
 >>-- Niels.
 >

Re: ticketmaster.com 403 Forbidden

[Ken Matlock]

Honestly, I'm surprised they don't try and charge a 'convenience fee' while
implementing the block! ;-)

Ken

On Mon, Feb 6, 2017 at 10:19 AM, Ethan E. Dee  wrote:

> So their policy says, if an ISP has one scalper, we'll block their entire
> subnet and not tell them why?
>
>
>
> On 02/06/2017 11:49 AM, Suresh Ramasubramanian wrote:
>
>> My guess is you have or had sometime in the long distant past a scalper
>> operating on your network, using automated ticket purchase bots.
>>
>> If you still have that scalper around, you might want to turf him.  If
>> he’s ancient history, saying so might induce them to remove the block.
>>
>> --srs
>>
>> On 06/02/17, 8:45 AM, "nanog-boun...@nanog.org on behalf of
>> mike.l...@gmail.com" > mike.l...@gmail.com> wrote:
>>
>>  Yup, i have a /22 that has the same problem. Support is useless...
>>   > On Feb 6, 2017, at 08:35, Ethan E. Dee 
>> wrote:
>>  >
>>  > It gives me a Forbidden error.
>>  > It has for over a year.
>>  > There support says they are not allowed to me why by their policy.
>>  > it is across an entire /19.
>>  > I gave up after the fifth time and encourage the customers to call
>> them individually.
>>  >
>>  >> On 02/06/2017 11:09 AM, Niels Bakker wrote:
>>  >> * charles.man...@charter.com (Manser, Charles J) [Mon 06 Feb
>> 2017, 16:21 CET]:
>>  >>> It seems that browsing to ticketmaster.com or any of the
>> associated IP addresses results in a 403 Forbidden for our customers today.
>> Is anyone else having this issue?
>>  >>
>>  >> http://help.ticketmaster.com/why-am-i-getting-a-blocked-forb
>> idden-or-403-error-message/
>>  >>
>>  >>
>>  >>-- Niels.
>>  >
>>
>>
>>
>

Re: ticketmaster.com 403 Forbidden

[Ethan E. Dee]

So their policy says, if an ISP has one scalper, we'll block their 
entire subnet and not tell them why?



On 02/06/2017 11:49 AM, Suresh Ramasubramanian wrote:

My guess is you have or had sometime in the long distant past a scalper 
operating on your network, using automated ticket purchase bots.

If you still have that scalper around, you might want to turf him.  If he’s 
ancient history, saying so might induce them to remove the block.

--srs

On 06/02/17, 8:45 AM, "nanog-boun...@nanog.org on behalf of mike.l...@gmail.com" 
 wrote:

 Yup, i have a /22 that has the same problem. Support is useless...
 
 > On Feb 6, 2017, at 08:35, Ethan E. Dee  wrote:

 >
 > It gives me a Forbidden error.
 > It has for over a year.
 > There support says they are not allowed to me why by their policy.
 > it is across an entire /19.
 > I gave up after the fifth time and encourage the customers to call them 
individually.
 >
 >> On 02/06/2017 11:09 AM, Niels Bakker wrote:
 >> * charles.man...@charter.com (Manser, Charles J) [Mon 06 Feb 2017, 
16:21 CET]:
 >>> It seems that browsing to ticketmaster.com or any of the associated IP 
addresses results in a 403 Forbidden for our customers today. Is anyone else having this 
issue?
 >>
 >> 
http://help.ticketmaster.com/why-am-i-getting-a-blocked-forbidden-or-403-error-message/
 >>
 >>
 >>-- Niels.
 >
 

Re: ticketmaster.com 403 Forbidden

[Jon Meek]

Another way to get on their block list is to have a lot of users behind a
single NAT or proxy IP address. In my experience they blocked single IPs.
The first time it was easy to explain that there were 30,000 users behind
the single address and get the block cleared. After that it became more
difficult to get someone to listen. In one case I gave up because we were
about to make a data center change and the blocked address would no longer
be used.

However, I don't believe that the problem ever came back, maybe because we
had fewer users behind individual IP addresses, or because they finally
note that the netblocks were owned by $LARGE_CORPORATION.


On Mon, Feb 6, 2017 at 11:49 AM, Suresh Ramasubramanian  wrote:

> My guess is you have or had sometime in the long distant past a scalper
> operating on your network, using automated ticket purchase bots.
>
> If you still have that scalper around, you might want to turf him.  If
> he’s ancient history, saying so might induce them to remove the block.
>
> --srs
>
> On 06/02/17, 8:45 AM, "nanog-boun...@nanog.org on behalf of
> mike.l...@gmail.com"  mike.l...@gmail.com> wrote:
>
> Yup, i have a /22 that has the same problem. Support is useless...
>
> > On Feb 6, 2017, at 08:35, Ethan E. Dee 
> wrote:
> >
> > It gives me a Forbidden error.
> > It has for over a year.
> > There support says they are not allowed to me why by their policy.
> > it is across an entire /19.
> > I gave up after the fifth time and encourage the customers to call
> them individually.
> >
> >> On 02/06/2017 11:09 AM, Niels Bakker wrote:
> >> * charles.man...@charter.com (Manser, Charles J) [Mon 06 Feb 2017,
> 16:21 CET]:
> >>> It seems that browsing to ticketmaster.com or any of the
> associated IP addresses results in a 403 Forbidden for our customers today.
> Is anyone else having this issue?
> >>
> >> http://help.ticketmaster.com/why-am-i-getting-a-blocked-
> forbidden-or-403-error-message/
> >>
> >>
> >>-- Niels.
> >
>
>
>
>


-- 
Jon T. Meek, Ph.D.
 https://linkedin.com/in/meekjt
 https://meekj.github.io

Re: ticketmaster.com 403 Forbidden

[Suresh Ramasubramanian]

My guess is you have or had sometime in the long distant past a scalper 
operating on your network, using automated ticket purchase bots.

If you still have that scalper around, you might want to turf him.  If he’s 
ancient history, saying so might induce them to remove the block.

--srs

On 06/02/17, 8:45 AM, "nanog-boun...@nanog.org on behalf of 
mike.l...@gmail.com"  
wrote:

Yup, i have a /22 that has the same problem. Support is useless...

> On Feb 6, 2017, at 08:35, Ethan E. Dee  wrote:
> 
> It gives me a Forbidden error.
> It has for over a year.
> There support says they are not allowed to me why by their policy.
> it is across an entire /19.
> I gave up after the fifth time and encourage the customers to call them 
individually.
> 
>> On 02/06/2017 11:09 AM, Niels Bakker wrote:
>> * charles.man...@charter.com (Manser, Charles J) [Mon 06 Feb 2017, 16:21 
CET]:
>>> It seems that browsing to ticketmaster.com or any of the associated IP 
addresses results in a 403 Forbidden for our customers today. Is anyone else 
having this issue?
>> 
>> 
http://help.ticketmaster.com/why-am-i-getting-a-blocked-forbidden-or-403-error-message/
 
>> 
>> 
>>-- Niels.
> 

Re: ticketmaster.com 403 Forbidden

[mike . lyon]

Yup, i have a /22 that has the same problem. Support is useless...

> On Feb 6, 2017, at 08:35, Ethan E. Dee  wrote:
> 
> It gives me a Forbidden error.
> It has for over a year.
> There support says they are not allowed to me why by their policy.
> it is across an entire /19.
> I gave up after the fifth time and encourage the customers to call them 
> individually.
> 
>> On 02/06/2017 11:09 AM, Niels Bakker wrote:
>> * charles.man...@charter.com (Manser, Charles J) [Mon 06 Feb 2017, 16:21 
>> CET]:
>>> It seems that browsing to ticketmaster.com or any of the associated IP 
>>> addresses results in a 403 Forbidden for our customers today. Is anyone 
>>> else having this issue?
>> 
>> http://help.ticketmaster.com/why-am-i-getting-a-blocked-forbidden-or-403-error-message/
>>  
>> 
>> 
>>-- Niels.
> 

Re: ticketmaster.com 403 Forbidden

[Ethan E. Dee]

It gives me a Forbidden error.
It has for over a year.
There support says they are not allowed to me why by their policy.
it is across an entire /19.
I gave up after the fifth time and encourage the customers to call them 
individually.


On 02/06/2017 11:09 AM, Niels Bakker wrote:
* charles.man...@charter.com (Manser, Charles J) [Mon 06 Feb 2017, 
16:21 CET]:
It seems that browsing to ticketmaster.com or any of the associated 
IP addresses results in a 403 Forbidden for our customers today. Is 
anyone else having this issue?


http://help.ticketmaster.com/why-am-i-getting-a-blocked-forbidden-or-403-error-message/ 




-- Niels.

Re: ticketmaster.com 403 Forbidden

[Niels Bakker]

* charles.man...@charter.com (Manser, Charles J) [Mon 06 Feb 2017, 16:21 CET]:
It seems that browsing to ticketmaster.com or any of the associated 
IP addresses results in a 403 Forbidden for our customers today. Is 
anyone else having this issue?


http://help.ticketmaster.com/why-am-i-getting-a-blocked-forbidden-or-403-error-message/


-- Niels.

Re: ticketmaster.com 403 Forbidden

[Benjamin Hatton]

No Issues from AS26269 via HE NYC (AS6939)

*Ben Hatton*

Network Engineer

Haefele TV Inc.

d:(607)589-8000

bhat...@htva.net

www.htva.net

On Mon, Feb 6, 2017 at 10:42 AM, Christian Kildau  wrote:

> 403 forbidden from as12306 via level3.
>
> On Mon, Feb 6, 2017 at 2:04 PM, Manser, Charles J <
> charles.man...@charter.com> wrote:
>
> > List,
> >
> > It seems that browsing to ticketmaster.com or any of the associated IP
> > addresses results in a 403 Forbidden for our customers today. Is anyone
> > else having this issue?
> >
> > If anyone from Ticketmaster could reach out to me off-list, it would be
> > helpful.
> > Charles Manser | Principal Engineer I, Network Security
> > charles.man...@charter.com
> >
> > E-MAIL CONFIDENTIALITY NOTICE:
> > The contents of this e-mail message and any attachments are intended
> > solely for the addressee(s) and may contain confidential and/or legally
> > privileged information. If you are not the intended recipient of this
> > message or if this message has been addressed to you in error, please
> > immediately alert the sender by reply e-mail and then delete this message
> > and any attachments. If you are not the intended recipient, you are
> > notified that any use, dissemination, distribution, copying, or storage
> of
> > this message or any attachment is strictly prohibited.
> >
>

Re: ticketmaster.com 403 Forbidden

[Christian Kildau]

403 forbidden from as12306 via level3.

On Mon, Feb 6, 2017 at 2:04 PM, Manser, Charles J <
charles.man...@charter.com> wrote:

> List,
>
> It seems that browsing to ticketmaster.com or any of the associated IP
> addresses results in a 403 Forbidden for our customers today. Is anyone
> else having this issue?
>
> If anyone from Ticketmaster could reach out to me off-list, it would be
> helpful.
> Charles Manser | Principal Engineer I, Network Security
> charles.man...@charter.com
>
> E-MAIL CONFIDENTIALITY NOTICE:
> The contents of this e-mail message and any attachments are intended
> solely for the addressee(s) and may contain confidential and/or legally
> privileged information. If you are not the intended recipient of this
> message or if this message has been addressed to you in error, please
> immediately alert the sender by reply e-mail and then delete this message
> and any attachments. If you are not the intended recipient, you are
> notified that any use, dissemination, distribution, copying, or storage of
> this message or any attachment is strictly prohibited.
>

Re: ticketmaster.com 403 Forbidden

[Plato, Art]

Can get to them from Equinox connected Peer.

- Original Message -
From: "TR Shaw" 
To: "Charles J Manser" 
Cc: nanog@nanog.org
Sent: Monday, February 6, 2017 10:26:50 AM
Subject: Re: ticketmaster.com 403 Forbidden

Can get to them fine from Florida via level3.

Tom’

> On Feb 6, 2017, at 8:04 AM, Manser, Charles J  
> wrote:
> 
> List,
> 
> It seems that browsing to ticketmaster.com or any of the associated IP 
> addresses results in a 403 Forbidden for our customers today. Is anyone else 
> having this issue?
> 
> If anyone from Ticketmaster could reach out to me off-list, it would be 
> helpful.
> Charles Manser | Principal Engineer I, Network Security
> charles.man...@charter.com
> 
> E-MAIL CONFIDENTIALITY NOTICE: 
> The contents of this e-mail message and any attachments are intended solely 
> for the addressee(s) and may contain confidential and/or legally privileged 
> information. If you are not the intended recipient of this message or if this 
> message has been addressed to you in error, please immediately alert the 
> sender by reply e-mail and then delete this message and any attachments. If 
> you are not the intended recipient, you are notified that any use, 
> dissemination, distribution, copying, or storage of this message or any 
> attachment is strictly prohibited.

Re: ticketmaster.com 403 Forbidden

[TR Shaw]

Can get to them fine from Florida via level3.

Tom’

> On Feb 6, 2017, at 8:04 AM, Manser, Charles J  
> wrote:
> 
> List,
> 
> It seems that browsing to ticketmaster.com or any of the associated IP 
> addresses results in a 403 Forbidden for our customers today. Is anyone else 
> having this issue?
> 
> If anyone from Ticketmaster could reach out to me off-list, it would be 
> helpful.
> Charles Manser | Principal Engineer I, Network Security
> charles.man...@charter.com
> 
> E-MAIL CONFIDENTIALITY NOTICE: 
> The contents of this e-mail message and any attachments are intended solely 
> for the addressee(s) and may contain confidential and/or legally privileged 
> information. If you are not the intended recipient of this message or if this 
> message has been addressed to you in error, please immediately alert the 
> sender by reply e-mail and then delete this message and any attachments. If 
> you are not the intended recipient, you are notified that any use, 
> dissemination, distribution, copying, or storage of this message or any 
> attachment is strictly prohibited.

ticketmaster.com 403 Forbidden

[Manser, Charles J]

List,

It seems that browsing to ticketmaster.com or any of the associated IP 
addresses results in a 403 Forbidden for our customers today. Is anyone else 
having this issue?

If anyone from Ticketmaster could reach out to me off-list, it would be helpful.
Charles Manser | Principal Engineer I, Network Security
charles.man...@charter.com

E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for 
the addressee(s) and may contain confidential and/or legally privileged 
information. If you are not the intended recipient of this message or if this 
message has been addressed to you in error, please immediately alert the sender 
by reply e-mail and then delete this message and any attachments. If you are 
not the intended recipient, you are notified that any use, dissemination, 
distribution, copying, or storage of this message or any attachment is strictly 
prohibited.

Re: BGP IP prefix hijacking

[Carlos M. Martinez]

We use a mix of BGPMon and RPKI+RIPE Validator.

On 30 Jan 2017, at 4:41, Nagarjun Govindraj via NANOG wrote:

> Hi All,
>
> I am planning to write a tool to detect real time BGP IP prefix hijacking.
> I am glad to know some of the open problems faced by
> providers/companies/community.
> I would like to know how the community is currently dealing and mitigating
> with such problems.
> It will be very helpful to know some of the adopted strategies by the
> community to detect bgp IP prefix hijacking and problems that are yet to be
> solved.
> Also I would like to know some of the very well industry standard open
> source tools used in the area of BGP which makes life easier.
>
> Regards,
> Nagarjun

Re: Peering BOF/Peering social @NANOG69?

[Bob Evans]

 On that same topic, Peering, I would like to see the green peering dot
for name badges.
 Kind of "one" of the fundamental things that NANOG came into existing over.
Thank You
Bob Evans
CTO




> I'm squinting at the Guidebook for NANOG69,
> and I don't seem to see any peering BOF or
> peering social this time around.  Am I being
> blind again, and it's on the agenda somewhere
> but I'm just overlooking it?
> Pointers in the right direction would be appreciated.
>
> Thanks!  :)
>
> Matt
>

Peering BOF/Peering social @NANOG69?

[Matthew Petach]

I'm squinting at the Guidebook for NANOG69,
and I don't seem to see any peering BOF or
peering social this time around.  Am I being
blind again, and it's on the agenda somewhere
but I'm just overlooking it?
Pointers in the right direction would be appreciated.

Thanks!  :)

Matt