Re: The story about MyEtherWallet.com hijack or how to become a millionare in 2 hours.

[Hank Nussbacher]

On 24/04/2018 21:35, Fredrik Korsbäck wrote:

> TLDR; So it seems that AS10297 (some small hostingprovider in the US) 
> suddenly started to announce de-aggregated AWS
> IP-space, containing quite alot of Route53 infrastructure, put up resolvers 
> on their own on the hijacked IP-space and
> pointed *ATLEAST* www.myetherwallet.com to a ip-address that seems to be some 
> kind of transparent proxy out of russia
> with a bogus SSL-cert (but still pretty good) (https://46.161.42.42/)
>
> I did digging in my own logs and played it through BGP-play - seems like it 
> was in fact only Hurricane Electric (6939)
> that actually propagated this prefix to the Internet. Which makes sense since 
> we have seen them being part of the
> problem in almost all recent hijacks.

In addition to HE there was AS19151 -WV Fiber that accepted the /24s,
but based on BGPlay (attached) it seems that the main culprit was HE
that propagated it onward.

-Hank

Re: The story about MyEtherWallet.com hijack or how to become a millionare in 2 hours.

[Daniel Corbe]

Is MyEtherWallet really doing 500k/hr in business though?

> On Apr 24, 2018, at 2:35 PM, Fredrik Korsbäck  wrote:
> 
> Aloha.
> 
> Surprised this hasnt "made the news" over at this list yet.
> 
> https://doublepulsar.com/hijack-of-amazons-internet-domain-service-used-to-reroute-web-traffic-for-two-hours-unnoticed-3a6f0dda6a6f
> 
> https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/2teeVLJ44RM/Yqk5GHSpCQAJ
> 
> https://twitter.com/barton_paul/status/988788348272734217
> 
> TLDR; So it seems that AS10297 (some small hostingprovider in the US) 
> suddenly started to announce de-aggregated AWS
> IP-space, containing quite alot of Route53 infrastructure, put up resolvers 
> on their own on the hijacked IP-space and
> pointed *ATLEAST* www.myetherwallet.com to a ip-address that seems to be some 
> kind of transparent proxy out of russia
> with a bogus SSL-cert (but still pretty good) (https://46.161.42.42/)
> 
> I did digging in my own logs and played it through BGP-play - seems like it 
> was in fact only Hurricane Electric (6939)
> that actually propagated this prefix to the Internet. Which makes sense since 
> we have seen them being part of the
> problem in almost all recent hijacks.
> 
> Can we do some collaborative digging in other tools you have handy (i guess 
> thousand eyes probes etc could be of help
> here) to track how big the propagation was?
> 
> Being abit involved in the Ethereum world it could be noted that the login to 
> MyEtherWallet.com is abit special since
> you actually login with you wallet-seed and not user/pass to the site... 
> giving the possibility to make really swift
> transfers without having actual access to the real site (for good and 
> bad).
> 
> -- 
> hugge @ 2603
> 

Re: Amazon Geolocation

[Bryan Holloway]

Best. URL. Ever. ;)


On 4/24/18 2:35 PM, Anne P. Mitchell Esq. wrote:

We have been told that the best, most expeditious way to get this resolved is:

  "https://www.amazonforum.com/forums/digital-content/prime-video, it's actively 
monitored, and confirmed issues are escalated to the correct engineering team."

Anne

Anne P. Mitchell,
Attorney at Law
CEO/President,
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
GDPR Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center

Re: The story about MyEtherWallet.com hijack or how to become a millionare in 2 hours.

[Job Snijders]

On Tue, Apr 24, 2018 at 10:22:19PM +0200, Fredrik Korsbäck wrote:
> Id take it that 15169 accepted the prefix for some reason over a
> bilateral peering-sesssion (to the best of my knowledge the equinix
> routeservers does indeed do filter, but please correct me on this one)
> with 10297 and hence poisoned the 8.8.8.8 resolver for some time with
> the wrong ip-addr.

I have no reason to believe the Equinix route servers propagated or
contributed to this hijack, I checked with them. It is a good thing
their route server has filters, otherwise the damage could've been even
worse!

Kind regards,

Job

Re: The story about MyEtherWallet.com hijack or how to become a millionare in 2 hours.

[Jack Bates]

On 4/24/2018 1:35 PM, Fredrik Korsbäck wrote:

Surprised this hasnt "made the news" over at this list yet.

In the old days, the list membership would have noticed the hijack. BGP 
hijacks used to be a somewhat popular topic, but like spammer chasing, I 
think everyone grew bored of it and the lack of things actually being done.



TLDR; So it seems that AS10297 (some small hostingprovider in the US) suddenly 
started to announce de-aggregated AWS
IP-space, containing quite alot of Route53 infrastructure, put up resolvers on 
their own on the hijacked IP-space and
pointed *ATLEAST* www.myetherwallet.com to a ip-address that seems to be some 
kind of transparent proxy out of russia
with a bogus SSL-cert (but still pretty good) (https://46.161.42.42/)


Why did they use a self-signed cert? If you control the dns or the 
endpoint, you can easily get a signed cert. Given how lax people were at 
detecting this, they would have gotten further if people hadn't been 
complaining about the cert notification.


Jack

Re: The story about MyEtherWallet.com hijack or how to become a millionare in 2 hours.

[Fredrik Korsbäck]

Well there is quite abit of data around that particular server.

So it definitely happened.

https://twitter.com/GossiTheDog/status/988873775285460992

This tweet is a good start.

The server answer to me right now and google safe browsing has flagged it as 
well for being insecure (no the regular
cert-fail warning but deceptivness warning)

The SSL-cert is a self-signed one impersonating MyEtherWallet.com.

Id take it that 15169 accepted the prefix for some reason over a bilateral 
peering-sesssion (to the best of my knowledge
the equinix routeservers does indeed do filter, but please correct me on this 
one) with 10297 and hence poisoned the
8.8.8.8 resolver for some time with the wrong ip-addr.

> On Tue, Apr 24, 2018 at 08:35:17PM +0200,
>  Fredrik Korsbäck  wrote
>   a message of 28 lines which said:
> 
>> Surprised this hasnt "made the news" over at this list yet.
> 
> It was discussed several hours before on the Outages mailing list.
> 
> Also, there are not a lot of hard facts. The BGP hijacking is clear
> and easy to find in the usual places.
> 
> The supposed rogue DNS server is much more elusive. Nobody apparently
> thought of querying it with dig during the hijack. There are reports
> of people being directed to a rogue www.myetherwallet.com but, again,
> no detail, no IP address, not the certificate of the rogue server,
> nothing.
> 
>> seems to be some kind of transparent proxy out of russia with a
>> bogus SSL-cert (but still pretty good) (https://46.161.42.42/)
> 
> DNSDB does not confirm this:
> 
> %  isc-dnsdb-query rdata ip 46.161.42.42
> pigroot.sciencesupply.eu. IN A 46.161.42.42
> value.rollliquid.com. IN A 46.161.42.42
> campsprings.collaspepaw.com. IN A 46.161.42.42
> bronchopneumonic.collaspepaw.com. IN A 46.161.42.42
> server42.woodorganism.com. IN A 46.161.42.42
> ;;; Returned 5 RRs in 0.03 seconds.
> ;;; DNSDB
> 
> Currently, this machine does not accept connections.
> 
> 
> 
> 


-- 
hugge

Re: The story about MyEtherWallet.com hijack or how to become a millionare in 2 hours.

[Stephane Bortzmeyer]

On Tue, Apr 24, 2018 at 08:35:17PM +0200,
 Fredrik Korsbäck  wrote 
 a message of 28 lines which said:

> Surprised this hasnt "made the news" over at this list yet.

It may be also because NANOG email is handled by Google, who broke its antispam:

: host aspmx.l.google.com[2a00:1450:400c:c08::1a] said:
550-5.7.1 This message does not have authentication information or
fails to
pass 550-5.7.1 authentication checks. To best protect our
users from spam,
the 550-5.7.1 message has been blocked. Please visit
550-5.7.1
https://support.google.com/mail/answer/81126#authentication
for more 550
5.7.1 information. v20-v6si12240130wrb.82 - gsmtp
(in reply to end of DATA
command)

Re: China Showdown Huawei vs ZTE

[Saku Ytti]

On 24 April 2018 at 21:45, Naslund, Steve  wrote:


Hey,

> The US Government considers Huawei and ZTE to have "close ties" to the 
> Chinese government according to the Director of National Intelligence along 
> with the heads of CIA, FBI, and the NSA as stated in testimony before the 
> Senate Intelligence Committee.  The founder of Huawei is the former 
> engineering officer of the People's Liberation Army of China.
>
> Now, this only applies to US Government agencies according to their 
> acquisition rules but there have been moves by the FCC to ban these devices 
> from US cellular network.  I am not advocating for or against any of these 
> policies and you can run what you want (assuming it can be imported).  I 
> myself would be nervous running Huawei code in a device if a cyber war broke 
> out between the US and China.

Thank you for the insight, quite interesting.

Call me naive, but I don't think sticker in device has any
implications on security, as components and code are sourced through
complicated chains through various jurisdictions. Let's assume for a
moment that attacker is NSA, I don't think that NSA would want to even
push project through Cisco or Apple via official channels, even if
legally allowed, to get some secret backdoor installed, because too
many people would be involved in the project and controlling the
information would become challenging. Two years from now lot of those
involved people might be in different company or different country,
how to avoid them from exposing the information?
It seems much better vector would be to target individual person with
commit rights, ensure you have leverage over them, then ask them to
commit specific set of abstruse code, which is likely to pass code
review but introduce functionality which benefits your agenda. Even if
this one person would talk, would they know it was NSA, if they knew,
would anyone believe them? Why would China work differently? Why not
pwn one Cisco employee in India to get the code in that the party sees
beneficial?

-- 
  ++ytti

Re: The story about MyEtherWallet.com hijack or how to become a millionare in 2 hours.

[Fredrik Korsbäck]

"that depends".

we for sure know that 150K or so got immediately snatched of the bat, but how 
much more wallets is at stake? no one knows.

What is known however is that they are trying to deploy smokescreens with tons 
of transfers moving ETH around wallets
and all seems to be ending up sooner or later in this account.

https://etherscan.io/address/0xb3e47070264f3595c5032ee94b620a583a39

Which is good for 17MUSD.

That doesn't really matter though - i wanna speak what we do about this in the 
DFZ.

Can someone from HE comment on how your ingress route-filtering policy looks 
like towards your customers? I typically
base my peering-relationships on people/operators that i have some kind of 
level of trust in.



> Is MyEtherWallet really doing 500k/hr in business though?
> 
>> On Apr 24, 2018, at 2:35 PM, Fredrik Korsbäck  wrote:
>>
>> Aloha.
>>
>> Surprised this hasnt "made the news" over at this list yet.
>>
>> https://doublepulsar.com/hijack-of-amazons-internet-domain-service-used-to-reroute-web-traffic-for-two-hours-unnoticed-3a6f0dda6a6f
>>
>> https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/2teeVLJ44RM/Yqk5GHSpCQAJ
>>
>> https://twitter.com/barton_paul/status/988788348272734217
>>
>> TLDR; So it seems that AS10297 (some small hostingprovider in the US) 
>> suddenly started to announce de-aggregated AWS
>> IP-space, containing quite alot of Route53 infrastructure, put up resolvers 
>> on their own on the hijacked IP-space and
>> pointed *ATLEAST* www.myetherwallet.com to a ip-address that seems to be 
>> some kind of transparent proxy out of russia
>> with a bogus SSL-cert (but still pretty good) (https://46.161.42.42/)
>>
>> I did digging in my own logs and played it through BGP-play - seems like it 
>> was in fact only Hurricane Electric (6939)
>> that actually propagated this prefix to the Internet. Which makes sense 
>> since we have seen them being part of the
>> problem in almost all recent hijacks.
>>
>> Can we do some collaborative digging in other tools you have handy (i guess 
>> thousand eyes probes etc could be of help
>> here) to track how big the propagation was?
>>
>> Being abit involved in the Ethereum world it could be noted that the login 
>> to MyEtherWallet.com is abit special since
>> you actually login with you wallet-seed and not user/pass to the site... 
>> giving the possibility to make really swift
>> transfers without having actual access to the real site (for good and 
>> bad).
>>
>> -- 
>> hugge @ 2603
>>
> 


-- 
hugge

Re: Amazon Geolocation

[Anne P. Mitchell Esq.]

We have been told that the best, most expeditious way to get this resolved is:

 "https://www.amazonforum.com/forums/digital-content/prime-video, it's actively 
monitored, and confirmed issues are escalated to the correct engineering team."

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
GDPR Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center

Re: Amazon Geolocation

[Adam Montgomery]

Hey Sam, we had the same problem and were able to get it resolved (and help
a few others get unblocked as well). Shoot me the affected blocks off-list
and I'll forward them along.

Adam

On Tue, Apr 24, 2018 at 12:03 PM Anne P. Mitchell Esq. 
wrote:

> Sam, may I share this with our Amazon contacts?
>
> Anne
>
> Anne P. Mitchell,
> Attorney at Law
> CEO/President,
> SuretyMail Email Reputation Certification and Inbox Delivery Assistance
> http://www.SuretyMail.com/
> http://www.SuretyMail.eu/
>
> Attorney at Law / Legislative Consultant
> GDPR Compliance Consultant
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
> Author: The Email Deliverability Handbook
> Legal Counsel: The CyberGreen Institute
> Legal Counsel: The Earth Law Center
>
>
> >
> > Hey all,
> >
> > Having a hard time finding someone within Amazon to understand
> geolocation
> > problems.  We have lots of customers that started getting the amazon
> prime video
> > message about not being able to watch because of geolocation / vpn
> restrictions.
> >
> > We are a wisp.  We run BGP with our own netblocks and upstream
> netblocks.  We
> > have at least 15 customers that have reported this problem - many of
> which
> > opened tickets directly with amazon but they have no clue.  My guess is
> its
> > related to entire netblocks.
> >
> > MaxMind shows the correct info and always has.
> >
> > Can someone point me to a contact at Amazon that can help?
> >
> > Thx,
> > Sam
> >
> >
> >
> >
>
>
>

Re: Amazon Geolocation

[Anne P. Mitchell Esq.]

Sam, may I share this with our Amazon contacts?

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
GDPR Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center

 
> 
> Hey all,
> 
> Having a hard time finding someone within Amazon to understand geolocation
> problems.  We have lots of customers that started getting the amazon prime 
> video
> message about not being able to watch because of geolocation / vpn 
> restrictions.
> 
> We are a wisp.  We run BGP with our own netblocks and upstream netblocks.  We
> have at least 15 customers that have reported this problem - many of which
> opened tickets directly with amazon but they have no clue.  My guess is its
> related to entire netblocks.  
> 
> MaxMind shows the correct info and always has. 
> 
> Can someone point me to a contact at Amazon that can help?
> 
> Thx,
> Sam
> 
> 
> 
> 

Re: Is WHOIS going to go away?

[John Levine]

In article 

 you write:
>The days when some in the technical community could just discard others 
>arguments by saying that  "[you] have no idea how the
>Internet works" have long passed. I will not get intimidated nor will I step 
>back. Old tricks, won't work, it's as old as the
>dysfunctional WHOIS and will disappear.

Now I'm confused.  Surely you do not mean that we should take your
arguments seriously even though you have no idea how the Internet
works.

In my experience, the nanog crowd can be grumpy but it is entirely
open to discussions that are based on facts and an understanding of
the issues.

R's,
John

RE: China Showdown Huawei vs ZTE

[Naslund, Steve]

>I'm sure all these companies have legal entities in all countries the operate 
>in. So Huawei in US is US company and Huawei products bought in US from US 
>Huawei are good,. but bad >when bought from Huawei China?

IANAL however I was a network engineer for the US Air Force for over ten years. 
 Here is how the US DoD looks at it.  There are three tiers of defense 
contractors.

Yes - Cisco, Juniper and other US controller entities that the DoD has already 
vetted and does business with on a routine basis.  Also includes systems 
pre-integrated by defense contractors like Boeing and Lockheed that are sold as 
complete turn-key systems.

Maybe - Allied (usually NATO) defense contractors that also have vetted 
security policy.  That would be companies like BAE Systems, Dausault, and 
Siemens.  This would also include US suppliers that may never have done 
business with the DoD before and would have to undergo further review prior to 
being awarded a contract.  There are also some "buy American" consideration 
that required us to use US suppliers unless there was a valid reason why the 
foreign manufacturer was the better choice (say we have an air defense system 
from BAE that has been designed to work with a specific device as part of a 
system).  That is an economic/political concern in addition to the security 
concern and is covered under contracting regulations.  

No way - entities considered to be under to control of or part of the military 
industrial complex of rival nations.  That would include most Russian, Chinese, 
Iranian, etc companies.  Also companies that refuse to comply with certain 
government sanctions or disclosure requirements.  Also companies that employ 
specifically banned individuals under the export control act.

This is not necessarily a technical legal thing like having a corporate entity 
in the US (every multinational does), it is an intelligence assessment of risk. 
 For sensitive software there is a long laundry list of requirements 
surrounding source code control and signing.  In almost all cases I am aware of 
the US DoD acquires a Restricted Software License which actually means that 
they have access to view to source code for whatever they are running and 
require a cryptographically secure way of knowing the running code matches.  
For many of the systems I worked with there were actually special software 
loads signed by DISA (Defense Information Systems Agency) that we had to run.  
DISA software loads also tended to block certain configurations known to be 
insecure and a lot of times enforced higher security or encryption requirement. 
 Our hardware had to come off a list of approved devices and in very sensitive 
service the device were sent to an NSA lab for analysis and returned under 
courier control before they could enter certain areas or networks.  If the 
device ever exited the facility they had to go back for recertification.  This 
was for assurance against embedded hardware taps or bugging devices.  They also 
compared the device against known good models to make sure the hardware was the 
same.

The US Government considers Huawei and ZTE to have "close ties" to the Chinese 
government according to the Director of National Intelligence along with the 
heads of CIA, FBI, and the NSA as stated in testimony before the Senate 
Intelligence Committee.  The founder of Huawei is the former engineering 
officer of the People's Liberation Army of China.

Now, this only applies to US Government agencies according to their acquisition 
rules but there have been moves by the FCC to ban these devices from US 
cellular network.  I am not advocating for or against any of these policies and 
you can run what you want (assuming it can be imported).  I myself would be 
nervous running Huawei code in a device if a cyber war broke out between the US 
and China.

Steven Naslund
Chicago IL  

The story about MyEtherWallet.com hijack or how to become a millionare in 2 hours.

[Fredrik Korsbäck]

Aloha.

Surprised this hasnt "made the news" over at this list yet.

https://doublepulsar.com/hijack-of-amazons-internet-domain-service-used-to-reroute-web-traffic-for-two-hours-unnoticed-3a6f0dda6a6f

https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/2teeVLJ44RM/Yqk5GHSpCQAJ

https://twitter.com/barton_paul/status/988788348272734217

TLDR; So it seems that AS10297 (some small hostingprovider in the US) suddenly 
started to announce de-aggregated AWS
IP-space, containing quite alot of Route53 infrastructure, put up resolvers on 
their own on the hijacked IP-space and
pointed *ATLEAST* www.myetherwallet.com to a ip-address that seems to be some 
kind of transparent proxy out of russia
with a bogus SSL-cert (but still pretty good) (https://46.161.42.42/)

I did digging in my own logs and played it through BGP-play - seems like it was 
in fact only Hurricane Electric (6939)
that actually propagated this prefix to the Internet. Which makes sense since 
we have seen them being part of the
problem in almost all recent hijacks.

Can we do some collaborative digging in other tools you have handy (i guess 
thousand eyes probes etc could be of help
here) to track how big the propagation was?

Being abit involved in the Ethereum world it could be noted that the login to 
MyEtherWallet.com is abit special since
you actually login with you wallet-seed and not user/pass to the site... giving 
the possibility to make really swift
transfers without having actual access to the real site (for good and bad).

-- 
hugge @ 2603

Re: China Showdown Huawei vs ZTE

[Saku Ytti]

Hey Aaron,

> Excuse my lack of knowledge... What does this mean?  "Shareholders are people 
> holding Vanguard/Blackrock."

Funds which are largest owners of Cisco shares.

-- 
  ++ytti

Amazon Geolocation

[Sam Norris]

Hey all,

Having a hard time finding someone within Amazon to understand geolocation
problems.  We have lots of customers that started getting the amazon prime video
message about not being able to watch because of geolocation / vpn restrictions.

We are a wisp.  We run BGP with our own netblocks and upstream netblocks.  We
have at least 15 customers that have reported this problem - many of which
opened tickets directly with amazon but they have no clue.  My guess is its
related to entire netblocks.  

MaxMind shows the correct info and always has. 

Can someone point me to a contact at Amazon that can help?

Thx,
Sam

Re: China Showdown Huawei vs ZTE

[Aaron Gould]

Excuse my lack of knowledge... What does this mean?  "Shareholders are people 
holding Vanguard/Blackrock."

Aaron

> On Apr 24, 2018, at 10:31 AM, Saku Ytti  wrote:
> 
> Shareholders are people holding Vanguard/Blackrock.

RE: China Showdown Huawei vs ZTE

[STARNES, CURTIS via NANOG]

-Original Message-
>From: NANOG  On Behalf Of Saku Ytti
>Sent: Tuesday, April 24, 2018 11:59 AM
>To: Naslund, Steve 
>Cc: nanog@nanog.org
>Subject: Re: China Showdown Huawei vs ZTE

>On 24 April 2018 at 19:50, Naslund, Steve  wrote:

>> Easy one, what law is the company incorporated under?  Nothing against the 
>> Chinese companies (some of their stuff is really great), but it is 
>> admittedly hard to separate China's military industrial complex from their 
>> >communications suppliers.  I can understand other countries not wanting 
>> critical infrastructure under their software control given that the Chinese 
>> government has been very active in industrial espionage.  It is not that a 
>> US >company cannot be compromised but I think they might at least be held 
>> accountable (by their markets) when they get caught.

>I'm sure all these companies have legal entities in all countries the operate 
>in. So Huawei in US is US company and Huawei products bought in US from US 
>Huawei are good,. but bad when bought from Huawei China?


> --
> ++ytti

From what I have read, any Huawei product purchases fell under scrutiny but 
after this came about Huawei announced they were going to pull out of U.S. 
markets. 
https://www.forbes.com/sites/jeanbaptiste/2018/04/19/analyst-chinas-huawei-to-quit-u-s-market/#2a0839d311cb
 

Re: Is WHOIS going to go away?

[Suresh Ramasubramanian]

The fun problem here is that anonymity, encryption etc - everything that's good 
and recommended for privacy and security conscious people - gets heavily used, 
and early adopted, by criminals, the good ones among whom are paranoid about 
both these at least so they stay out of prison.

If only all registrars and registries would actually act proactively about 
keeping abuse off their networks. Some do a great job, others do just enough to 
keep ICANN and the security community off their backs, while still others 
couldn't care less about either.

If we had this level of proactiveness, the problem of whois going away would be 
far less of an issue.


From: NANOG  on behalf of Badiei, Farzaneh 

Sent: Friday, April 20, 2018 9:17:21 AM
To: John Levine; nanog@nanog.org
Cc: b...@theworld.com
Subject: Re: Is WHOIS going to go away?

Dear John,


The days when some in the technical community could just discard others 
arguments by saying that  "[you] have no idea how the Internet works" have long 
passed. I will not get intimidated nor will I step back. Old tricks, won't 
work, it's as old as the dysfunctional WHOIS and will disappear.


Also your last paragraph obliges me to clarify: it's not always a "he" that 
might be arguing! it's sometimes, though might it be rarely, a "she".


No one asked to protect people from their governments (I have heard this before 
as well). But also people should not be endangered or even minimally disturbed 
by making their personal information public. There are many many scenarios when 
personal information can be abused, and governments might not be involved.


I might not know as much as you do about how the Internet works. But I know one 
thing: There will be a change. The convenience of security researchers and 
trademark owners is not going to be set above domain name registrants right to 
data protection. But I am sure the cybersecurity community can come up with a 
more creative way of preserving cybersecurity without relying on using personal 
information of domain name registrants and violating their rights!


Farzaneh




In article <23257.12824.250276.763...@gargle.gargle.howl> you write:
>So you think restricting WHOIS access will protect dissidents from
>abusive governments?
>
>Of all the rationalizations that one seems particularly weak.

Oh, you're missing the point.  This is a meme that's been floating
around in academia for a decade: the brave dissident who somehow has
managed to find web hosting, e-mail, broadband, and mobile phone
service but for whom nothing stands between her and certain death but
the proxy whois on her vanity domain.

If someone makes this argument you can be 100% sure he's parroting
something he heard somewhere and has no idea how the Internet actually
works.



From: NANOG  on behalf of John Levine 
Sent: Thursday, April 19, 2018 10:43 PM
To: nanog@nanog.org
Cc: b...@theworld.com
Subject: Re: Is WHOIS going to go away?

In article <23257.12824.250276.763...@gargle.gargle.howl> you write:
>So you think restricting WHOIS access will protect dissidents from
>abusive governments?
>
>Of all the rationalizations that one seems particularly weak.

Oh, you're missing the point.  This is a meme that's been floating
around in academia for a decade: the brave dissident who somehow has
managed to find web hosting, e-mail, broadband, and mobile phone
service but for whom nothing stands between her and certain death but
the proxy whois on her vanity domain.

If someone makes this argument you can be 100% sure he's parroting
something he heard somewhere and has no idea how the Internet actually
works.

R's,
John

Re: China Showdown Huawei vs ZTE

[Saku Ytti]

On 24 April 2018 at 19:50, Naslund, Steve  wrote:

> Easy one, what law is the company incorporated under?  Nothing against the 
> Chinese companies (some of their stuff is really great), but it is admittedly 
> hard to separate China's military industrial complex from their 
> communications suppliers.  I can understand other countries not wanting 
> critical infrastructure under their software control given that the Chinese 
> government has been very active in industrial espionage.  It is not that a US 
> company cannot be compromised but I think they might at least be held 
> accountable (by their markets) when they get caught.

I'm sure all these companies have legal entities in all countries the
operate in. So Huawei in US is US company and Huawei products bought
in US from US Huawei are good,. but bad when bought from Huawei China?


-- 
  ++ytti

RE: China Showdown Huawei vs ZTE

[Naslund, Steve]

>
> > Yes looks like they are both under pressure. I feel bad for the USA based
> > employees. I know Huawei has quite a few in Plano, Texas.
>
> Feel sorry for US based consumers. Historically protectionism always
> hurts the local economy most. By creating artificial demand on local
> products, over time local products become uncompetitive for export.
>
> I wonder, in what fundamental way Cisco and Juniper are US products,
> Huawei and ZTE Chinese products? To me it looks like Cisco has no
> development on IOS-XR outside India, components and assembly is in
> China. Shareholders are people holding Vanguard/Blackrock. What makes
> US company a US company?
>

Easy one, what law is the company incorporated under?  Nothing against the 
Chinese companies (some of their stuff is really great), but it is admittedly 
hard to separate China's military industrial complex from their communications 
suppliers.  I can understand other countries not wanting critical 
infrastructure under their software control given that the Chinese government 
has been very active in industrial espionage.  It is not that a US company 
cannot be compromised but I think they might at least be held accountable (by 
their markets) when they get caught.

Steven Naslund
Chicago IL

Re: Is WHOIS going to go away?

[bzs]

On April 20, 2018 at 05:06 i.g...@comcast.net (Scott Schmit) wrote:
 > On Thu, Apr 19, 2018 at 11:44:10PM -0400, b...@theworld.com wrote:
 > > So the net result maybe isn't all that terrible unless you have a good
 > > reason to hide your information even from your registrar (and ICANN),
 > > checking a privacy option won't accomplish that, they still have your
 > > info they're just not revealing it via WHOIS.
 > 
 > Bear in mind that not all TLDs allow enabling privacy (e.g., .us).

I'm aware of this with .US, is there another example? That's the only
one I've ever seen mentioned but there are an Avogadro number of TLDs.

Hold on, I found a list...da goog turned up da goog...

  https://support.google.com/domains/answer/3251242?hl=en

  .CO.IN, .CO.NZ, .CO.UK, .FR, .IN, .JP, and .US

So all are cctlds (country code TLDs), and the first three are for
companies (or commercial) which may be what's driving that policy. In
many countries if one acts as a commercial entity they must provide
public contact information.

ICANN (in the metonymous sense) no doubt is aware of this, I wonder if
it conflicts with any proposals for this new WHOIS?

That page also has a pretty good FAQ on private registration in
general.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

Re: China Showdown Huawei vs ZTE

[Colton Conor]

Saku,

I do feel bad for US Based consumers as I am one of them! Overall, I find
Huawei's solutions to be 1/3 the price of the equivalent Juniper/Cisco. The
only the stopping me from buying them is the fear of it being hacked due to
the media.

Like the S6720-EI is MEF certified, runs MPLS, and is $3500 with a lifetime
warranty. Please let me know if anyone else comes close to this number.

On Tue, Apr 24, 2018 at 10:31 AM, Saku Ytti  wrote:

> On 20 April 2018 at 16:44, Colton Conor  wrote:
>
> > Yes looks like they are both under pressure. I feel bad for the USA based
> > employees. I know Huawei has quite a few in Plano, Texas.
>
> Feel sorry for US based consumers. Historically protectionism always
> hurts the local economy most. By creating artificial demand on local
> products, over time local products become uncompetitive for export.
>
> I wonder, in what fundamental way Cisco and Juniper are US products,
> Huawei and ZTE Chinese products? To me it looks like Cisco has no
> development on IOS-XR outside India, components and assembly is in
> China. Shareholders are people holding Vanguard/Blackrock. What makes
> US company a US company?
>
> --
>   ++ytti
>

Re: China Showdown Huawei vs ZTE

[Saku Ytti]

On 20 April 2018 at 16:44, Colton Conor  wrote:

> Yes looks like they are both under pressure. I feel bad for the USA based
> employees. I know Huawei has quite a few in Plano, Texas.

Feel sorry for US based consumers. Historically protectionism always
hurts the local economy most. By creating artificial demand on local
products, over time local products become uncompetitive for export.

I wonder, in what fundamental way Cisco and Juniper are US products,
Huawei and ZTE Chinese products? To me it looks like Cisco has no
development on IOS-XR outside India, components and assembly is in
China. Shareholders are people holding Vanguard/Blackrock. What makes
US company a US company?

-- 
  ++ytti

Re: Is WHOIS going to go away?

[Scott Schmit]

On Thu, Apr 19, 2018 at 11:44:10PM -0400, b...@theworld.com wrote:
> So the net result maybe isn't all that terrible unless you have a good
> reason to hide your information even from your registrar (and ICANN),
> checking a privacy option won't accomplish that, they still have your
> info they're just not revealing it via WHOIS.

Bear in mind that not all TLDs allow enabling privacy (e.g., .us).

Experience with CER 2000/MLXe/SLX/VDX

[howard stearn]

Contact me off-list. (Unless you want to share publicly.)

I'm interested in knowing if anyone has information about their transition
from Brocade to Avgo/Broadcom to Extreme and if the transition was seamless
and ended up well.

Please tell me a little about your self. How you were a customer / partner,
and what your experience has been transitioning to Extreme.

I'm also curious if anyone has insider stories about Avgo purchasing
Broadcom, and if has any wider implications than Wikipedia is rendering.

-HS

Re: Is WHOIS going to go away?

[Badiei, Farzaneh]

Dear John,


The days when some in the technical community could just discard others 
arguments by saying that  "[you] have no idea how the Internet works" have long 
passed. I will not get intimidated nor will I step back. Old tricks, won't 
work, it's as old as the dysfunctional WHOIS and will disappear.


Also your last paragraph obliges me to clarify: it's not always a "he" that 
might be arguing! it's sometimes, though might it be rarely, a "she".


No one asked to protect people from their governments (I have heard this before 
as well). But also people should not be endangered or even minimally disturbed 
by making their personal information public. There are many many scenarios when 
personal information can be abused, and governments might not be involved.


I might not know as much as you do about how the Internet works. But I know one 
thing: There will be a change. The convenience of security researchers and 
trademark owners is not going to be set above domain name registrants right to 
data protection. But I am sure the cybersecurity community can come up with a 
more creative way of preserving cybersecurity without relying on using personal 
information of domain name registrants and violating their rights!


Farzaneh




In article <23257.12824.250276.763...@gargle.gargle.howl> you write:
>So you think restricting WHOIS access will protect dissidents from
>abusive governments?
>
>Of all the rationalizations that one seems particularly weak.

Oh, you're missing the point.  This is a meme that's been floating
around in academia for a decade: the brave dissident who somehow has
managed to find web hosting, e-mail, broadband, and mobile phone
service but for whom nothing stands between her and certain death but
the proxy whois on her vanity domain.

If someone makes this argument you can be 100% sure he's parroting
something he heard somewhere and has no idea how the Internet actually
works.



From: NANOG  on behalf of John Levine 
Sent: Thursday, April 19, 2018 10:43 PM
To: nanog@nanog.org
Cc: b...@theworld.com
Subject: Re: Is WHOIS going to go away?

In article <23257.12824.250276.763...@gargle.gargle.howl> you write:
>So you think restricting WHOIS access will protect dissidents from
>abusive governments?
>
>Of all the rationalizations that one seems particularly weak.

Oh, you're missing the point.  This is a meme that's been floating
around in academia for a decade: the brave dissident who somehow has
managed to find web hosting, e-mail, broadband, and mobile phone
service but for whom nothing stands between her and certain death but
the proxy whois on her vanity domain.

If someone makes this argument you can be 100% sure he's parroting
something he heard somewhere and has no idea how the Internet actually
works.

R's,
John

RE: Is WHOIS going to go away?

[Badiei, Farzaneh]

“Granted there's
that gray area of dissident political movements etc. but their full
time job is protecting their identity.”

You think? The median number of domain name registration that used privacy 
proxy service in the Middle East is 24%. See the DNS Market study: 
https://www.icann.org/en/system/files/files/meac-dns-study-26feb16-en.pdf

Now lets look at the distribution of that number: “Rates of privacy proxy 
registrations varied across countries in the region, with the lowest rates seen 
in Iran (7%) and Turkey (12%), and the highest rates in Syria (32%), Algeria 
and Egypt (31% each).” I guess some people who share your band name in those 
countries with the lowest percentage of privacy proxy service might not really 
know how they can use privacy proxy services ! Lets just keep their personal 
information public until they find out how and why their house has been raided.


Also I don’t really understand why people keep saying “whois is going away” and 
“whois is going dark”

It is not. Personal information in the database should be made private. WHOIS 
contains more than personal information. You are the technical people,  you 
know better than me.

Thanks for bringing up the grey area anyway. Not many consider that in the 
discussions. But it’s not only dissidents. It’s also journalists and especially 
female journalists that work on issues that some might not like. Also sometimes 
you don’t even know you have to hide your identity because you don’t think you 
are doing anything against the  law, the problem is that we don’t have the rule 
of law everywhere in the world.


Best

Dr. Farzaneh Badiei
Research Associate, School of Public Policy
Executive Director, Internet Governance Project

From: b...@theworld.com
Sent: Thursday, April 19, 2018 5:58 PM
To: Aaron C. de Bruyn
Cc: nanog@nanog.org; Rich Kulawiec
Subject: Re: Is WHOIS going to go away?


One of the memes driving this WHOIS change is the old idea of
"starving the beast".

People involved in policy discussions complain that "spammers" -- many
only marginally fit that term other than by the strictest
interpretation -- use the public WHOIS data to contact domain owners.

I've countered that 20+ years experience trying to "starve the beast"
by trying to deny them access to email and other casual contact info
has proven the approach to be useless.

Choosing the privacy options on your domain registration is probably
just as, if not more, effective.

Another argument against this whole idea is that in most countries one
is required by law to provide valid contact information if they are
doing business with the general public. That would include soliciting
donations etc.

And that's essentially why domains exist, organizational contact.

This trend towards "vanity" domains is relatively recent and really
the only reason one can even claim there is a problem.
I doubt Microsoft or General Motors are excited to see that their
domain registration contact information will soon be protected by law.

--
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

RE: China Showdown Huawei vs ZTE

[Colin Stanners (lists)]

Colton, can you post some examples of the Whitebox/OS examples that you were 
looking at in that performance tier?

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Colton Conor
Sent: Friday, April 20, 2018 7:46 AM
To: Josh Reynolds 
Cc: NANOG 
Subject: Re: China Showdown Huawei vs ZTE

Josh,

I like the whitebox route, but I can't find anything that will come close price 
wise.

Example, Huawei S6720 with 24 10G ports, 2 40G ports, and full MPLS operating 
system from Huawei is $3500 out the door with a lifetime warranty. I can't even 
find a whitebox hardware, not even accounting for the OS, that is close to that 
price. Most 48 Port 10G with 6 40G uplinks (so double this huawei unit) are in 
the $5k range, and then you have to buy an operating system costing a couple 
more grand. Choices are limited on whitebox operating systems that support MPLS.

There might be some FibeStore models that come close to this price, but FS.com 
is a Chinese company too, so that's no better than ZTE or Huawei.



On Fri, Apr 20, 2018 at 7:34 AM, Josh Reynolds  wrote:

> Why not just go the whitebox route and pick your NOS of choice?
>
> Far cheaper, and far more flexible.
>
> On Fri, Apr 20, 2018, 7:28 AM Colton Conor  wrote:
>
>> Of the two large Chinese Vendors, which has the better network 
>> operating system? Huawei is much larger that ZTE is my understanding, 
>> but larger does not always mean better.
>>
>> Both of these manufactures have switches and routers. I doubt we will 
>> use their routing products anytime soon, but the switching products 
>> with MPLS are what we are exploring. Price wise both of these vendors 
>> seem to have 10G MPLS capable switches that are a 1/4 of the price of 
>> a Cisco or Juniper wants to charge.
>>
>> On the Huawei side looks like the S6720 is a fit.
>> On the ZTE side, it looks like the ZXR10 5960 Series is a fit.
>>
>> Has anyone had experience with either of these two switches? How do 
>> they compare?
>>
>> Also, for each independent brand, is their switching network 
>> operating system the same as their routing network operating system 
>> that their routers run?
>>
>

Solera Peering Contact

[Mark Tinka]

Hi all.

Looking for a warm body that deals with peering over at Solera
(www.solera.com).

Trying to get someone to setup peering with their network at NAPAfrica
in Johannesburg, but we can't seem to find anyone with "enable".

If anyone from Solera is on-list, or if there is anyone that can point
me in their direction, beer(s) on me in Vancouver :-). Thanks.

Mark.