Re: NANOG Security Track: Route Security

[Christopher Morrow]

My slides are:
  http://tiny.cc/8rnmzy

On Tue, Oct 2, 2018 at 10:44 PM Krassimir Tzvetanov 
wrote:

> Hello Everyone,
>
> Here is the copy of the combined slide deck.
>
> Thanks everyone.
>
> Regards,
> Krassimir
>
>
> On Thu, Sep 27, 2018 at 9:54 PM Krassimir T. Tzvetanov 
> wrote:
>
>> Hello Everyone,
>>
>> I wanted to attract your attention to the Security Track this coming
>> NANOG. We'll be meeting on Tuesday morning and the line up looks like this:
>> * Andre Toonk - examples of hijacks, other ideas
>> * Alexander Azimov - State of BGP Security
>> * David Wishnick - ARIN TAL
>> * Job Snijders - Routing security roadmap
>> * Chris Morrow - So I need to start filtering routes from peers...' and
>> 'hey guess who needs to update their IRR data?'
>>
>> Time permitting at the end of the time slot we'll have a panel and time
>> for duscussion as well.
>>
>> Regards,
>> Krassi
>>
>>
>>
>>

Re: NANOG Security Track: Route Security

[Krassimir Tzvetanov]

Hello Everyone,

Here is the copy of the combined slide deck.

Thanks everyone.

Regards,
Krassimir


On Thu, Sep 27, 2018 at 9:54 PM Krassimir T. Tzvetanov 
wrote:

> Hello Everyone,
>
> I wanted to attract your attention to the Security Track this coming
> NANOG. We'll be meeting on Tuesday morning and the line up looks like this:
> * Andre Toonk - examples of hijacks, other ideas
> * Alexander Azimov - State of BGP Security
> * David Wishnick - ARIN TAL
> * Job Snijders - Routing security roadmap
> * Chris Morrow - So I need to start filtering routes from peers...' and
> 'hey guess who needs to update their IRR data?'
>
> Time permitting at the end of the time slot we'll have a panel and time
> for duscussion as well.
>
> Regards,
> Krassi
>
>
>
>

Outlook SNDS and amzn-noc-contact

[Sec L]

Hi all,

I know it's a long shot but let me explain.

We're trying to get some insights into how AWS SES delivers our transaction 
emails to Hotmail/Outlook/Live users (most emails are blackholed for some 
reasons). We got dedicated IPs for SES and would like to request access to 
Outlook.com Smart Network Data Services to see how those IPs perform.

SNDS has an authorization process that requires clicking a link in a 
verification email sent to authorization addresses, which are chosen based on 
reverse DNS and WHOIS of the IPs (more details here: 
https://sendersupport.olc.protection.outlook.com/snds/FAQ.aspx#AddressChoosing)

Because the dedicated IPs are provisioned by AWS SES, all of the authorization 
email addresses are @amazon.com, @amazonaws.com or @amazonses.com.

One of the addresses is amzn-noc-cont...@amazon.com. I wonder if someone here 
from AWS can help me off-list to finish the authorization process. We have 
tried to escalate with AWS Support without success.

Thanks a lot.
Son

Re: Buying IPv4 blocks

[John Curran]

On 1 Oct 2018, at 6:57 PM, Ross Tajvar  wrote:
> 
> Hi all,
> 
> My US-based employer will be starting a new business unit soon that will 
> require IPv4 addresses (aiming for a /22 to start with). I know ARIN has a 
> waitlist (though I'm not sure where they're getting new IPs from), but the 
> faster way is to buy blocks from people who already have them. I'm aware of 
> Hilco Streambank - are there any other auctions? If I want to buy via private 
> sale, does anyone know of ways to find sellers?

Ross - 

No facilitator is necessary, but if you wish to know ones that are aware of 
ARIN’s procedures,
then you can find them here: 
https://www.arin.net/resources/transfer_listing/facilitator_list.html 


Best wishes,
/John

John Curran
President and CEO
ARIN

Re: Buying IPv4 blocks

[Payam Poursaied]

Hi Ross
Try ripe ncc’s broker list here:
https://www.ripe.net/manage-ips-and-asns/resource-transfers-and-mergers/brokers

They would easily find what you need. As the process is usually through
escrow.com, there shouldn’t be a serious concern.

This one:
https://www.ipv4auctions.com is doing that. Usually the prices is a bit
higher

If need more info, feel free to get in touch with me off-list

-payam

On Mon, Oct 1, 2018 at 6:59 PM Ross Tajvar  wrote:

> Hi all,
>
> My US-based employer will be starting a new business unit soon that will
> require IPv4 addresses (aiming for a /22 to start with). I know ARIN has a
> waitlist (though I'm not sure where they're getting new IPs from), but the
> faster way is to buy blocks from people who already have them. I'm aware of
> Hilco Streambank - are there any other auctions? If I want to buy via
> private sale, does anyone know of ways to find sellers?
>
> Thanks,
> Ross
>

Re: Puerto Rico Internet Exchange

[Mehmet Akcin]

Nikos

Thank you for your valuable feedback. We will make this happen! Looking
forward to your further support

On Sat, Sep 29, 2018 at 2:32 PM Nikos Mouat  wrote:

>
> Hi Mehmet -
> You mention the SIX so I figured I'd chime in on this thread, despite
> being
> an old one.
> We were in a similar situation in early 1997 - Seattle was a backwoods
> as far
> as internet infrastructure, with the nearest hub of activity being
> Mae-West /
> PAIX, and not a whole lot else in our neck of the woods. We had tried to
> build
> some momentum with a T1/Frame-relay based multi-point peering fabric which
> came
> online in early '96, but it never got past 5 or 6 participants and didn't
> get
> much traction with some providers in the region.
> We had talked about doing an ethernet based exchange in the Westin,
> and the
> University of Washington had started talking about building the SNNAP
> (Seattle
> Network to Network Access Point) which started up a mailing list in early
> '97,
> but it seemed to always be just over the horizon. (It eventually launched
> as the
> Pacific Northwest Gigapop, but not until much later, and focused on
> research and
> education orgs).
> When Chris and I were sitting together at Nanog 10, Bill Manning gave a
> couple presentations - "International Exchange Points: Growth & Trends" and
> "Large & Small Exchange Points: Advantages,Tradeoffs, Futures", and one of
> his
> key points was something along the lines of "any exchange point with 3 or
> more
> participants is a successful exchange point". This was ultimately the final
> nudge that was needed to convince us to start the peering point, and
> shortly
> after we got back from Tampa we threw a hub in on a port I was using for a
> private peering session and we were in business. We've grown a lot since
> then,
> certainly the emergence of Seattle as a key content market helped a lot,
> but I
> think you can draw some parallels.
> If you measure success as having three participants peering, and you
> find a
> way to get off the ground with minimal costs (or as in our case, none at
> all),
> it's easy to succeed in a not-for-profit model.
> My advice to you is to not worry about if any out of region folks are
> going
> to show up - find a space that folks operating in the region can get to
> easily,
> build something that is inexpensive to keep online, keep it simple, and
> get 3
> participants. Once you're there - look for the 4th, and so on.
>
> Good luck,
> Nikos
>
>
>
> On Thu, 13 Sep 2018, Mehmet Akcin wrote:
>
> > It has been little over a year and we have been working on launching an
> > internet exchange in puerto rico but of course hurricane and other things
> > got in the way of achieving this.
> >
> > We now have identified what we believe the right location (most of the
> > isp’s have presence in this location) backbone/ip transit connectivity,
> > local team to provide onsite support.
> >
> > Having said that We have been engaged with several content delivery
> > networks, OTTs but general feedback was that Puerto Rico was not on their
> > radar for 2018 hence delayed launch. Now we are talking to same players
> > about 2019 but general answer seemed like people were satisfied enough to
> > serve Puerto Rico from Miami.
> >
> > Perhaps we are talking to really big CDNs, OTTs and we should engage
> > differently however the level of interest is very low and I really don’t
> > want to “build and they will come” again ;-)
> >
> > Bottom line is, if there was an IXP in Puerto Rico similar to ones in
> > Florida, I am trying to understand who would actually deploy (just speak
> to
> > your company only please) because most of my assumptions were proven
> wrong
> > ;-)
> >
> > I guess I want to ask two questions, given its location in caribbean,
> does
> > Puerto Rico need an internet exchange point? Would you join it?(it will
> be
> > a membership based IXP where members share cost)
> >
> > Mehmet
> >
> > On Sat, Aug 12, 2017 at 4:27 AM Mehmet Akcin  wrote:
> >
> >> Hey there!
> >>
> >> ... ok this time I am not going to call it PRIX ;) well name doesn't
> >> matter really. Nearly 13 years ago I have attempted to start Puerto rico
> >> Internet exchange in San Juan. I have lived there over 5 years and i
> just
> >> wanted to really watch videos faster. The project somewhat died when i
> >> moved to LA but now there are few interested party to start an internet
> >> exchange in Puerto rico. The jsland historically had one of the slowest
> >> broadband/internet services which seemed to have improved in recent
> years
> >> however as of 2017 there still is not an IX in Puerto rico.
> >>
> >> We , 3-4 internet engineers (on island and remote) , want to look into
> >> relaunch of this IX and hopefully find a way to keep local traffic
> >> exchanged at high speeds and low cost. We need expertise, and people who
> >> want to help any way they can.
> >>
> >> We are trying to make this IX a not-for-profit one and 

Re: question to the current NANOG keynote speaker (Paul Barford) re: availability of data in PREDICT

[Sandra Murphy]

I’d like to express my appreciation for the fact that PCH makes the data 
available and has for many years.

The data collected by RouteViews, RIS and PCH is a god-send for researchers and 
operators alike.

—Sandy

> On Oct 2, 2018, at 5:57 AM, Bill Woodcock  wrote:
> 
>>> On Oct 1, 2018, at 2:04 PM, Sandra Murphy  wrote:
>>> 
>>> DHS had a program called PREDICT that made information important for 
>>> security research available.
>>> 
>>> The follow on is called IMPACT.  https://www.impactcybertrust.org
>>> 
>>> The key note speaker said his data was available under PREDICT, perhaps he 
>>> meant IMPACT.  Internet Atlas does show up on the IMPACT site.
>>> 
>>> The IMPACT program has announced (see their home page) that due to a lack 
>>> of funding support, the IMPACT program would cease operation in Dec 2018.  
>>> That “continued use of existing data will expire and your ability to 
>>> request data through IMPACT will no longer exist”.
>>> 
>>> Can someone ask the speaker (can’t find support for remote attendees) if he 
>>> knows if any impact from IMPACT’s ceasing to operation on the ability to 
>>> look at the data that he said was available through PREDICT?
> 
> All of the PCH data will continue to be available directly from us, despite 
> the PREDICT/IMPACT portal going away.
> 
>-Bill
> 

Re: question to the current NANOG keynote speaker (Paul Barford) re: availability of data in PREDICT

[Bill Woodcock]

>> On Oct 1, 2018, at 2:04 PM, Sandra Murphy  wrote:
>> 
>> DHS had a program called PREDICT that made information important for 
>> security research available.
>> 
>> The follow on is called IMPACT.  https://www.impactcybertrust.org
>> 
>> The key note speaker said his data was available under PREDICT, perhaps he 
>> meant IMPACT.  Internet Atlas does show up on the IMPACT site.
>> 
>> The IMPACT program has announced (see their home page) that due to a lack of 
>> funding support, the IMPACT program would cease operation in Dec 2018.  That 
>> “continued use of existing data will expire and your ability to request data 
>> through IMPACT will no longer exist”.
>> 
>> Can someone ask the speaker (can’t find support for remote attendees) if he 
>> knows if any impact from IMPACT’s ceasing to operation on the ability to 
>> look at the data that he said was available through PREDICT?

All of the PCH data will continue to be available directly from us, despite the 
PREDICT/IMPACT portal going away.

-Bill



signature.asc
Description: Message signed with OpenPGP