RE: SRv6

[Keith Medcalf]

On Monday, 21 September, 2020 16:16, Randy Bush wrote:

>> I'm not sure what you're saying here, I never said MPLS VPNs are
>> secure, only private. I hope others recognise that they are
>> different concepts.

>yes, privacy is one aspect of security.  and, as mpls vns are not
>private sans encryption, they are not secure.

That is blatantly untrue.  I have an MPLS VPN running from my Living
Room to my Bathroom.  It is not encrypted.  It is protected with 3G
security (Guards, Guns, Gates).  You do not need "encryption" in order
to be "secure".

--
Be decisive.  Make a decision, right or wrong.  The road of life is
paved with flat squirrels who could not make a decision.

NANOG SPAM (was Re: Just got this apparently fake NANOG invoice - Looks phishy)

[Bryan Fields]

On 9/21/20 7:28 PM, Mike Hammett wrote:
> Can we please send this stuff to the admins and not the whole list? 

Both the list admin account in the headers and the ge...@nanog.org is
monitored and responded to.  If you don't get a reply, you all have my email 
too.

What's happening here is a subscription comes in from a valid email bot using
gmail or $BIGHOST (google doesn't give af) and that doesn't send email.  The
list posters are then spammed from third party address(es).

It's frankly hard to track down as only posters get the spams, not the whole 
list.

That said, the geeks team knows what to look for to kill this when it happens.
 Forward the entire email including _FULL_HEADERS_ to ge...@nanog.org.  We
will kill it and ban them from the list.

Thanks,
-- 
Bryan Fields

727-409-1194 - Voice
http://bryanfields.net



signature.asc
Description: OpenPGP digital signature

Re: Cogent emails

[Grant Taylor via NANOG]

On 9/21/20 11:03 AM, Rich Kulawiec wrote:

Reminder: forwarding these sorts of things (with full headers please) to:

nanog-spamm...@firemountain.net

will cause them to be compiled into a list.


Why not a nanog.org address?

Is this simply being aggregated by a NANOG member / subscriber and thus 
something unofficial?




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

Re: Just got this apparently fake NANOG invoice - Looks phishy

[Mike Hammett]

Can we please send this stuff to the admins and not the whole list? 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Chris Boyd"  
To: "NANOG"  
Sent: Monday, September 21, 2020 6:20:31 PM 
Subject: Just got this apparently fake NANOG invoice - Looks phishy 

Apparent MS-Word doc attached. Be careful out there. 

Return-Path:  
Received: from cross6.lu-visp.net (cross6.lu-visp.net [62.182.179.184]) 
by lenny.gizmopartners.com (8.14.7/8.14.7) with ESMTP id 08LJIMld018071 
for ; Mon, 21 Sep 2020 19:18:25 GMT 
Message-Id: <202009211918.08ljimld018...@lenny.gizmopartners.com> 
Received: from [161.132.101.74] (unknown [161.132.101.74]) 
by cross4.lu-visp.net (Postfix) with ESMTPSA id 54FDC8808 
for ; Mon, 21 Sep 2020 21:13:53 +0200 (CEST) 
Date: Mon, 21 Sep 2020 14:15:49 -0500 
From: "NANOG"  
To: "Chris Boyd"  
Subject: Chris Boyd 
MIME-Version: 1.0 
Content-Type: multipart/mixed; boundary="--308522813199332622918802174927344" 
X-unconfigured-debian-site-MailScanner-ID: 54FDC8808.AF049 
X-unconfigured-debian-site-MailScanner: Found to be clean 
X-unconfigured-debian-site-MailScanner-From: cb2004...@bristol.lu 
X-Spam-Status: No 


308522813199332622918802174927344 
Content-Type: text/plain; charset=UTF-8 
Content-Transfer-Encoding: quoted-printable 

=0DPlease let me know WHAT ADDRESS TO SEND TO. 





NANOG 


=0DOriginal Message-=0DOn Mon, Sep 21, 2020 at 15:17 Chris Boyd  wrote:=20 
--=20 
This message has been scanned for viruses and 
dangerous content by MailScanner, and is 
believed to be clean. 


308522813199332622918802174927344 
Content-Type: application/msword; name="INV #7565831.doc" 
Content-Transfer-Encoding: base64 
Content-Disposition: attachment; filename="INV #7565831.doc" 

0M8R4KGxGuEA 

Just got this apparently fake NANOG invoice - Looks phishy

[Chris Boyd]

Apparent MS-Word doc attached. Be careful out there.

Return-Path: 
Received: from cross6.lu-visp.net (cross6.lu-visp.net [62.182.179.184])
by lenny.gizmopartners.com (8.14.7/8.14.7) with ESMTP id 08LJIMld018071
for ; Mon, 21 Sep 2020 19:18:25 GMT
Message-Id: <202009211918.08ljimld018...@lenny.gizmopartners.com>
Received: from [161.132.101.74] (unknown [161.132.101.74])
by cross4.lu-visp.net (Postfix) with ESMTPSA id 54FDC8808
for ; Mon, 21 Sep 2020 21:13:53 +0200 (CEST)
Date: Mon, 21 Sep 2020 14:15:49 -0500
From: "NANOG" 
To: "Chris Boyd" 
Subject: Chris Boyd
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--308522813199332622918802174927344"
X-unconfigured-debian-site-MailScanner-ID: 54FDC8808.AF049
X-unconfigured-debian-site-MailScanner: Found to be clean
X-unconfigured-debian-site-MailScanner-From: cb2004...@bristol.lu
X-Spam-Status: No


308522813199332622918802174927344
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

=0DPlease let me know WHAT ADDRESS TO SEND TO.





NANOG


=0DOriginal Message-=0DOn Mon, Sep 21, 2020 at 15:17 Chris Boyd  wrote:=20
--=20
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


308522813199332622918802174927344
Content-Type: application/msword; name="INV #7565831.doc"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="INV #7565831.doc"

0M8R4KGxGuEA

Re: SPAM for nanog@ senders

[Łukasz Bromirski]

Hi Randy,

> On 22 Sep 2020, at 00:14, Randy Bush  wrote:
> 
>> I already taught my SpamAssasin and then deleted them
> 
> :0
> * ^From:.*@csvwebsupport.com
> | /usr/bin/mail -s 'Screw You' dating.supp...@csvwebsupport.com < 
> ~/screw-you.txt

I’m using different technique. I like tarpitting such scums to death.
Record holders keep their SMTP bots connected for weeks ;)

But good old punch in the face works wonders too :)

— 
./

Re: SRv6

[Randy Bush]

james,

> I'm not sure what you're saying here, I never said MPLS VPNs are
> secure, only private. I hope others recognise that they are
> different concepts.

yes, privacy is one aspect of security.  and, as mpls vns are not
private sans encryption, they are not secure.

randy

Re: SPAM for nanog@ senders

[Randy Bush]

> I already taught my SpamAssasin and then deleted them

:0
* ^From:.*@csvwebsupport.com
| /usr/bin/mail -s 'Screw You' dating.supp...@csvwebsupport.com < 
~/screw-you.txt

Re: SRv6

[Greg Shepherd]

Call me old, but I miss the days when this thread was still on the SRv6 rails. 
Can we get back the proper bashing to match this thread title? 

-Shep


> On Sep 21, 2020, at 13:54, James Bensley  wrote:
> 
> 
> 
> On 19 September 2020 03:23:15 BST, Randy Bush  wrote:
>>> Information can be in plaintext and private
>> 
>> Three can keep a secret, if two of them are dead.  -- franklin
>> 
>> i know you truely believe the tunnel k00laid.  the security
>> community does not.
> 
> Hi Randy,
> 
> I'm not sure what you're saying here, I never said MPLS VPNs are secure, only 
> private. I hope others recognise that they are different concepts.
> 
> Cheers,
> James.

Re: SRv6

[James Bensley]

On 19 September 2020 03:23:15 BST, Randy Bush  wrote:
>> Information can be in plaintext and private
>
>Three can keep a secret, if two of them are dead.  -- franklin
>
>i know you truely believe the tunnel k00laid.  the security
>community does not.

Hi Randy,

I'm not sure what you're saying here, I never said MPLS VPNs are secure, only 
private. I hope others recognise that they are different concepts.

Cheers,
James.

Re: SPAM for nanog@ senders

[Łukasz Bromirski]

Job,

I already taught my SpamAssasin and then deleted them, and my
Postfix is no longer taking submission from the IP from which they
were sent - 216.176.196.72.

They seem to be using correct sending host according to SPF
record (host spamtitan.csvwebsupport.com validates using
'dating.supp...@csvwebsupport.com’).

Let me unblock them again and see if they’ll continue doing so,
hopefully I’ll be able to help.

I’m sending this email just to (hopefully) trigger the same
behavior, and will follow up with you separately.

Apologies for the noise for the rest of subscribers.

-- 
Łukasz Bromirski
CCIE R/SP #15929, CCDE #2012::17, PGP Key ID: 0xFD077F6A

Re: SRv6

[Tom Hill]

On 21/09/2020 19:38, Randy Bush wrote:
> newspeak -- 1984

colloquialism
/kəˈləʊkwɪəlɪz(ə)m/

noun: a word or phrase that is not formal or literary and is used in
ordinary or familiar conversation.


-- 
Tom

Re: SRv6

[Randy Bush]

> One thing that is true: not all present or historical definitions
> (or acceptable uses) of the word "private" strictly imply or infer
> privacy.

newspeak -- 1984

Re: SRv6

[Tom Hill]

On 19/09/2020 03:23, Randy Bush wrote:
> i know you truely believe the tunnel k00laid.  the security
> community does not.

At this point, I'm beginning to think that you're trolling us with the
assertion(s) that the 'P' in "Virtual Private Network" has obviously
meant "Privacy" all along, and/or that - as of 2020 - the only suitable
definition of "Private", must now equal "suitably secure".

If you aren't just winding everyone up, then I would say that you're
skirting rather close to the reimagining of SD-WAN. That, or you are
haphazardly musing in a direction that ensures "Encrypted SRv6" will
become the next gigantic pain^Wdraft for the SPRING WG to endur^Wdebate.

One thing that is true: not all present or historical definitions (or
acceptable uses) of the word "private" strictly imply or infer privacy.
One may prefer an alternate history, but you may find more success in
expelling that energy in pursuit of creating a better future.

See/also:

"broadband"
"software defined networks"
"the cloud"

-- 
Tom

Re: Cogent emails

[Rich Kulawiec]

On Mon, Sep 14, 2020 at 12:45:32PM -0400, Dovid Bender wrote:
> Is anyone starting to get the "cogent emails" again?

Reminder: forwarding these sorts of things (with full headers please) to:

nanog-spamm...@firemountain.net

will cause them to be compiled into a list.

---rsk

See what's in store for NANOG 80 Virtual

[NANOG News]

The NANOG Program Committee is preparing a solid program for NANOG 80,
which will take place online October 19-21.

Sessions will be held each day of the conference, from 12pm to 5pm EDT
Monday through Wednesday, and will feature a variety of presentations,
networking sessions, and BoFs on the latest technologies and industry
innovation, plus a Virtual Expo, daily games + prizes, and numerous
opportunities to connect with our community in real time.

Explore the NANOG 80 Highlights page to learn more!

View Highlights 

[NANOG-announce] See what's in store for NANOG 80 Virtual

[NANOG News]

The NANOG Program Committee is preparing a solid program for NANOG 80,
which will take place online October 19-21.

Sessions will be held each day of the conference, from 12pm to 5pm EDT
Monday through Wednesday, and will feature a variety of presentations,
networking sessions, and BoFs on the latest technologies and industry
innovation, plus a Virtual Expo, daily games + prizes, and numerous
opportunities to connect with our community in real time.

Explore the NANOG 80 Highlights page to learn more!

View Highlights 
___
NANOG-announce mailing list
NANOG-announce@nanog.org
https://mailman.nanog.org/mailman/listinfo/nanog-announce

Re: SPAM for nanog@ senders

[Mark Tinka]

On 21/Sep/20 12:47, Łukasz Bromirski wrote:


NANOGers,

Have you got email from 'dating.supp...@csvwebsupport.com’ immediately
after you post to nanog@? First time I thought it’s coincidence, but
today when I got it, it’s hardly one ;)

Topic is '[#WHB-257-41491]: Re: XX’ where  is subject taken
from last e-mail.

I understand there’s need to connect people in hard, COVID times,
but I doubt automated spam sender has good intentions with that regard ;)

So.. somebody is scrapping this list to feed their spamming lists :/


Been happening to me since several weeks into lockdown.

It went by a different name before. Now, it's "Dating". But the chase is 
the same.


Mark.

Re: SPAM for nanog@ senders

[Job Snijders]

Dear Łukasz, others,

Can you please send any suspecious emails (including headers) to
the mailing list admin team at ge...@nanog.org?

We'll try to figure out if it happens through an existing subscription.

Kind regards,

Job
(hat: NANOG geeks)

On Mon, Sep 21, 2020 at 12:51:44PM +0200, Octolus Development wrote:
> I did yeah, annoying.
> 
> 
> Best Regards,
> Octolus
> On 9/21/2020 12:50:54 PM, Łukasz Bromirski  wrote:
> NANOGers,
> 
> Have you got email from 'dating.supp...@csvwebsupport.com’ immediately
> after you post to nanog@? First time I thought it’s coincidence, but
> today when I got it, it’s hardly one ;)
> 
> Topic is '[#WHB-257-41491]: Re: XX’ where  is subject taken
> from last e-mail.
> 
> I understand there’s need to connect people in hard, COVID times,
> but I doubt automated spam sender has good intentions with that regard ;)
> 
> So.. somebody is scrapping this list to feed their spamming lists :/
> 
> —
> ./

Re: SPAM for nanog@ senders

[Octolus Development]

I did yeah, annoying.


Best Regards,
Octolus
On 9/21/2020 12:50:54 PM, Łukasz Bromirski  wrote:
NANOGers,

Have you got email from 'dating.supp...@csvwebsupport.com’ immediately
after you post to nanog@? First time I thought it’s coincidence, but
today when I got it, it’s hardly one ;)

Topic is '[#WHB-257-41491]: Re: XX’ where  is subject taken
from last e-mail.

I understand there’s need to connect people in hard, COVID times,
but I doubt automated spam sender has good intentions with that regard ;)

So.. somebody is scrapping this list to feed their spamming lists :/

—
./

SPAM for nanog@ senders

[Łukasz Bromirski]

NANOGers,

Have you got email from 'dating.supp...@csvwebsupport.com’ immediately
after you post to nanog@? First time I thought it’s coincidence, but
today when I got it, it’s hardly one ;)

Topic is '[#WHB-257-41491]: Re: XX’ where  is subject taken
from last e-mail.

I understand there’s need to connect people in hard, COVID times,
but I doubt automated spam sender has good intentions with that regard ;)

So.. somebody is scrapping this list to feed their spamming lists :/

— 
./

Re: SRv6

[Łukasz Bromirski]

Mark,

> On 20 Sep 2020, at 13:02, Mark Tinka  wrote:
> 
> 
> 
> On 19/Sep/20 22:53, Valdis Kl ē tnieks wrote:
> 
>> Are there any actual countries heading that way?  Seems like most of them 
>> insist
>> they have the ability to snoop unencrypted traffic (where "crypto that has a 
>> baked-in
>> back door" counts as unencrypted).
> 
> Let's not give them a reason.
> 
> The most I've heard (from Africa) is countries making requirements for 
> nominated information to not be stored outside of the country, especially in 
> the U.S, and parts of Europe. To some extent, this has pushed many of the 
> cloud bags to become present in Africa so they can comply, although I'm not 
> sure even sleeping with one eye open counts as being safe in that respect.

I believe right now the only country in the world with enforcing of crypto 
backdoors is Australia[1], which is kind-of crazy. OTOH, they had their own set 
of problems with massive Chinese intelligence penetration.

And we have couple of countries like Russia, obviously China, Turkey(?) that 
insist or either having your data locally, dear content provider, or forbid 
your service to operate at all in given country. Apple, Amazon, Microsoft and 
Google of this world are on a different level of compliance here. As far as I 
know, in most of EU countries, inspecting payload of customer traffic is 
explicitly forbidden by telco laws.

Ah, and there’s cooperation between US and EU about exchanging citizen data, 
which recently was stopped by EU once it become obvious, US was abusing that 
cooperation[2]. That can help potential malicious SP to cross-check and 
correlate user to content across continents.

We’re living in interesting times.

[1]. https://www.cyberscoop.com/australia-encryption-backdoors-law-passes/

[2]. 
https://www.wsj.com/articles/eus-top-court-restricts-personal-data-transfers-to-u-s-citing-surveillance-concerns-11594888385

-- 
Łukasz Bromirski
CCIE R/SP #15929, CCDE #2012::17, PGP Key ID: 0xFD077F6A