Re: Spamhaus flags any IP announced by our ASN as a criminal network

[Tim Burke]

Have you received complaints from Spamhaus in the past? If so, have you acted 
on them in a timely manner?

Based on my past experiences, Spamhaus is rather gracious at first, but if you 
ignore them, they will start blocking you en masse. About 10 years ago, I 
worked for a datacenter/NSP and personally handled all Spamhaus complaints, and 
as soon as I left to go to another company (and the company stopped taking care 
of the complaints), Spamhaus blocked every single one of their IPs until they 
committed to actually handling the complaints again.

V/r
Tim


On Mar 18, 2023, at 8:57 AM, Brandon Zhi  wrote:

Hello guy,

We recently discovered that any IP address announced by our ASN is blacklisted 
by Spamhaus, even if we only announced it but not use it.

I would like to ask if this is manually set by Spamhaus or is the system 
misjudgment? Has anyone encountered the same situation as us?


Best,

Brandon Zhi
HUIZE LTD
www.huize.asia  | www.ixp.su | Twitter

This e-mail and any attachments or any reproduction of this e-mail in whatever 
manner are confidential and for the use of the addressee(s) only. HUIZE LTD 
can’t take any liability and guarantee of the text of the email message and 
virus.

Re: Verizon/Qwest single end-user difficulty vs Xfinity

[Matthew Petach]

On Sat, Mar 18, 2023 at 12:52 PM Jeff Woolsey  wrote:

> Verizon 5G Internet Support is not at a high-enough pay grade to assess
> this problem...  So I'm turning to y'all.
>
> I'm trying to save $$$ and increase speed, using Verizon 5G Home
> Internet to replace XFinity, even though they gave me a faster modem a
> few weeks ago.  I run both of the modems in Bridge/Passthrough mode.
>

Uh...there's a pretty big difference between "Bridge" and "IP Passthrough";

I suspect you're actually running IP Passthrough, *not* bridge, and therein
may lie your problem.

In Bridge mode, the CPE acts as a layer 2 device, and by and large does not
get involved in layer 3 politics.

In IP Passthrough mode, the CPE is the layer 3 termination point for the IP
address; it looks at the five tuple to determine if the packet is one that
*it*
needs to accept (management traffic from the ISP to the CPE), in which case
it is handed to the CPE CPU to process locally; otherwise, the destination
MAC
is altered to the customer's router MAC address, and the frame is re-sent
out
the LAN side towards the customer's router.

Because the CPE is the initial termination point for the layer 3 connections
in IP Passthrough mode, you have two points of possible interaction:
1) you should make sure any and all firewall settings, content filters, and
ALGs are disabled on the CPE, as they will still block traffic from being
passed through
and
2) any port/protocol tuple on the CPE that is used for managing the device
from the ISP end *cannot* be passed through to the customer router, as it
will be intercepted and terminated on the CPE CPU locally.

So--if you've turned off every family filter option, every firewall rule,
and ALG, and you still can't reach that port,
I suspect you're trying to use a port that is one that the ISP uses for
managing their CPE devices, such as TCP 7547.
Try switching to a different port number, and see if your connection works
as expected.
For more exhaustively in-depth details of what 5-tuples your CPE in IP
Passthrough will ingest upstream of you,
I refer you to
https://www.broadband-forum.org/download/TR-069_Amendment-5.pdf
specificially sections 3.2.2 and Annex K, starting on page 185.

Best of luck!

Matt

Re: Land Mobile Radio (LMR) for Information Technology (IT) Professionals

[William Herrin]

On Sun, Mar 19, 2023 at 2:11 PM J. Hellenthal via NANOG  wrote:
> Is there anything beyond this that really adds any real substantial value ?

I would add that mesh networks behave differently than networks where
there's a well defined base station (like a wifi access point). Mesh
networks tend to suffer very sharp congestion collapse behavior far,
far short of the theoretical maximum throughput.

Regards,
Bill Herrin


-- 
For hire. https://bill.herrin.us/resume/

Re: Land Mobile Radio (LMR) for Information Technology (IT) Professionals

[J. Hellenthal via NANOG]

CISA always 6 pages long and full of catchy words.

Is there anything beyond this that really adds any real substantial value ?

-- 
 J. Hellenthal

The fact that there's a highway to Hell but only a stairway to Heaven says a 
lot about anticipated traffic volume.

> On Mar 17, 2023, at 11:59, Sean Donelan  wrote:
> 
> 
> IT professionals are often tasked with planning, provisioning, implementing, 
> and managing LMR networks with the assumption that all computer networks are 
> basically the same and have the same general requirements. However, in some 
> cases this assumption has resulted in LMR networks being inadequately 
> provisioned, resourced, and managed or maintained. While each system is a 
> network, significant differences between the two must be considered to 
> address the infrastructure, planning, and lifecycle needs of typical IT 
> networks versus the unique requirements of LMR networks.
> 
> https://www.cisa.gov/news-events/news/safecom-and-ncswic-develop-land-mobile-radio-lmr-information-technology-it-professionals

ElastiFlow Getting Started?

[Mike Hammett]

Does anyone know of a getting started guide for the latest release of 
ElastiFlow? I went the docker path because I recall setting up a system before 
that had a lot of work with dependencies and getting things tied together. 


I got it installed and it seems to run without error, but there's nothing 
telling me how to actually access the UI. Something is listening on port 8080, 
but it just gives me a 404. That seems to be pertinent to the API, which I 
don't care about at this time. That seems like low hanging fruit that the 
documentation misses. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

Re: RFC6598 100.64/10: to bogon or not to bogon (team-cymru et all)

[Rabbi Rob Thomas]

Happy Sunday, NANOG!

We’ve made several updates to our sundry Bogon pages and feeds, with some 
variation of the following caveat. We’re always keen to add clarity and 
updates, so please feel free to reach out.


https://www.team-cymru.com/bogon-networks

Bogon filtering should be undertaken only if the impacts are well-understood. 
These are not simple filters, and can have adverse impacts if improperly 
applied. In particular, please consult RFC6598 regarding 100.64.0.0/10. It’s 
important that you know your network, and that any planned filters are 
rigorously tested before adoption. These filters may be more applicable to some 
devices, such as gear that functions as a border router, than other devices.


Be well,
Rabbi Rob.
—
Rabbi Rob Thomas  Team Cymru
 "It is easy to believe in freedom of speech for those with whom we
  agree.”  - Leo McKern



signature.asc
Description: Message signed with OpenPGP

Re: Spamhaus flags any IP announced by our ASN as a criminal network

[William Herrin]

On Sat, Mar 18, 2023 at 10:35 PM Brandon Zhi  wrote:
> We even haven't started to use, we just announced that... They marked it's a 
> criminal network

They do that once they decide you've been broadly inattentive to abuse
reports. It stops folks from shuffling IP addresses to evade
filtering.

>>> I would like to ask if this is manually set by Spamhaus or is the system 
>>> misjudgment? Has anyone encountered the same situation as us?

As I understand it, most things at Spamhaus are manual determinations.
You click on "show details" and they give you a list of timestamped
report IDs, each with a 1-line description of the reviewer's
assessment of the fault.

Re: Spamhaus flags any IP announced by our ASN as a criminal network

[Karsten Thomann via NANOG]

afaik, spamhaus starts to mark a whole AS as criminal, if there is to 
much abuse.
It seems you've reached the point that they ignore specific prefixes and 
set every prefix you are advertising as criminal.


Am 19.03.2023 um 06:35 schrieb Brandon Zhi:

However, for those prefixes

https://www.spamhaus.org/sbl/listings/azeronline.net

We even haven't started to use, we just announced that... They marked 
it's a criminal network



On 2023年3月19日周日 上午4:26 Tom Beecher  wrote:

Given the list of things on these two prefixes alone, I would
venture to guess it's not a misjudgement.

https://check.spamhaus.org/listed/?searchterm=5.178.2.1
https://check.spamhaus.org/listed/?searchterm=80.66.64.1



On Sat, Mar 18, 2023 at 3:47 PM Brandon Zhi 
wrote:

Hello guy,

We recently discovered that any IP address announced by our
ASN is blacklisted by Spamhaus, even if we only announced it
but not use it.

I would like to ask if this is manually set by Spamhaus or is
the system misjudgment? Has anyone encountered the same
situation as us?


Best,

*Brandon Zhi*
HUIZE LTD

www.huize.asia | www.ixp.su
 | Twitter


This e-mail and any attachments or any reproduction of this
e-mail in whatever manner are confidential and for the use of
the addressee(s) only. HUIZE LTD can’t take any liability and
guarantee of the text of the email message and virus.

Re: Spamhaus flags any IP announced by our ASN as a criminal network

[Brandon Zhi]

However, for those prefixes

https://www.spamhaus.org/sbl/listings/azeronline.net

We even haven't started to use, we just announced that... They marked it's
a criminal network


On 2023年3月19日周日 上午4:26 Tom Beecher  wrote:

> Given the list of things on these two prefixes alone, I would venture to
> guess it's not a misjudgement.
>
> https://check.spamhaus.org/listed/?searchterm=5.178.2.1
> https://check.spamhaus.org/listed/?searchterm=80.66.64.1
>
>
>
> On Sat, Mar 18, 2023 at 3:47 PM Brandon Zhi  wrote:
>
>> Hello guy,
>>
>> We recently discovered that any IP address announced by our ASN is
>> blacklisted by Spamhaus, even if we only announced it but not use it.
>>
>> I would like to ask if this is manually set by Spamhaus or is the system
>> misjudgment? Has anyone encountered the same situation as us?
>>
>>
>> Best,
>>
>> *Brandon Zhi*
>> HUIZE LTD
>>
>> www.huize.asia  | www.ixp.su | Twitter
>>
>>
>> This e-mail and any attachments or any reproduction of this e-mail in
>> whatever manner are confidential and for the use of the addressee(s) only.
>> HUIZE LTD can’t take any liability and guarantee of the text of the email
>> message and virus.
>>
>

Re: Verizon/Qwest single end-user difficulty vs Xfinity (was Re: NANOG Digest, Vol 182, Issue 14)

[Tom Daly]

Jeff,

Since you are using bridge mode, try adjusting down the MTU supported
through the network. We have observed that a realistic MTU for Verizon 5G
home internet is about 1428 bytes.

Good luck,

Tom




On Sun, Mar 19, 2023 at 8:00 AM  wrote:

> Send NANOG mailing list submissions to
> nanog@nanog.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://mailman.nanog.org/mailman/listinfo/nanog
> or, via email, send a message with subject or body 'help' to
> nanog-requ...@nanog.org
>
> You can reach the person managing the list at
> nanog-ow...@nanog.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of NANOG digest..."
>
>
> Today's Topics:
>
>1. Spamhaus flags any IP announced by our ASN as a criminal
>   network (Brandon Zhi)
>2. Verizon/Qwest single end-user difficulty vs Xfinity (Jeff Woolsey)
>3. Re: Spamhaus flags any IP announced by our ASN as a criminal
>   network (Tom Beecher)
>4. Re: Verizon/Qwest single end-user difficulty vs Xfinity
>   (Darin Steffl)
>5. Re: Verizon/Qwest single end-user difficulty vs Xfinity (Joe)
>
>
> --
>
> Message: 1
> Date: Sat, 18 Mar 2023 14:57:12 +0100
> From: Brandon Zhi 
> To: nanog@nanog.org
> Subject: Spamhaus flags any IP announced by our ASN as a criminal
> network
> Message-ID:
> <
> caayzddeau48oynga6xgwrsijbvf9liwlhve5ono3y+8faus...@mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hello guy,
>
> We recently discovered that any IP address announced by our ASN is
> blacklisted by Spamhaus, even if we only announced it but not use it.
>
> I would like to ask if this is manually set by Spamhaus or is the system
> misjudgment? Has anyone encountered the same situation as us?
>
>
> Best,
>
> *Brandon Zhi*
> HUIZE LTD
>
> www.huize.asia  | www.ixp.su | Twitter
>
>
> This e-mail and any attachments or any reproduction of this e-mail in
> whatever manner are confidential and for the use of the addressee(s) only.
> HUIZE LTD can?t take any liability and guarantee of the text of the email
> message and virus.
> -- next part --
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.nanog.org/pipermail/nanog/attachments/20230318/3e9aa32f/attachment-0001.html
> >
>
> --
>
> Message: 2
> Date: Fri, 17 Mar 2023 18:32:53 -0700
> From: Jeff Woolsey 
> To: nanog@nanog.org
> Subject: Verizon/Qwest single end-user difficulty vs Xfinity
> Message-ID: <8c539894-c5ee-e01c-08a1-5a72c0037...@jlw.com>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> Verizon 5G Internet Support is not at a high-enough pay grade to assess
> this problem...? So I'm turning to y'all.
>
> I'm trying to save $$$ and increase speed, using Verizon 5G Home
> Internet to replace XFinity, even though they gave me a faster modem a
> few weeks ago.? I run both of the modems in Bridge/Passthrough mode.
>
> A friend of mine is nice enough to offer some offsite backup space, and
> I use rsync over ssh to get there.? He's 1500 miles away.? He uses a
> non-standard ssh port (keeps the doorknob twisters away).?? This sort of
> thing has been working without difficulty over Xfinity (my end) for
> years.? He also changed his connection almost a month ago now, to Qwest,
> I believe.
>
> I try the same thing over Verizon [1] and ssh always times out, no
> response.? We are also NTP peers, and that doesn't work well over
> Verizon either. ICMP traceroutes and pings succeed.? UDP traceroutes do
> not get any further than 207.109.3.78 (last hop before destination) .?
> Not every traceroute offers TCP, but MacOS does, and nothing responds to
> any of that, even at the usual ssh port.? UDP traceroutes to either port
> behave like an ordinary one, which it is.
>
> Since I can get there via xfinity, I can traceroute, ping, but not ssh
> back through Verizon.
>
> I also set up an incoming (xfinity) port from the same non-standard ssh
> port forwarding to regular ssh on a different system on my LAN, and when
> I ssh -p ? that from Verizon (even cellphone data),? I get that
> other system, and that works fine.? The 207... router is not in that path.
>
> I can also ping the Verizon connection from Xfinity (and vice versa).
>
> Go figure.
>
> [1] This same difficulty occurs in Verizon's Looking Glass, from several
> different places, and other Looking Glasses (e.g. Cogent, Equinix).? It
> also occurs on my Verizon phone data connection (not WiFi).? If he were
> serving more stuff out of his home, this would be a bigger problem.
>
>
> --
> Jeff Woolsey {woolsey,jlw}@{jlw,jxh}.com first.last@{gmail,jlw}.com
> Spum bad keming.
> Nature abhors a straight antenna, a clean lens, and empty storage.
> "Delete! Delete! OK!" -Dr. Bronner on disk space management
> "Card sorting, Joel." -me, re Solitaire
>
>
>
>