Re: New addresses for b.root-servers.net

[Masataka Ohta]

Robert Story wrote:


The commitment to maintain service for 1 year after the new LACNIC
addresses are switched in to the root.hints from IANA does not mean that
this is a cutoff date and that we intend to turn off service on the
older addresses after a year.  We currently have no plans to do so for
the foreseeable future. In fact, the possibility has not even been
suggested or discussed at all.


Such total lack of advance and public discussion and preparation
on a substantial change on critical infrastructure is a serious
problem, I'm afraid.

Masataka Ohta

Spoofer Report for NANOG for May 2023

[CAIDA Spoofer Project]

In response to feedback from operational security communities,
CAIDA's source address validation measurement project
(https://spoofer.caida.org) is automatically generating monthly
reports of ASes originating prefixes in BGP for systems from which
we received packets with a spoofed source address.
We are publishing these reports to network and security operations
lists in order to ensure this information reaches operational
contacts in these ASes.

This report summarises tests conducted within usa, can.

Inferred improvements during May 2023:
ASNName   Fixed-By
2721422023-05-03
2014452023-05-15
11976  FIDN   2023-05-17
136258 ONEPROVIDER2023-05-24

Further information for the inferred remediation is available at:
https://spoofer.caida.org/remedy.php

Source Address Validation issues inferred during May 2023:
ASNName   First-Spoofed Last-Spoofed
209CENTURYLINK-US-LEGACY-QWEST   2016-08-16   2023-05-25
6128   CABLE-NET-1   2016-09-03   2023-05-21
20412  CLARITY-TELECOM   2016-09-30   2023-05-31
25787  ROWE-NETWORKS 2016-10-21   2023-05-31
11427  TWC-11427-TEXAS   2016-10-21   2023-05-23
10796  TWC-10796-MIDWEST 2016-10-24   2023-05-28
271BCNET 2016-10-24   2023-05-27
1403   EBOX  2016-11-12   2023-05-16
852ASN8522017-04-16   2023-05-29
7122   MTS-ASN   2017-05-16   2023-05-31
33452  RW2018-09-19   2023-05-13
398836   2021-03-12   2023-05-30
26231  SFIA-ASN  2021-10-27   2023-05-12
469972021-12-22   2023-05-31
394414 E2WS  2022-05-08   2023-05-31
397086 GLOBAL-FRAG-NETWORKS-HOUSTON  2022-06-16   2023-05-29
12183  TALKIE-COMMUNICATIONS 2022-12-10   2023-05-31
21555  LHTC  2023-01-01   2023-05-26
399852   2023-02-16   2023-05-06
211380   2023-03-15   2023-05-19
964GONET-ASN-17  2023-03-15   2023-05-26
41378  KirinoNET 2023-03-23   2023-05-26
14361  HOPONE-GLOBAL 2023-04-11   2023-05-16
3701   NERONET   2023-04-18   2023-05-31
18615  MAINSTREAM-FIBER  2023-04-30   2023-05-11
272142   2023-05-03   2023-05-03
393577 SCCNET2023-05-03   2023-05-03
13693  NTS-ONLINE2023-05-05   2023-05-27
21623  SPACELINK 2023-05-07   2023-05-07
202400   2023-05-08   2023-05-15
14288  MPINET2023-05-12   2023-05-12
237MERIT-AS-14   2023-05-17   2023-05-17
46690  SNET-FCC  2023-05-20   2023-05-27

Further information for these tests where we received spoofed
packets is available at:
https://spoofer.caida.org/recent_tests.php?country_include=usa,can_block=1

Please send any feedback or suggestions to spoofer-i...@caida.org

[NANOG-announce] Beyond N88: Things to Do + See + Free Yoga + AWS Skills Training Course

[Nanog News]

*Countdown to NANOG 88*
*88th Community-Wide Meeting will Kick Off Monday!*

In four days, NANOG 88 will occur virtually + in person in Seattle, Wa.
Have you synced your calendar yet to the NANOG 88 agenda? There's still
time to register! Check out our keynote speaker, NANOG Socials, hotel
information, + more.

*MORE INFO *

*Beyond N88: Things to Do + See in Seattle*
*Engineer Approved List for Having a Good Time*

When not listening to groundbreaking talks or connecting with industry
heroes at NANOG 88, try finding your gold pot in the Emerald City.

Check out these community recommendations to expand your learning beyond
the conference or stimulate your imagination.

*READ MORE * 

*Free Yoga for NANOG 88 Attendees!  *
*Join Us Monday, Tuesday, Wednesday Mornings On-Site *

Are you an introvert? Yoga is an excellent way to ground and center
yourself before a jam-packed day of stimulation and socializing.

It is limited to 10 students per day and conveniently located on-site.
Urban Yoga Spa will host the free mindful morning practice.

*MORE INFO * 

*AWS Presents Free Day Courses After NANOG 88*
*AWS Cloud Practitioner Certification for NANOG 88 Attendees*

Have you got a few extra days in Seattle?

Join us at the Amazon Web Services (AWS) Skills Center and train to become
a certified Cloud Practitioner.

*REGISTER NOW   *

___
NANOG-announce mailing list
NANOG-announce@nanog.org
https://mailman.nanog.org/mailman/listinfo/nanog-announce

Beyond N88: Things to Do + See + Free Yoga + AWS Skills Training Course

[Nanog News]

*Countdown to NANOG 88*
*88th Community-Wide Meeting will Kick Off Monday!*

In four days, NANOG 88 will occur virtually + in person in Seattle, Wa.
Have you synced your calendar yet to the NANOG 88 agenda? There's still
time to register! Check out our keynote speaker, NANOG Socials, hotel
information, + more.

*MORE INFO *

*Beyond N88: Things to Do + See in Seattle*
*Engineer Approved List for Having a Good Time*

When not listening to groundbreaking talks or connecting with industry
heroes at NANOG 88, try finding your gold pot in the Emerald City.

Check out these community recommendations to expand your learning beyond
the conference or stimulate your imagination.

*READ MORE * 

*Free Yoga for NANOG 88 Attendees!  *
*Join Us Monday, Tuesday, Wednesday Mornings On-Site *

Are you an introvert? Yoga is an excellent way to ground and center
yourself before a jam-packed day of stimulation and socializing.

It is limited to 10 students per day and conveniently located on-site.
Urban Yoga Spa will host the free mindful morning practice.

*MORE INFO * 

*AWS Presents Free Day Courses After NANOG 88*
*AWS Cloud Practitioner Certification for NANOG 88 Attendees*

Have you got a few extra days in Seattle?

Join us at the Amazon Web Services (AWS) Skills Center and train to become
a certified Cloud Practitioner.

*REGISTER NOW   *

Re: New addresses for b.root-servers.net

[Robert Story]

On Wed 2023-06-07 15:34:12-0700 Matthew wrote:
> If the goal is increased robustness by having addresses present from a
> different RIR, wouldn't it make this whole tempest in a teapot moot
> if, instead of *reunubering*, you simply *added* a second set of IPs,
> but continued to answer queries on the original addresses as well?

Hi Matt,

That is exactly what we've done. We are currently answering requests on
the new LACNIC addresses, the current ARIN address which we renumbered
to in 2017, and even the addresses from before that (cerca 2004). 

The commitment to maintain service for 1 year after the new LACNIC
addresses are switched in to the root.hints from IANA does not mean that
this is a cutoff date and that we intend to turn off service on the
older addresses after a year.  We currently have no plans to do so for
the foreseeable future. In fact, the possibility has not even been
suggested or discussed at all.

In short: Keep calm, and query on. :-)


Regards,
--
Robert Story 
USC Information Sciences Institute 
Networking and Cybersecurity Division

Re: New addresses for b.root-servers.net

[Masataka Ohta]

Mark Andrews wrote:


It announces itself to an address which remains under the control of
USC/ISI the current and on going root server operator for b.root-servers.net.
So apart from leaking that the root hints have not been updated I don’t
see a big risk here.  The address block, as has been stated, is in a reserved
range for critical infrastructure and, I suspect, has special controls placed
on it by ARIN regarding its re-use should USC/ISI ever release it / cease to
be a root-server operator.  I would hope that ARIN and all the RIRs have
the list of current and old root-server addresses and that any block that
are being transferred that have one of these addresses are flagged for
special consideration.


I'm afraid that "old root-server addresses" will not
be considered for "critical infrastructure" at least
by those people who can't see operational difficulties
to change the addresses.

Masataka Ohta