Re: Dropping support for the .ru top level domain

[Alexander Maassen]

 Kind regards,Alexander Maassen
 Oorspronkelijk bericht Van: brian.john...@netgeek.us Datum: 
15-03-2022  15:08  (GMT+01:00) Aan: Patrick Bryant  Cc: 
"nanog@nanog.org list"  Onderwerp: Re: Dropping support for 
the .ru top level domain I think you need to understand that these actions will 
only prolong the situation and likely make things worse. Less info is always 
worse than more.- BrianOn Mar 15, 2022, at 4:07 AM, Patrick Bryant 
 wrote:I propose dropping support of the .ru domains as an 
alternative to the other measures discussed here, such as dropping Russian ASNs 
-- which would have the counterproductive effect of isolating the Russian 
public from western news sources. Blocking those ASNs would also be futile as a 
network defense, if not implemented universally, since the bad actors in Russia 
usually exploit proxies in other countries as pivot points for their attacks. 
Preventing the resolution of the .ru TLD would not impact the Russian public's 
ability to resolve and access all other TLDs. As I noted, there are 
countermeasures, including Russia standing up its own root servers, but there 
are two challenges to countermeasure: 1) it would require modifying evey hints 
file on every resolver within Russia and, 2) "other measures" could be taken 
against whatever servers Russia implemented as substitutes. Dropping support 
for the .ru TLD action may incentivize the Russian State to bifurcate its 
national network, making it another North Korea, but that action is already 
underway. Other arguments are political, and I do not presume to set 
international political policy. I only offer a technical opinion, not a 
political one. The legalistic arguments of maintaining treaties is negated by 
the current state of war.On Tue, Mar 15, 2022 at 2:29 AM Fred Baker 
 wrote:My viewpoint, and the reason I recommended 
against it, is that it gives Putin something he has wanted for a while, which 
is a Russia in which he is in control of information flows. We do for him what 
he has wanted for perhaps 20 years, and come out the bad guys - “the terrible 
west gut us off!”.  I would rather have people in Russia have information flows 
that have a second viewpoint other than the Kremlin’s. I have no expectation 
that it will get through uncensored, but I would rather it was not in any sense 
“our fault” and therefore usable by Putin’s propaganda machine.Sent from my 
iPadOn Mar 14, 2022, at 2:14 PM, Brian R  wrote:






I can understand governments wanting this to be an option but I would let them 
do blocking within their countries to their own people if that is their desire. 
 This is another pandoras box.  Its bad enough that some countries control this 
already to block free
 flow of information.

If global DNS is no longer trusted then many actors will start maintaining 
their own broken lists (intentionally or unintentionally).


This will not stop Russia, they will just run their own state sponsored DNS 
servers.  We can imagine what else might be implemented on that 
concept...Countries or users that still want access will do the same with 
custom DNS servers.
This will take us down another path of no return as a global standard that is 
not political or politically controlled.
The belief that the internet is open and free (as much as possible) will be 
broken in one more way.
This will also accelerate the advancement of crypto DNS like NameCoin (Years 
ago I liked the idea but I don't know how it is being run anymore.) or 
UnstoppableDomains
 for example.   Similar to what is starting to happen to central banking as 
countries start shutting down bank accounts for political reasons.


I am glad to see soo many people on here and many of the organizations running 
these services state as much.




Brian








From: NANOG  on behalf of 
Patrick Bryant 
Sent: Saturday, March 12, 2022 2:47 AM
To: nanog@nanog.org 
Subject: Dropping support for the .ru top level domain
 


I don't like the idea of disrupting any Internet service. But the current 
situation is unprecedented.


The Achilles Heel of general public use of Internet services has always been 
the functionality of DNS. 


Unlike Layer 3 disruptions, dropping or disrupting support for the .ru TLD can 
be accomplished without disrupting the Russian population's ability to access 
information and services in the West.


The only countermeasure would be the distribution of Russian national DNS zones 
to a multiplicity of individual DNS resolvers within Russia. Russian operators 
are in fact implementing this countermeasure, but it is a slow and arduous 
process, and it will
 entail many of the operational difficulties that existed with distributing 
Host files, which DNS was implemented to overcome. 


The .ru TLD could be globally disrupted by dropping the .ru zone from the 13 
DNS root servers. This would be the most effective action, but would require an 
authoritative consensus. One level down in DNS 

Compromized modems in Thai IP Space

[Alexander Maassen]

Hello folks,

Before you shoot me with 'wrong mailing list' replies, believe me, I
tried, THNOG is dead, APNIC ain't responding either and the ISP's over
there don't seem to care much. And I've been looking at this situation for
over 2 years now since first incident. I simply hope that with the
contacts you folks have due to your professions to be able to help.

So, I came across this botnet which decided to pick my IRC network as
control center, and I have been digging into them. It turns out that in
Thailand, people can easily get cloned modems in order to internet for
'free', it simply boils down to mac cloning, so let me spare you the
details. The problem is that these modems also carry a digital STD in the
form of additional botnet code, allowing the controllers to do, well,
botnet stuff.

I disabled their ability to control by glining everything on join to the
control channel, and since I am maintainer of DroneBL, add them to the
blacklist. Doing that for 2+ years now. The amount of removal requests
because people no longer are able to play on cncnet is amazing.

My question here kinda is, how to permanently get rid of this evil in an
effective way, and who to contact? (yes, I tried to get through to NOC's
of the affected providers), or could perhaps someone be so nice to use one
of their contacts in Thailand to speed things up?

Kind regards,

Alexander Maassen
Maintainer DroneBL

Lots of compromized routers found in thailand

[Alexander Maassen]

Hi all,

I know this would belong in THNOG, but since their email turns out to be
unroutable, and APNIC never replied to a ticket I filed a week ago, I
hope some thai network operators are listening here as well. (True's IRT
team contact has however been established already)

Since a week I've seen a lot of compromized connections on my personal
IRC net from network ranges owned by asiasnet.co.th, 3bb.co.th,
totbb.co.th and ais.co.th (and probably others). The issue seems to be
limited to TH space at the moment.

After investigating some of those bots ip sources, it turns out they all
are from clients with routers that have the admin port open to everyone
and the routers have the default login (BAD BAD BAD). ACS url's have
been changed to http://255.255.255.255. New connections arrive in an
estimate of 1 every 3 minutes at the moment. All connections found being
affected will and have been added to my dnsbl (dronebl) as type 15
(compromized router/127.0.0.15), if you need a list, contact me off list
with your AS number in order to get a dump.

Kind regards,

Alexander Maassen
Maintainer DroneBL



pEpkey.asc
Description: application/pgp-keys

Proofpoint

[Alexander Maassen]

Could someone from proofpoint contact me regarding the return of the issue
mentioned at https://dronebl.org/blog/35, because it seems that still has
not been fixed.

Re: Avast / Privax abuse contact

[Alexander Maassen]

try srboljub.bosn...@avast.com . contacted us recently regarding a hidemyass 
vpn ip we have listed. btw, if you folks want to do more with such abusers, i 
could hook you up with us.


Kind regards,
Alexander Maassen
- Maintainer DroneBL- Peplink Certified Engineer
 Oorspronkelijk bericht Van: Matt Harris  
Datum: 01-08-18  19:11  (GMT+01:00) Aan: North American Network Operators' 
Group  Onderwerp: Avast / Privax abuse contact 
Anybody know anyone at or anything about Privax or Avast?  AS 198605 is
announcing the problem networks.

Getting a ton of SIP brute force attacks from their space, and emails with
addresses/timestamps to the abuse contacts listed at RIRs/etc have not
yieled any responses.  Attacks still coming.

Thanks!

Re: Letsencrypt

[Alexander Maassen]

thanks to all replies both public and offlist about the issue being
fixed now, no more replies needed regarding that, only perhaps if you
know how and why this happened ;)


pEpkey.asc
Description: application/pgp-keys

Letsencrypt

[Alexander Maassen]

As most of you noticed, the domain letsencrypt.org is on clientHold,
does anyone have more information as of why this is the case ?


pEpkey.asc
Description: application/pgp-keys

Re: Anyone else blacklisted this morning by rbl.iprange.net?

[Alexander Maassen]

As the message said, they use this to force mx admins to remove their entry to 
stop hammering. I remember other lists did the same. Contact the remote mx 
admin in order to get this fixed.

> Op 2 jan. 2018 om 17:57 heeft Dann Schuler  het 
> volgende geschreven:
> 
> We had a Charter IP address we don’t actually send email from (it is a backup 
> line that would only send mail if our primary line was down) Blacklisted by 
> these guys at 10:50am EST on 1/1/18, then removed at 3:34pm EST on 1/1/18.
> 
> MXToolBox alerted us to it, I ran a manual check on their portal, which is 
> supposed to be http://iprange.net/rbl/lookup/  but redirects to 
> https://realtimeblacklist.com/lookup/ and it came back not listed.  Since it 
> was a line I knew we were not mailing from anyways I figured I would just 
> deal with it in the morning, but it had cleared itself up by then.
> 
> First time I had ever even heard of this one.
> 
> Good luck!
> 
> 
> 
> -Original Message-
> From: NANOG [mailto:nanog-bounces+dannschuler=hotmail@nanog.org] On 
> Behalf Of Mel Beckman
> Sent: Tuesday, January 2, 2018 11:46 AM
> To: nanog@nanog.org
> Subject: Anyone else blacklisted this morning by rbl.iprange.net?
> 
> I woke up this morning to a barrage of complaints from users that our mail 
> servers' outbound emails are bouncing due to a blacklisting. Sure enough, 
> mxtoolbox.com
>  reports that 
> rbl.iprange.net
>  has blacklisted us for more than a day. However, looking up our address on 
> the 
> rbl.iprange.net
>  lookup webpage shows we're NOT listed. But a check of the RBL's DNS shows 
> that we are. Then I found this on the 
> rbl.iprange.net
>  owner's website ():
> 
> "rbl.iprange.net
>  (is offline since 01-01-2018) please replace it with 
> rbl.realtimeblacklist.com
> rbl.iprange.net
>  will mark every ip address as listed to force removal of this server."
> 
> What the heck? I've tried contacting 
> realtimeblacklisk.com,
>  but they're in the Netherlands and apparently fast asleep (in more ways than 
> one, it seems).
> 
> -mel beckman

Re: Contact at Proofpoint?

[Alexander Maassen]

ecarbo...@proofpoint.com


Kind regards,
Alexander Maassen
- Maintainer DroneBL- Peplink Certified Engineer
 Oorspronkelijk bericht Van: John Morrissey <j...@horde.net> 
Datum: 03-10-17  23:19  (GMT+01:00) Aan: nanog@nanog.org Onderwerp: Contact at 
Proofpoint? 
Anyone have a clueful contact at Proofpoint?

One of our e-mail domains is being blackholed by their products, and
we're striking out via normal channels.

-john

Re: Vendors spamming NANOG attendees

[Alexander Maassen]

the discussion about the external spam kinda exceeds the volume of the spam 
itself. just my 2 cents.
just block, delete, continue life

Kind regards,
Alexander Maassen
- Technical Maintenance Engineer Parkstad Support BV- Maintainer DroneBL- 
Peplink Certified Engineer

 Oorspronkelijk bericht Van: b...@theworld.com Datum: 15-06-17  
20:09  (GMT+01:00) Aan: Dan Hollis <goe...@sasami.anime.net> Cc: Niels Bakker 

Re: Please run windows update now

[Alexander Maassen]

Hail backups, and whoever keeps those ports accessible to the outside
without a decent ACL in the firewall, or restricting it to (IPsec) VPN's
should be shot on sight anyways.

On Fri, May 12, 2017 7:35 pm, Ca By wrote:
> This looks like a major worm that is going global
>
> Please run windows update as soon as possible and spread the word
>
> It may be worth also closing down ports 445 / 139 / 3389
>
> http://www.npr.org/sections/thetwo-way/2017/05/12/528119808/large-cyber-attack-hits-englands-nhs-hospital-system-ransoms-demanded
>

Nanog Politics [was: Re: Eisenach & the FCC - was: [Re: Here we go again.]]

[Alexander Maassen]

Whether it's politics, non-politics, related, offtopic, whatever. It has
been discussed in here for lengths and overlengths. This one is no
different. And hey, rules exist to be bend >:-)

Second, the content of the topic will affect ALL of us, whether you are an
ISP, simple admin/tech or anyone else watching and participating on this
list as it discusses changes that are to be expected getting a new
president with his new associates who probably only looks at the cashflow
without having any clue about the technical difficulties and problems they
will cause.

In all the time I am monitoring nanog know, there is one thing I learned:
If you don't like it, simply move it to /dev/null and ignore the contents.

On Sun, November 13, 2016 11:01 pm, Mel Beckman wrote:
> Rod,
>
> I respectfully disagree. This is discussing politics, not the "operational
> and technical issues" of NANOG's charter.
>
> There are other venues for politics. NANOG's AUP prohibits political
> discussions.
>
>  -mel
>
> On Nov 13, 2016, at 1:42 PM, Rod Beck
> >
> wrote:
>
>
> Public policy affecting networks is a legitimate topic. Net neutrality has
> been discussed countless times on this board with no objection from
> anybody.
>
>
> Regards,
>
>
> Roderick.
>
>
> 
> From: NANOG > on
> behalf of Mel Beckman >
> Sent: Sunday, November 13, 2016 10:37 PM
> To: sur...@mauigateway.com
> Cc: nanog@nanog.org
> Subject: Re: Eisenach & the FCC - was: [Re: Here we go again.]
>
> Before this snowball gets any bigger, I would like to reiterate the
> previous commenter calling for this present political discussion to move
> elsewhere. Here's the NANOG AUP we've all agreed to:
>
>
>
> NANOG Acceptable Use Policy
>
> * Discussion will focus on Internet operational and technical issues as
> described in the charter of NANOG.
> Current Charter | North American Network Operators
> Group
> www.nanog.org
> As amended October 6, 2010. 1. Preamble. The North American Network
> Operators' Group (NANOG) exists to promote dialog between people
> concerning the creation ...
>
>
>
> * Postings of issues inconsistent with the charter are prohibited.
>
> * Postings of political, philosophical, and legal nature are prohibited.
>
>
>
> You don't have to go home, but you can't stay here.
>
>  -mel
>
> On Nov 13, 2016, at 12:49 PM, Scott Weeks
> >
> wrote:
>
>
>
> ---
> jfmezei_na...@vaxination.ca
> wrote:
>
> The president elect chose Mr Eisenach to help fill jobs in FCC
> and other telecom areas of govt.
> 
>
>
>
> That'll have impact on ops, if some of the papers are correct.
> Briefly:
>
>
> https://www.engadget.com/2016/11/09/under-trump-the-future-of-net-neutrality-and-broadband-is-uncert
> [https://s.aolcdn.com/dims5/amp:a6317e0b93421c087f056ab209b700d98a021849/t:1200,630/q:80/?url=https%3A%2F%2Fs.aolcdn.com%2Fdims-shared%2Fdims3%2FGLOB%2Fcrop%2F4666x2539%2B0%2B0%2Fresize%2F1600x871%21%2Fformat%2Fjpg%2Fquality%2F85%2Fhttps%3A%2F%2Fs.aolcdn.com%2Fhss%2Fstorage%2Fmidas%2F914aeeebf580a22eca2109764d528600%2F204549332%2F2d3a00d2e6d34d28a309ce5a6622451b.jpeg]
>
> Under Trump the future of Net Neutrality and broadband is
> uncertain
> www.engadget.com
> On January 20th, Donald Trump will be sworn in as president of the United
> States. With a Republican-controlled House and Senate behind him, things
> in this count...
>
>
>
> "Eisenach has made a career out of crusading against industry
> regulation"
>
> "...authored several papers and op-ed pieces that were funded by
> Net Neutrality opponents ..."
>
>
>
> http://www.businessinsider.com/donald-trump-fcc-net-neutrality-zero-rating-policy-future-2016-11
>
> "The Economics of Zero Rating." In it, Eisenach defends the concept,
> writing that "broad-based bans or restrictions on zero-rating plans
> are likely to be counterproductive and harm consumer welfare."
>
>
>
> Interesting times ahead...
>
>
> scott
>

Re: Dyn DDoS this AM?

[Alexander Maassen]

Remember ping packets containing +++ATH0 ?
Kind regards,
Alexander Maassen
- Technical Maintenance Engineer Parkstad Support BV- Maintainer DroneBL- 
Peplink Certified Engineer

 Oorspronkelijk bericht Van: Alain Hebert <aheb...@pubnix.net> 
Datum: 21-10-16  23:37  (GMT+01:00) Aan: nanog@nanog.org Onderwerp: Re: Dyn 
DDoS this AM? 
    Just a FYI,

    That "horrific trend" has been happening since some techie got
dissed on an IRC channel over 20 years ago.

    He used a bunch of hosted putters to ICMP flood the IRC server.

    Whatever the community is behind, until the carriers decide to wise
up this will keep happening, that is without talking about the
industries being developed around DDoSes events.

    Enjoy your weekend. ( I ain't on call anymore anyway =D )

-
Alain Hebert    aheb...@pubnix.net   
PubNIX Inc.    
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911  http://www.pubnix.net    Fax: 514-990-9443

On 10/21/16 11:52, Brian Davies via NANOG wrote:
> +1!
>
> Well said, Patrick.
>
> B
>
> On Friday, October 21, 2016, Patrick W. Gilmore <patr...@ianai.net> wrote:
>
>> I cannot give additional info other than what’s been on “public media”.
>>
>> However, I would very much like to say that this is a horrific trend on
>> the Internet. The idea that someone can mention a DDoS then get DDoS’ed Can
>> Not Stand. See Krebs’ on the Democratization of Censorship. See lots of
>> other things.
>>
>> To Dyn and everyone else being attacked:
>> The community is behind you. There are problems, but if we stick together,
>> we can beat these miscreants.
>>
>> To the miscreants:
>> You will not succeed. Search "churchill on the beaches”. It’s a bit
>> melodramatic, but it’s how I feel at this moment.
>>
>> To the rest of the community:
>> If you can help, please do. I know a lot of you are thinking “what can I
>> do?" There is a lot you can do. BCP38 & BCP84 instantly come to mind. Sure,
>> that doesn’t help Mirai, but it still helps. There are many other things
>> you can do as well.
>>
>> But a lot of it is just willingness to help. When someone asks you to help
>> trace an attack, do not let the request sit for a while. Damage is being
>> done. Help your neighbor. When someone’s house is burning, your current
>> project, your lunch break, whatever else you are doing is almost certainly
>> less important. If we stick together and help each other, we can - we WILL
>> - win this war. If we are apathetic, we have already lost.
>>
>>
>> OK, enough motivational speaking for today. But take this to heart. Our
>> biggest problem is people thinking they cannot or do not want to help.
>>
>> --
>> TTFN,
>> patrick
>>
>>> On Oct 21, 2016, at 10:55 AM, Chris Grundemann <cgrundem...@gmail.com
>> <javascript:;>> wrote:
>>> Does anyone have any additional details? Seems to be over now, but I'm
>> very
>>> curious about the specifics of such a highly impactful attack (and it's
>>> timing following NANOG 68)...
>>>
>>> https://krebsonsecurity.com/2016/10/ddos-on-dyn-impacts-
>> twitter-spotify-reddit/
>>> --
>>> @ChrisGrundemann
>>> http://chrisgrundemann.com
>>

Re: Dyn DDoS this AM?

[Alexander Maassen]

Feel free to feed me with attack sources. Once those companies notice their 
precious mail does not arrive at clients. They will attempt to fix things. Sad 
but true.

Kind regards,
Alexander Maassen
- Technical Maintenance Engineer Parkstad Support BV- Maintainer DroneBL- 
Peplink Certified Engineer

 Oorspronkelijk bericht Van: "Patrick W. Gilmore" 
<patr...@ianai.net> Datum: 21-10-16  17:48  (GMT+01:00) Aan: NANOG list 
<nanog@nanog.org> Onderwerp: Re: Dyn DDoS this AM? 
I cannot give additional info other than what’s been on “public media”.

However, I would very much like to say that this is a horrific trend on the 
Internet. The idea that someone can mention a DDoS then get DDoS’ed Can Not 
Stand. See Krebs’ on the Democratization of Censorship. See lots of other 
things.

To Dyn and everyone else being attacked:
The community is behind you. There are problems, but if we stick together, we 
can beat these miscreants.

To the miscreants:
You will not succeed. Search "churchill on the beaches”. It’s a bit 
melodramatic, but it’s how I feel at this moment.

To the rest of the community:
If you can help, please do. I know a lot of you are thinking “what can I do?" 
There is a lot you can do. BCP38 & BCP84 instantly come to mind. Sure, that 
doesn’t help Mirai, but it still helps. There are many other things you can do 
as well.

But a lot of it is just willingness to help. When someone asks you to help 
trace an attack, do not let the request sit for a while. Damage is being done. 
Help your neighbor. When someone’s house is burning, your current project, your 
lunch break, whatever else you are doing is almost certainly less important. If 
we stick together and help each other, we can - we WILL - win this war. If we 
are apathetic, we have already lost.


OK, enough motivational speaking for today. But take this to heart. Our biggest 
problem is people thinking they cannot or do not want to help.

-- 
TTFN,
patrick

> On Oct 21, 2016, at 10:55 AM, Chris Grundemann <cgrundem...@gmail.com> wrote:
> 
> Does anyone have any additional details? Seems to be over now, but I'm very
> curious about the specifics of such a highly impactful attack (and it's
> timing following NANOG 68)...
> 
> https://krebsonsecurity.com/2016/10/ddos-on-dyn-impacts-twitter-spotify-reddit/
> 
> -- 
> @ChrisGrundemann
> http://chrisgrundemann.com

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

[Alexander Maassen]

If those where in fact non-spoofed sources, then i am surely interested in 
getting that list in order to put it into my dnsbl (dronebl). So if someone has 
it, or can tell me who to contact. Feel free to provide me with it offlist.
Especially if this botnet uses one of the many irc networks (like undernet) 
that is utilizing the dnsbl list and the cc is harbored there, it might help. 
Also, most 'admins' only start realizing something is wrong in their network 
once their precious bizmail won't arrive at clients because their infected ip 
is listed and the remote mx refuses the mail because of the listing.

Kind regards,
Alexander Maassen
- Technical Maintenance Engineer Parkstad Support BV- Maintainer DroneBL- 
Peplink Certified Engineer

 Oorspronkelijk bericht Van: Hugo Slabbert <h...@slabnet.com> 
Datum: 26-09-16  05:54  (GMT+01:00) Aan: "John R. Levine" <jo...@iecc.com> Cc: 
nanog@nanog.org Onderwerp: Re: Krebs on Security booted off Akamai network 
after DDoS attack proves pricey 

On Sun 2016-Sep-25 17:01:55 -0400, John R. Levine <jo...@iecc.com> wrote:

>>https://www.internetsociety.org/sites/default/files/01_5.pdf
>>
>>The attack is triggered by a few spoofs somewhere in the world. It is not
>>feasible to stop this.
>
>That paper is about reflection attacks.  From what I've read, this was 
>not a reflection attack.  The IoT devices are infected with botware 
>which sends attack traffic directly.  Address spoofing is not particularly 
>useful for controlling botnets.  

But that's not only remaining use of source address spoofing in direct 
attacks, no?  Even if reflection and amplification are not used, spoofing 
can still be used for obfuscation.

>For example, the Conficker botnet generated pseudo-random domain names 
>where the bots looked for control traffic.
>
>>Please see https://www.ietf.org/rfc/rfc6561.txt
>
>Uh, yes, we're familiar with that.  We even know the people who wrote 
>it. It could use an update for IoT since I get the impression that in 
>many cases the only way for a nontechnical user to fix the infection 
>is to throw the device away.
>
>Regards,
>John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies",
>Please consider the environment before reading this e-mail. https://jl.ly

-- 
Hugo Slabbert   | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E   | also on Signal

Re: IP addresses being attacked in Krebs DDoS?

[Alexander Maassen]

Just give me thise ips so i can add em in dronebl


Kind regards,
Alexander Maassen
- Technical Maintenance Engineer Parkstad Support BV- Maintainer DroneBL- 
Peplink Certified Engineer

 Oorspronkelijk bericht Van: Brett Glass <na...@brettglass.com> 
Datum: 25-09-16  22:01  (GMT+01:00) Aan: NANOG <nanog@nanog.org> Onderwerp: IP 
addresses being attacked in Krebs DDoS? 
As an ISP who is pro-active when it comes to security, I'd like to 
know what IP address(es) are being hit by the Krebs on Security 
DDoS attack. If we know, we can warn customers that they are 
harboring infected PCs and/or IoT devices. (And if all ISPs did 
this, it would be possible to curtail such attacks and plug the 
security holes that make them possible.)

--Brett Glass, LARIAT.NET

Re: PlayStationNetwork blocking of CGNAT public addresses

[Alexander Maassen]

Ipv6 is there for 20+ years, cgnat is needed coz the net grows kinda 
exponentially due to stuff like IoT/mobiles/m2m, and isp's need to provide 
users with the ability to talk ipv4 simply because the other side refuses to 
deploy v6 abilities. Do the math if they really care.
Also the servers itself hosting the gameserver probably already are dual 
stacked. But the gamecode itself misses the support.
Then there is the issue of you as isp not being able or daring to show a fist 
and simply saying: screw you. Because you are risking to loose customers.
And as long as the company's earn plenty of money using outdated code, they 
won't change it, coz that would imply spending money that won't flow into fancy 
buildings, fast cars and all that other useless luxury.




Kind regards,
Alexander Maassen
- Technical Maintenance Engineer Parkstad Support BV- Maintainer DroneBL- 
Peplink Certified Engineer

 Oorspronkelijk bericht Van: Mike Hammett <na...@ics-il.net> 
Datum: 22-09-16  13:23  (GMT+01:00) Aan: Alexander Maassen 
<outsi...@scarynet.org> Cc: NANOG <nanog@nanog.org> Onderwerp: Re: 
PlayStationNetwork blocking of CGNAT public addresses 
If you told them they would have fewer NAT issues if they supported IPv6, 
they'd start to care.  ;-) They know enough to hate NAT.



-
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP

From: "Alexander Maassen" <outsi...@scarynet.org>
Cc: "NANOG" <nanog@nanog.org>
Sent: Thursday, September 22, 2016 3:35:01 AM
Subject: Re: PlayStationNetwork blocking of CGNAT public addresses

Both gamers and content providers do not care. The gamers as they only care 
about the game itself and don't care about the technical mumbo jumbo. And the 
makers coz they only care about making money by producing content the gamers 
want. And you service providers are left with the headache of attempts to 
please both sides.
If this wasn't the case, then why after 20 years, ipv6 ain't rolled out.
Hence again I'd be voting for an ipv6 only day, but that will never happen.
Kind regards,
Alexander Maassen
- Technical Maintenance Engineer Parkstad Support BV- Maintainer DroneBL- 
Peplink Certified Engineer

 Oorspronkelijk bericht Van: Mark Andrews <ma...@isc.org> 
Datum: 21-09-16  03:29  (GMT+01:00) Aan: Justin Wilson <li...@mtin.net> Cc: 
NANOG <nanog@nanog.org> Onderwerp: Re: PlayStationNetwork blocking of CGNAT 
public addresses 

In message <09342130-874f-4fa4-b410-b7b66a75f...@mtin.net>, Justin Wilson write
s:
> PSN is one reason I am not a fan of CGNAT. All they see are tons of
> connections from the same IP.  This results in them banning folks.  Due
> to them being hacked so many times getting them to actually communicate
> is almost impossible.  My .02 is just get the gamers a true public if at
> all possible.
>
> Justin Wilson
> j...@mtin.net

What we need is business tech reporters to continually report on
these failures of content providers to deliver their services over
IPv6.  20 years lead time should be enough for any service.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: PlayStationNetwork blocking of CGNAT public addresses

[Alexander Maassen]

Maybe its time then for a global accepted, unified way to send/report abuse? 
That should solve most of the issues and end points would be able to deal with 
it in a common way and only would need to think about how to integrate it in 
their crm's etc.
We are all using the same medium, but attempt to communicate issues using 
several methods. 
Perhaps iana can use those (m/b)illions they got from selling tld's and cook 
something up.



Kind regards,
Alexander Maassen
- Technical Maintenance Engineer Parkstad Support BV- Maintainer DroneBL- 
Peplink Certified Engineer

 Oorspronkelijk bericht Van: Baldur Norddahl 
<baldur.nordd...@gmail.com> Datum: 22-09-16  14:10  (GMT+01:00) Aan: 
nanog@nanog.org Onderwerp: Re: PlayStationNetwork blocking of CGNAT public 
addresses 
On 22 September 2016 at 10:42, Alexander Maassen <outsi...@scarynet.org>
wrote:

> So you ignore/don't deal with the abuse coz it's shipped in a format you
> refuse to handle?
>
> And you don't even bother telling the reporter you would like it in a per
> ip format? Or make attempts to make it work the way they report it (split
> out the ip's and modify the to be forwarded mail to only contain the ip's
> belonging to that customer)
>

You will have to remember that these are automated mails from the reporter.
If I write them back it goes into their bit bucket, because they do not
really care enough to bother replying. I am betting they are sending out
thousands mails each day and they can not handle manually replying to all
of that. In the same way we receive a large amount of automated mail so we
have to be able to handle it automatically. Send me something sane and I
will make a script that forwards it. Send me something unusable and I wont
- but I will not do manual handling of your automated mail.

All I am trying to do here is tell people that send abuse mails not to
combine multiple abuse complaints in one mail, because that makes it harder
for everybody and makes it more likely that your mail will be dropped as
too much work. Double so if your abuse mails is from an automated system,
because I will try to match your automated system with my own. However it
is much harder to make a system that can edit your complaint and duplicate
it to several recipients, than it is to run a simple filter that just
forwards the mail as is.

As to PSN they will usually send multiple mails if the abuse is ongoing. At
some point they will send a mail with just one IP and that one gets
forwarded. So we are dropping some of the mails, but the users eventually
get notified anyway. It is not ideal but it works.

Regards,

Baldur

Re: PlayStationNetwork blocking of CGNAT public addresses

[Alexander Maassen]

As long as their is no international accepted standard as to how to report 
abuse and everyone cooking up his/her own methods.. I think you have either the 
choice of adapting and thus be able to deal with the abuse. Or be lazy and 
stubborn, ignore it, wait for the bad reputation to say hi to your company and 
face the effects it might cause.


Kind regards,
Alexander Maassen
- Technical Maintenance Engineer Parkstad Support BV- Maintainer DroneBL- 
Peplink Certified Engineer

 Oorspronkelijk bericht Van: Tom Beecher <beec...@beecher.cc> 
Datum: 21-09-16  17:13  (GMT+01:00) Aan: Justin Wilson <li...@mtin.net> Cc: 
NANOG <nanog@nanog.org> Onderwerp: Re: PlayStationNetwork blocking of CGNAT 
public addresses 
I have a hard time accepting that service providers should re-engineer
their networks because other companies cannot properly engineer their abuse
tooling.

On Tue, Sep 20, 2016 at 11:33 AM, Justin Wilson <li...@mtin.net> wrote:

> PSN is one reason I am not a fan of CGNAT. All they see are tons of
> connections from the same IP.  This results in them banning folks.  Due to
> them being hacked so many times getting them to actually communicate is
> almost impossible.  My .02 is just get the gamers a true public if at all
> possible.
>
> Justin Wilson
> j...@mtin.net
>
> ---
> http://www.mtin.net Owner/CEO
> xISP Solutions- Consulting – Data Centers - Bandwidth
>
> http://www.midwest-ix.com  COO/Chairman
> Internet Exchange - Peering - Distributed Fabric
>
> > On Sep 20, 2016, at 8:24 AM, Danijel Starman <theghost...@gmail.com>
> wrote:
> >
> > Something similar happened to a local FantasyConon I was helping set up,
> we
> > had only two PS4 machines there and accounts provided by Blizzard for
> > Overwatch. Outside IP of the LAN (as it was NATed) was banned by PSN in
> > about 8h. There was no other traffic other then those two accounts
> playing
> > Overwatch so my guess is that they have some too aggressive checks. I've
> > managed to convince our ISP there to change the outside IP of the link so
> > we got them working the next day but it happened again in 8h.
> >
> > --
> > *blap*
> >
> > On Fri, Sep 16, 2016 at 3:12 PM, Simon Lockhart <si...@slimey.org>
> wrote:
> >
> >> All,
> >>
> >> We operate an access network with several hundred thousand users.
> >> Increasingly
> >> we're putting the users behind CGNAT in order to continue to give them
> an
> >> IPv4
> >> service (we're all dual-stack, so they all get public IPv6 too). Due to
> the
> >> demographic of our users, many of them are gamers.
> >>
> >> We're hitting a problem with PlayStationNetwork 'randomly' blocking some
> >> of our
> >> CGNAT outside addresses, because they claim to have received anomalous,
> or
> >> 'attack' traffic from that IP. This obviously causes problems for the
> other
> >> legitimate users who end up behind the same public IPv4 address.
> >>
> >> Despite numerous attempts to engage with PSN, they are unwilling to
> give us
> >> any additional information which would allow us to identify the 'rogue'
> >> users
> >> on our network, or to identify the 'unwanted' traffic so that we could
> >> either
> >> block it, or use it to identify the rogue users ourselves.
> >>
> >> Has anyone else come up against the problem, and/or have any
> suggestions on
> >> how best to resolve it?
> >>
> >> Many thanks in advance,
> >>
> >> Simon
> >>
> >>
> >
>
>

Re: PlayStationNetwork blocking of CGNAT public addresses

[Alexander Maassen]

So you ignore/don't deal with the abuse coz it's shipped in a format you refuse 
to handle?
And you don't even bother telling the reporter you would like it in a per ip 
format? Or make attempts to make it work the way they report it (split out the 
ip's and modify the to be forwarded mail to only contain the ip's belonging to 
that customer)

Kind regards,
Alexander Maassen
- Technical Maintenance Engineer Parkstad Support BV- Maintainer DroneBL- 
Peplink Certified Engineer

 Oorspronkelijk bericht Van: Baldur Norddahl 
<baldur.nordd...@gmail.com> Datum: 21-09-16  10:37  (GMT+01:00) Aan: 
nanog@nanog.org Onderwerp: Re: PlayStationNetwork blocking of CGNAT public 
addresses 
Hi

We have the opposite problem with PSN: Sometimes they will send abuse 
reports with several of our IP addresses listed. The problem with that 
is that we can not give data about one customer to another customer. By 
listing multiple IP addresses we are prevented from forwarding the email 
to the customer. Which means we may ignore it instead.

Regards,

Baldur

Re: PlayStationNetwork blocking of CGNAT public addresses

[Alexander Maassen]

Both gamers and content providers do not care. The gamers as they only care 
about the game itself and don't care about the technical mumbo jumbo. And the 
makers coz they only care about making money by producing content the gamers 
want. And you service providers are left with the headache of attempts to 
please both sides.
If this wasn't the case, then why after 20 years, ipv6 ain't rolled out.
Hence again I'd be voting for an ipv6 only day, but that will never happen.
Kind regards,
Alexander Maassen
- Technical Maintenance Engineer Parkstad Support BV- Maintainer DroneBL- 
Peplink Certified Engineer

 Oorspronkelijk bericht Van: Mark Andrews <ma...@isc.org> 
Datum: 21-09-16  03:29  (GMT+01:00) Aan: Justin Wilson <li...@mtin.net> Cc: 
NANOG <nanog@nanog.org> Onderwerp: Re: PlayStationNetwork blocking of CGNAT 
public addresses 

In message <09342130-874f-4fa4-b410-b7b66a75f...@mtin.net>, Justin Wilson write
s:
> PSN is one reason I am not a fan of CGNAT. All they see are tons of
> connections from the same IP.  This results in them banning folks.  Due
> to them being hacked so many times getting them to actually communicate
> is almost impossible.  My .02 is just get the gamers a true public if at
> all possible.
>
> Justin Wilson
> j...@mtin.net

What we need is business tech reporters to continually report on
these failures of content providers to deliver their services over
IPv6.  20 years lead time should be enough for any service.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: EVERYTHING about Booters (and CloudFlare)

[Alexander Maassen]

Sigh, another long thread that goes nowhere in the end and simply dies a
dull dead. So let's add my 2ct donation into it.

First of all, CF like any other carrier/provider/hoster/whatever only
cares about the bucks, nothing else, you all do to, so that should be
clear enough. Them actually booting customers just because some other
instance (except through govermential powers) wants them to is not done,
as it would decrease the income. Period. Same goes for ISP's blocking
access to resources. They will simply switch to another provider and or
try to find workarounds for it (see pirate bay and the alikes). Thats like
mopping the floor while the fire sprinklers are still on.

Second, CF indeed offers DDoS mitigation, but only on their heavy paid
plans, if you also want the netflow logs of the attacks etc, it will cost
you extra. If you are on a free plan, and your assigned gw gets ddossed,
and they figure out you are the target, they drop the 'protection' by
simply changing dns to it's real values and letting the attacker know:
don't dos us if you want to hit that site, use the real endpoint IP
instead and you will hit them directly. (Been there with DroneBL, and as
soon as I figured out they do that, dropped them immediately). In the end,
you are better off at hosters like OVH/Foonet and such as they learned
from the IRC age where it was common to nuke clients/bnc's in order to
hijack nicknames/channels when the network didn't have channel/nick
services.

Third, for those who do not know it yet, CF only acts as an intermediate
RELAY that provides a method of attempting to identify bad asses, nothing
more. And the badasses they also relay for? Testpigs and informational
source! (Keep your friends close, your enemies closer?).

Hell, aren't some of the best security advisors former hackers? At least
the ones I know used to be. And I rather have some decent hacker in my
team, keeping me updated with the stuff thats going on in the scene, then
some million dollar company trying to sell you crap that is always behind
the facts. Oh, and I am talking about real hackers, not those
scriptkiddies using ready made tools thinking they are god.

Fourth, and I see it in this mail as well and a lot of others: The
Jurisdictional issues. Why aren't there any international Cyber Crime laws
yet? We all do need to enforce crap like DMCA (which the
music/entertainment industry is responsible for), EU Cookie Law (which
should have been handled through the browsers and not force it upon the
websites) and it's inbread stupid derivates, but everyone, despite acting
out international by it's presence on a global spanning network, is still
hiding behind his/her's organizations local law. Kinda stupid, don't you
agree ?

Kind regards,

Alexander Maassen
Maintainer DroneBL

On Thu, July 28, 2016 4:41 pm, Paul WALL wrote:
> I'm sorry, but this entire discussion is predicated on half-truths and
nonsense spewing out of the CF team.  It's a shame too, as they're
usually great community minded folks who are well respected around here.
>
> No matter how you define the CloudFlare service, that they can claim
ignorance due to "common carrier" passthrough is preposterous,
> especially given their purported knowledge of what's going on.
> Likewise if the booter sites were connected to any other CDN,
> WAF/proxy, public cloud provider, etc.  Call it what you want, but at
the end of the day, they're providing connectivity and keeping the
storefront online.  Want the problem stopped?  Easy, stop it at the
source by denying them service.  Every service provider (or its
> upstream at some point) has an AUP which prevents the service from being
used for illegal purposes.  Telling NANOG members that they don't
understand the nature of the CF service, and that they should somehow
get a pass, is dishonest.
>
> That they're keeping these criminals online at the requirement of the
FBI?  Anyone who's actually worked with law enforcement can tell you
that the first rule of fight club is to NOT talk about it, especially if
you're under gag order.  A more likely story is they're just doing this
for the attention, and basking in it, kind of like a certain blog post
suggesting they pioneered the practice of configuring hosts with LACP
for throughput and HA.
>
> If Justin/Matthew/Martin/etc. are listening, I implore you to do the
right thing and stop providing service to criminals.  Full stop, without
caving in to your very talented marketing department.  And to everyone
else, I'd ask you to do what you think is right, and treat CloudFlare's
anycasted IP blocks as you would any other network
> harboring criminal activity and security risk to the detriment of your
customers.   (Is Team CYMRU listening?)  Much like the original spam
problem in the 90s, the collateral damage might be annoying at first,
but the end will justify the means.
>
> Drive Slow (like a souped up Supra),
> Paul Wall
>
> On We

Re: BGP FlowSpec

[Alexander Maassen]

On Mon, May 2, 2016 2:30 pm, Danny McPherson wrote:
> We use it effectively in a layered model where "Principle of Minimal
> Intervention" applies, allowing attack mitigation and traffic diversion
> in the most optimal place (e.g., at network ingress), and only scrubbing
> or diverting traffic when necessary.

Sorry to say, but the most optimal place for ddos mitigation is at network
egress of origin. What comes in mind regarding that is the ability for
target ASN telling source ASN to stop sending packets from a specific
(let's say /29) in the case of a DDoS (with appropiate security measures
in place off course).

Because, let's face it, why would a target of a ddos need to nullroute
itself?

Mozilla Cert expired today :P

[Alexander Maassen]

Kinda funny and perhaps offtopic, but I noticed the cert for mozilla.org
expired right before my eyes when checking my plugins.

Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers

[Alexander Maassen]

As of 38.0.5, this no longer is even an option, as they removed sslv3
support, see the reviews at
https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/

On Fri, July 17, 2015 2:41 pm, Robert Drake wrote:


 On 7/17/2015 4:26 AM, Alexander Maassen wrote:
 Well, this block also affects people who have old management hardware
 around using such ciphers that are for example no longer supported. In
 my
 case for example the old Dell DRAC's. And it seems there is no way to
 disable this block.

 Ok, it is good to think about security, but not giving you any chance to
 make exceptions is simply forcing users to use another browser in order
 to
 manage those devices, or to keep an old machine around that not gets
 updated.

 Or just fallback to no SSL in some cases :(  We have some old vendor
 things that were chugging along until everyone upgraded firefox and then
 suddenly they stopped working.  The fix was to use the alternate
 non-SSL web port rather than upgrade because even though the software is
 old, it's too critical to upgrade it in-line.

 The long term fix is to get new hardware and run it all in virtual
 machines with new software on top, but that may be in next years
 budget.  I've also got a jetty server (opennms) that broke due to this,
 so I upgraded and fixed the SSL options and it's still broken in some
 way that won't log errors.  I have no time to track that down so the
 workaround is to use the unencrypted version until I can figure it out.

 Having said that, it seems that there is a workaround in Firefox if
 people need it.  about:config and re-enabling the weak ciphers.
 Hopefully turning them on leaves you with a even bigger warning than
 normal saying it's a bad cert, but you could get back in.  This doesn't
 help my coworkers.  I'm not going to advise a bunch of people with
 varying levels of technical competency to turn on weak ciphers, but it
 does help with a situation like yours where you absolutely can't update
 old DRAC stuff.

 https://support.mozilla.org/en-US/questions/1042061

Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers

[Alexander Maassen]

Well, this block also affects people who have old management hardware
around using such ciphers that are for example no longer supported. In my
case for example the old Dell DRAC's. And it seems there is no way to
disable this block.

Ok, it is good to think about security, but not giving you any chance to
make exceptions is simply forcing users to use another browser in order to
manage those devices, or to keep an old machine around that not gets
updated.

On Fri, July 17, 2015 10:14 am, Randy Bush wrote:
 many web sites are gonna have to upgrade ciphers and get rid of flash.
 this will take vastly longer than prudence would dictate.

 randy

Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers

[Alexander Maassen]

(Sorry Michael for the duplicate, forgot to press reply all :P)

No problem making the web more secure, but in such cases I think it would
have been better if you could set this behaviour per site, same as with
'invalid/self signed certs'. And in some cases, vendors use weak ciphers
because they also utilize less resources. Everyone who has a DRAC knows
about it's sluggish performance.

Another backdraw of the DRAC's is, they are https only, and you cannot
turn this behaviour off. Guess for that the only options would be to make
your own interface and utilize the telnet/snmp interface. (Which is
probably less secure then SSLv3), or some form of SSLv3 - strong cipher
proxy.

And needing to replace hardware that works perfectly fine for the purposes
it's intended for just because a browser refuses to connect to it and
denies you the option to make exceptions sounds just like the well known
error 'Not enough money spend on hardware'

On Fri, July 17, 2015 9:14 pm, Michael O Holstein wrote:
making 99% of the web secure is better than keeping an old 1% working

 A fine idea, unless for $reason your application is among the 1% ..
nevermind the arrogance of the I'm sorry Dave sort of attitude.

 As an example .. we have a vendor who, in the current release (last 3
months) still requires weak ciphers in authentication responses. That
was mostly okay until another vendor (with more sense) wanted to auth
the same way but only permitted strong ciphers.

 My $0.02

 Michael Holstein
 Cleveland State University

Re: How long will it take to completely get rid of IPv4 or will it happen at all?

[Alexander Maassen]

Before that will happen. Isp's will first try cgnat and the alikes. They rather 
spend money on hardware supporting that then make the networks dualstack.

Why? you may ask. Simple. Most customer service centers have ppl with less then 
basic skills. Explaining how ipv4 even looks like took them long enough.

Abuse ticket systems and logparsers are probably also v4 based. And the one who 
wrote them, probably got fired and replaced by a younger/cheaper guy who just 
got out of school with no real field experience.

When will the change happen then you might ask. Very simple. If the largest 
destinations like fb/twitter and others start to drop v4.

So what we really would need is not an ipv6 day, but, you might have guessed 
it, an ipv6 ONLY day. 

On such a day, a hell of a lot isps will have their support queue overfilled 
with people asking why they cannot visit their favourite sites. And all the isp 
can say is: our network infrastructure is too old.

 Oorspronkelijk bericht 
Van: Bob Evans b...@fiberinternetcenter.com 
Datum:  
Aan: Rafael Possamai raf...@gav.ufsc.br 
Cc: North American Network Operators' Group nanog@nanog.org 
Onderwerp: How long will it take to completely get rid of IPv4 or will it
  happen at all? 
 
Our fundamental issue is that an IPv4 address has no real value as
networks still give them away, it's pennies in your pocket. Everything of
use needs to have a cost to motivate for change. Establishing that now
won't create change it will first create greater conservation. There will
be a cost that will be reached before change takes place on a scale that
matters.

Networks set the false perception and customer expectation that address
space is free and readily available. Networks with plenty, still land many
customers today by handing over a class C to customer with less than 10
servers and 5 people in an office.

We have a greater supply for packets to travel than we do for addresses
required to move packets. Do you know how many packets a single IP address
can generate or utilize, if it was attached too The World's Fastest
Internet in someplace like Canadaland or Sweden on init7's Fiber7 ?  No
matter how large the pipe the answer is always, all of it. It's address
space we should now place a price upon. Unlike, My Space's disappearance
when Facebook arrived there is no quick jump to IPv6. There is no
coordinated effort required that involves millions of people to change
browser window content.

But to answer your question...

Everything that is handed over for free is perceived as having no value.
Therefore, IPv4 has to cost much more than the cost to change to IPv6
today. While the IPv6 addresses are free, it is expensive to change.
Businesses spend lots of money on a free lunches. It's going to take at
least the price of one good lunch per IP address per month to create the
consideration for change. That's about $30 for 2 people in California. 
Offering a /48 of free IPv6 space to everyone on the planet didn't make it
happen.

There is no financial incentive to move to IPv6. In fact there is more
reason not to change than to change. The new gear cost $$$ (lots of it
didn't work well and required exploration to learn that),  IT people need
hours to implement (schedules are full of day-to-day issues), networks
keep growing with offerings that drop Internet costs and save everyone
money, business as usual is productive on IPv4 (business doesn't have time
for distraction), many of us get distracted by something more immediate
and interesting than buying a new wi-fi router for the home.

What will come first ?
A) the earths future core rotation changes altering the ionosphere in such
a way that we are all exposed to continuous x-rays that shorten our
lifespan
 OR
B) the last IPv4 computer running will be reconfigured to IPv6

Thank You
Bob Evans
CTO




 Randy,

 How long do you think it will take to completely get rid of IPv4? Or is it
 even going to happen at all?

 On Sat, Jun 27, 2015 at 4:57 AM, Randy Bush ra...@psg.com wrote:

 the rirs have run out of their free source of short ints to rent to us.
 i am sure everyone will move to ipv6 in a week.  news at eleven.

 randy

Re: REMINDER: LEAP SECOND

[Alexander Maassen]

So you need to wait one more second before you may pop the bottle? :)

On Fri, June 19, 2015 7:06 pm, Jay Ashworth wrote:
 The IERS will be adding a second to time again on my birthday;

 2015-06-30T23:59:59
 2015-06-30T23:59:60
 2015-07-01T00:00:00

 Have fun, everyone.  :-)

 Cheers,
 -- jra

 --
 Jay R. Ashworth  Baylink
 j...@baylink.com
 Designer The Things I Think   RFC
 2100
 Ashworth  Associates   http://www.bcp38.info  2000 Land Rover
 DII
 St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647
 1274

Re: 2.4Ghz 40Mhz 802.11n wifi and Apple Macbook

[Alexander Maassen]

Shoot me if i'm wrong, but doesn't a mac prefer MIMO in order to work
correctly?

On Sun, June 14, 2015 8:42 pm, Brielle Bruns wrote:
 On 6/14/15 12:33 PM, Anurag Bhatia wrote:
 Hello everyone,



 I am running a TP Link TL-WR1043N which (as TP Link says is a) 802.11n
 router working on 2.4Ghz (no support for 5Ghz). I am running it with
 flashed OpenWRT.



 While using option to pick 40Mhz, I see my Mac only gets 20Mhz to use
 and
 speed is always 130Mbps. There's no other SSID nearby and I am sitting
 next
 to router for testing.


 This brings me to question - Has anyone successfully used 40Mhz with
 2.4Ghz
 on 802.11n standard with Apple Macbook? I wonder if it's limitation on
 the
 chipset or something else.




 Everything that I've seen/experienced says that Apple devices won't use
 40mhz channels with 2.4 due to the overlapping bands/lack of good
 separation between channels.

 However, I'm not sure if this specifically applies to just the Airport
 APs like the Extreme, or to the laptops as well, as I use AE's at home,
 and the Unifi APs I do have in service all have 20mhz channels only set
 on them to avoid issues.


 --
 Brielle Bruns
 The Summit Open Source Development Group
 http://www.sosdg.org/ http://www.ahbl.org

Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation

[Alexander Maassen]

It's a security tool. So ppl using it want to publicly hide the fact they use 
it in case you screw up and it contains leaks ;)

 Oorspronkelijk bericht 
Van: Pavel Odintsov pavel.odint...@gmail.com 
Datum:  
Aan: Jim Popovitch jim...@gmail.com 
Cc: nanog@nanog.org 
Onderwerp: Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation 
 
Looks like many folks want hide company emails ;) I'm good guy and will not
spam or offer slmething ;)))

But I'm impressed about amount of off list requests. Really huge interest
in tool.

On Thursday, June 4, 2015, Jim Popovitch jim...@gmail.com wrote:

 There's a surprising amount of GMail (yes, including me) and new-ness
 in this thread.    Should I be impressed with the freshness or
 concerned about astroturfing?   :-)

 Bah Humbug!

 -Jim P.



-- 
Sincerely yours, Pavel Odintsov

Re: Need trusted NTP Sources

[Alexander Maassen]

www.pool.ntp.org

 Oorspronkelijk bericht 
Van: Notify Me notify.s...@gmail.com 
Datum:  
Aan: nanog@nanog.org list nanog@nanog.org,af...@afnog.org 
Onderwerp: Need trusted NTP Sources 
 
Hi !

I'm trying to help a company I work for to pass an audit, and we've
been told we need trusted NTP sources (RedHat doesn't cut it). Being
located in Nigeria, Africa, I'm not very knowledgeable about trusted
sources therein.

Please can anyone help with sources that wouldn't mind letting us sync
from them?

Thanks a lot!

nokiamail spam

[Alexander Maassen]

Could someone from yahoo please contact me off list please? Because I
really want something to be done against the recent spam mail floods
from nokiamail.com without needing to harm yahoo itself by adding them
to dnsbl as it would harm more users then just the intended target in
order to protect users from these spams.

The abuse has been going on for weeks, and I hardly see any improvements
in solving those. I encourage yahoo to make it clear to nokia that this
abuse has to end. I myself receive these mails multiple times a day on
several mailboxes. Googling around tells me there are millions others
suffering from the same spams as well.

To put it in a simple quote: When... does the... hurting... end?

Kind regards,
Alexander Maassen
Maintainer DroneBL


signature.asc
Description: This is a digitally signed message part

Re: Level3 worldwide emergency upgrade?

[Alexander Maassen]

On Wed, 2013-02-06 at 07:57 -0500, Alex Rubenstein wrote:
  Would you rather your ISP not maintain their devices?  Are the 
  consequences so bad of a 30 minute outage that your business
  is severely impacted?
  
  - Jared
 
 You had me up until that line.
 
 That should be expanded a little ...
 
 First, I'd say, yes - many businesses would be severely impacted and may even 
 have consequential issues if they had to sustain a 30 minute outage. Suppose 
 for a moment they couldn't process money machines transactions for 30 
 minutes; or Netflix couldn't serve content for 30 minutes; or youporn was 
 offline for 30 minutes.
 
 The question should be more along the lines of, why aren't you multihomed in 
 a way that would make a 30 minute outage (which is inevitable) irrelevant to 
 you?
 
 
 

multihomed or simply redundantly equipped to switch over faster ?



signature.asc
Description: This is a digitally signed message part

Re: mail-abuse.org down?

[Alexander Maassen]

Looks like it's down again

From ge0-1-v201.r2.mst1.proxility.net (77.93.64.146) icmp_seq=1
Destination Host Unreachable

Now that could be through a filter... however:

--2012-11-04 11:07:25--  http://www.mail-abuse.org/
Resolving www.mail-abuse.org... 150.70.74.99
Connecting to www.mail-abuse.org|150.70.74.99|:80... failed: No route to
host.


trace itself ends at my own providers gateway...


signature.asc
Description: This is a digitally signed message part

Re: OT: Sign of the Coming Apocalypse

[Alexander Maassen]

We europeans had it the 10th already!
Hail to the king baby :)

Op 15-6-2011 17:46, Dennis Burgess schreef:
 Mine got delivered to my office yesterday!  :)  

 Dennis Burgess, Mikrotik Certified Trainer 
 Link Technologies, Inc -- Mikrotik  WISP Support Services
 Office: 314-735-0270 Website: http://www.linktechs.net
 LIVE On-Line Mikrotik Training - Author of Learn RouterOS


 -Original Message-
 From: Joshua William Klubi [mailto:joshua.kl...@gmail.com]
 Sent: Wednesday, June 15, 2011 4:39 AM
 To: Jay Ashworth
 Cc: NANOG
 Subject: Re: OT: Sign of the Coming Apocalypse

 finally after waiting for it 4ever

 Joshua

 On Wed, Jun 15, 2011 at 6:06 AM, Jay Ashworth j...@baylink.com wrote:

 (that's next winter, right?)

 I've just seen a TV ad for Duke Nukem Forever, in a Hulu airing of
 The
 Daily Show.

 Cheers,
 -- jr 'Finally??' a
 --
 Jay R. Ashworth  Baylink
 j...@baylink.com
 Designer The Things I Think
 RFC
 2100
 Ashworth  Associates http://baylink.pitas.com 2000 Land
 Rover
 DII
 St Petersburg FL USA  http://photo.imageinc.us +1
 727 647
 1274






signature.asc
Description: OpenPGP digital signature

Re: IPv4 Address Exhaustion Effects on the Earth

[Alexander Maassen]

wil,
maybe after all this time you got the router, it gained 7lbs of all the
dust in it ?

Op 1-4-2011 3:26, Wil Schultz schreef:
 On Mar 31, 2011, at 6:14 PM, Joao C. Mendes Ogawa jonny.og...@gmail.com 
 wrote:

 FYI

 --Jonny Ogawa

 - Forwarded message from Stephen H. Inden -

 From: Stephen H. Inden
 Subject: IPv4 Address Exhaustion Effects on the Earth
 Date: Fri, 1 Apr 2011 00:19:08 +0200
 To: Global Environment Watch (GEW) mailing list
 X-Mailer: Apple Mail (2.1084)
 X-Mailman-Version: 2.1.9
 List-Id: GEW mailing list.


 IPv4 Address Exhaustion Effects on the Earth

 By Stephen H. Inden
 April 1, 2011

 At a ceremony held on February 3, 2011 the Internet Assigned Numbers
 Authority (IANA) allocated the remaining last five /8s of IPv4 address
 space to the Regional Internet Registries (RIRs). With this action,
 the free pool of available IPv4 addresses was completely depleted.

 Since then, several scientists have been studying the effects of this
 massive IPv4 usage (now at its peak) on the Earth.

 While measuring electromagnetic fields emanating from the world's
 largest IPv4 Tier-1 backbones, NASA scientists calculated how the IPv4
 exhaustion is affecting the Earth's rotation, length of day and
 planet's shape.

 Dr. Ron F. Stevens, of NASA's Goddard Space Flight Center, said all
 packet switching based communications have some effect on the Earth's
 rotation. It's just they are usually barely noticeable. Until now.

 Every packet affects the Earth's rotation, from a small ping to a
 huge multi-terabyte download.  The problem with IPv4 is its variable
 length header and tiny address space that can cause an electromagnetic
 unbalance on transmission lines.  The widespread adoption of Network
 Address Translation (NAT) on IPv4 networks is making the problem even
 worse, since it concentrates the electromagnetic unbalance.  This
 problem is not noticeable with IPv6 because of its fixed header size
 and bigger 128 bits address space, Dr. Stevens said.

 Over the past few years, Dr. Stevens has been measuring the IPv4
 growing effects in changing the Earth's rotation in both length of
 day, as well as gravitational field.  When IPv4 allocation reached its
 peak, last February, he found out that the length of day decreased by
 2.128 microseconds.  The electromagnetic unbalance is also affecting
 the Earth's shape -- the Earth's oblateness (flattening on the top and
 bulging at the Equator) is decreasing by a small amount every year
 because of the increasing IPv4 usage.

 The researcher concluded that IPv4 usage has reached its peak and is
 causing harmful effects on the Earth:

 IPv4 is, indeed, harmful.  Not only 32 bits for its address space has
 proven too small and prone to inadequate solutions like NAT, it is now
 clear that its electromagnetic effects on the Earth are real and
 measurable.

 The solution?

 I'm convinced that the only permanent solution is to adopt IPv6 as
 fast as we can, says Dr. Stevens.

 --

 It's all true. 

 Alse I've been weighing my router and it's 7 lbs heavier with the addition of 
 all these new ip addresses in it's routing table. 

 -wil



signature.asc
Description: OpenPGP digital signature

Re: SORBS contact?

[Alexander Maassen]

mailop list? I run a dnsbl myself (dronebl to be exact), call me dumb or
whatever, but never heard about that list.
In fact, I am also working on granting AS admins to be able to list
entries in their ranges etc, so if you are listed in whois as
administrator of an AS and you want access to listings within your
ranges, gimme a yell.

Op 23-3-2011 0:25, Rich Kulawiec schreef:
 For future reference: you're much more likely to elicit a useful
 response by using the mailop list, since you'll be addressing
 a mixed audience of mail system operators, DNSBL operators, software
 authors, etc., all of whom are focused on mail and not network operations.

 ---rsk




signature.asc
Description: OpenPGP digital signature

Why does abuse handling take so long ?

[Alexander Maassen]

Dear nanog members,

As current maintainer of DroneBL I happen to receive a lot of unwanted
packets in the form of DDoS attacks, now the DDoS itself is not the real
problem, dealing with it the fast way is.

Now most of you would think: Just filter it, put a big firewall in front
of it, bla bla bla bla. But what I'm really talking about is the
ignorance most providers show when it comes to handling the abuse when
it gets reported.
The issue in there being, it's way too slow, and my hoster needs to
temporary nullroute my ip range in order to protect his network.
We both mail all the involved providers and sometimes need to wait days
before hostings act upon the mail.

In most cases the only thing the abuse@ contacts do as hoster, is relay
the mail to the client but do not dare to do anything themself, even if
you provide them with a shitload of logs, even if you call them and say
that the attack from their source is still continueing, they refuse to
look into it and shutdown the source. And that pisses me off badly.

Why o why are isp's and hosters so ignorant in dealing with such issues
and act like they do not care?

Kind regards,
Alexander Maassen
Maintainer DroneBL



signature.asc
Description: OpenPGP digital signature

Re: Why does abuse handling take so long ?

[Alexander Maassen]

On 13-3-2011 18:31, William Allen Simpson wrote:
 On 3/13/11 7:45 AM, Alexander Maassen wrote:
 Why o why are isp's and hosters so ignorant in dealing with such issues
 and act like they do not care?


 So, part of the problem is *your* upstream.  Why didn't your upstream
 actively remove the entire abusive netblock?  Why didn't your upstream
 contact other providers with your evidence, and together remove the
 abusive network from the global routing tables?

My hoster did mail, his upstream is EGI, however, EGI does not want to
block/filter since it would pollute their routers they say.
I asked through my hoster if they would be willing to place a simple UDP
filter, blocking all of it. They refuse.



signature.asc
Description: OpenPGP digital signature

Re: Why does abuse handling take so long ?

[Alexander Maassen]

Op 14-3-2011 0:21, Leo Bicknell schreef:

 Quite frankly, most ISP's aren't going to take your DDOS report
 seriously via e-mail.  If it's not bad enough to you that it is
 worth your time and money to make a phone call and help them track
 it down it is not worth their time and money to track it down and
 make it stop.

 In short, try picking up the phone.  You'll bypass the entire e-mail
 reporting cesspool I just described, and show the ISP you actually
 care.  9 out of 10 times they will respond by showing they care as
 well.

Quite frankly, been there, done that, got the t-shirt. And the answer I
get most of the time there is:
[loop]
- Sorry, email abuse and wait for a reply
- Sorry, I can't help you, wait for a reply on your abuse email
- Sorry, there is nothing I can do, my hands are bound, wait for a reply
from the abuse department
[/loop]

So much regarding the 9 out of 10. It's the 1 remaining that actually
cares and tries something.



signature.asc
Description: OpenPGP digital signature