Re: public open resolver list?

[Michel 'ic' Luczak]

> 
> $ whois AS16589
> No match found for a 16589.
> 

whois -r AS16589 # perhaps?

aut-num:AS16589
as-name:ELV-ANYCAST-NET

Re: Europe IP Transit Provider Ideas ?

[Michel 'ic' Luczak]

5511

> On 30 Jun 2020, at 13:14, James Braunegg  wrote:
> 
> We currently take full table feeds from Telia, GTT, Cogent, Retn, tisparkle 
> (Seabone) we are also looking at adding NTT in the USA and maybe also in 
> Europe but any other recommendations ?
> 

Re: OT: Tech bag

[Michel 'ic' Luczak]

Hi,

> On 2 Aug 2019, at 18:14, Dovid Bender  wrote:
> 
> Hi,
> 
> Sorry for the OT email. I travel extensively to DC's and my computer bag 
> seems to keep collecting more tools which includes your usual console cables, 
> spare everything, two laptops etc. My Swissgear has been taking a beating and 
> I was wondering what others who have to lug around 30-35 pounds use.

I regularly put two 15” laptops in this 
https://brenthaven.com/product/metrolite-laptop-backpack/ 
 and front pocket is 
packet with tools, PSUs, wires, …

/ic

Re: Service Provider NetFlow Collectors

[Michel 'ic' Luczak]

Don’t underestimate good old ELK
https://www.elastic.co/guide/en/logstash/current/netflow-module.html 

+ https://github.com/robcowart/elastiflow 


BR, ic

> On 31 Dec 2018, at 04:29, Erik Sundberg  wrote:
> 
> Hi Nanog….
>  
> We are looking at replacing our Netflow collector. I am wonder what other 
> service providers are using to collect netflow data off their Core and Edge 
> Routers. Pros/Cons… What to watch out for any info would help.
>  
> We are mainly looking to analyze the netflow data. Bonus if it does ddos 
> detection and mitigation.
>  
> We are looking at
> ManageEngine Netflow Analyzer
> PRTG
> Plixer – Scrutinizer
> PeakFlow
> Kentik
> Solarwinds NTA
>  
>  
> Thanks in advance…
>  
> Erik
>  
> 
> 
> CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or 
> previous e-mail messages attached to it may contain confidential information 
> that is legally privileged. If you are not the intended recipient, or a 
> person responsible for delivering it to the intended recipient, you are 
> hereby notified that any disclosure, copying, distribution or use of any of 
> the information contained in or attached to this transmission is STRICTLY 
> PROHIBITED. If you have received this transmission in error please notify the 
> sender immediately by replying to this e-mail. You must destroy the original 
> transmission and its attachments without reading or saving in any manner. 
> Thank you.

Re: BGP in a containers

[Michel 'ic' Luczak]

> On 14 Jun 2018, at 20:56, james jones  wrote:
> 
> I am working on an personal experiment and was wondering what is the best
> option for running BGP in a docker base container. I have seen a lot blogs
> and docs referencing Quagga. I just want to make sure I am not over looking
> any other options before I dive in. Any thoughts or suggestions?

I guess / hope what you’re trying to achieve is to announce services from the 
containers using BGP. If this is the case, what you’re looking for is called 
exabgp.

ic

Re: Whois vs GDPR, latest news

[Michel 'ic' Luczak]

> On 27 May 2018, at 21:41, Owen DeLong  wrote:
> 
> The way GDPR is written, if you want to collect (and store) so much as
> the IP address of the potential customer who visited your website, you
> need their informed consent and you can’t require that they consent as
> a condition of providing service.

What we were told is that since security > GDPR, storing IPs in logs is 
obviously OK since it’s a legal requirement.

Storing them in a database for targeting / marketing is not.

What is a gray area so far is any use of IDS/IPS…

+

Re: Whois vs GDPR, latest news

[Michel 'ic' Luczak]

> On 26 May 2018, at 21:04, Rob McEwen  wrote:
> 
> Thanks for the clarification. But whether that fine will be less than 10M is 
> extremely vague and (I guess?) left up to the opinions or whims of a Euro 
> bureaucrat or judge panel, or something like that... based on very vague and 
> subjective criteria. I've searched and nobody can seem to find any more 
> specifics or assurances. Therefore, there is NOTHING that a very small 
> business with a very small data breach or mistake, could point to... to give 
> them confidence than their fine will be any less than 10M Euros, other than 
> that "up to" wording - that is in the same sentence where it also clarifies 
> "whichever is larger".
> 
> All these people in this discussion who are expressing opinions that 
> penalties in such situations won't be nearly so bad - are expressing what may 
> very with be "wishful thinking" that isn't rooted in reality.

Still on ec.europa.eu  they seem to try to reassure SMEs 
that the penalties will be “proportionate” both to the nature of the 
infringement and to the size to the company. It also seem to largely be related 
to whether you infringed the regulation in good faith or not. At least in 
France where I live the climate is pro-SMEs so I guess small mistakes will be 
forgiven. The head of our DPA also gave an interview recently saying that there 
will be no sanctions in the coming months and that they’re available to answer 
questions when in doubt about what to do.

Lastly, our law firm told us that basically we have to wait until the first 
settlements to see what will be done…

Regards, Michel

Re: Whois vs GDPR, latest news

[Michel 'ic' Luczak]

> On 26 May 2018, at 20:28, Seth Mattinen <se...@rollernet.us> wrote:
> 
> 
> 
> On 5/26/18 8:15 PM, Michel 'ic' Luczak wrote:
>> The two levels depend on the nature of the infringement, but it says clearly 
>> “up to 10M” (or 2% of your worldwide revenue, whichever is bigger) for the 
>> “less serious” infringements. So no, there is no minimum fine actually.
> 
> 
> To me that says the fine is 10M if your 2% is lower than 10M. Or it wasn't 
> originally written in English and the translation is flawed.

Original text from EU Commission:
"Infringements of the following provisions shall, in accordance with paragraph 
2, be subject to administrative fines up to 10 000 000 EUR, or in the case of 
an undertaking, up to 2 % of the total worldwide annual turnover of the 
preceding financial year, whichever is higher”

-> Administrative fines _up to_ 10M (or 2% if your 2% is higher than 10M). 

It’s a cap, not a minimum. 

Re: Whois vs GDPR, latest news

[Michel 'ic' Luczak]

> On 26 May 2018, at 19:37, Rob McEwen  wrote:
> 
> The *MINIMUM* fine is 10M euros.
> 
> SEE: https://www.gdpreu.org/compliance/fines-and-penalties/ 
> 
The two levels depend on the nature of the infringement, but it says clearly 
“up to 10M” (or 2% of your worldwide revenue, whichever is bigger) for the 
“less serious” infringements. So no, there is no minimum fine actually.

Re: Whois vs GDPR, latest news

[Michel 'ic' Luczak]

> On 23 May 2018, at 19:12, Anne P. Mitchell Esq.  wrote:
> 
> 
> 
>> On May 23, 2018, at 11:05 AM, K. Scott Helms  wrote:
>> 
>> Yep, if you're doing a decent job around securing data then you don't have 
>> much to be worried about on that side of things.  The problem for most 
>> companies is that GDPR isn't really a security law, it's a privacy law (and 
>> set of regulations).  That's where it's hard because there are a limited 
>> number of ways you can, from the EU's standpoint, lawfully process someone's 
>> PII.  Things like opting out and blanket agreements to use all of someone's 
>> data for any reason a company may want are specifically prohibited.  Even 
>> companies that don't intentionally sell into the EU (or the UK) can find 
>> themselves dealing with this if they have customers with employees in the 
>> EU. 
> 
> Or if someone who is a U.S. citizen and resident goes to the org's U.S.-based 
> website and orders something (or even just provides their PII)... but happens 
> to be in a plane flying over an EU country at the time.  Because GDPR doesn't 
> talk about residence or citizenship, it talks only about a vague and 
> ambiguous "in the Union", and I can certainly envision an argument in which 
> the person in the plane claims that they were, technically, "in the Union" at 
> the time. 
> 

Actually, the EU Commission is pretty clear about the non-E.U. person 
travelling to E.U. and using a service not specifically targetting E.U. users :

"When the regulation does not apply
Your company is service provider based outside the EU. It provides services to 
customers outside the EU.  Its clients can use its services when they travel to 
other countries, including within the EU. Provided your company  doesn't 
specifically target its services at individuals in the EU, it is not subject to 
the rules of the GDPR.”

https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/application-regulation/who-does-data-protection-law-apply_en

There are many other examples on their website which leave pretty little doubts 
about when it applies and when it does not.

Regards, Michel

Re: Akamai WAF

[Michel 'ic' Luczak]

Hi,

> On 18 May 2018, at 16:22, Justin Wilson  wrote:
> 
> I have a client with a /24 that has somehow been blocked by folks using the 
> Akamai WAF. This is the response we received back from Akamai when we 
> contacted them. 
> 
>> On checking the machine logs for ups.com , we found that 
>> there is WAF (web application firewall) configured by ups.com 
>> , this has to be fixed from the site owners end.
> 
> This is happening with multiple sites, southwest.com is another.  I find it 
> odd multiple sites are doing this at the same time.  If just one I would 
> believe it was a manual configuration.  It seems like something has triggered 
> it. Can someone shed some light on how the WAF works?

As far as I know they have some kind of scoring in place for end users IPs so 
if there is a malicious IP inside the /24 (from Akamai’s WAF point of view) 
then the scoring can affect other WAFed services as well.

BR, ic

Re: Remote power cycle recommendations

[Michel 'ic' Luczak]

I had more or less the same experience with APC Masterswitches (fried a few of 
those) ;) + the included free backdoors and default admin passwords and write 
communities (I got my whole platform shutdown by someone once). I guess YMMV.

> On 30 Apr 2018, at 21:49, Ben Cannon <b...@6by7.net> wrote:
> 
> I want to love these, but I’ve had enough problems (3 bad units, one 8 port 
> wiped it’s config and reset itself) causing outages, out of the 6 or so 
> devices I’ve deployed, to ever use them in a critical production role.
> 
>> On Apr 30, 2018, at 12:19 PM, Michel 'ic' Luczak <li...@benappy.com> wrote:
>> 
>> If rack-mount is not a hard requirement, I would definitely look into 
>> Ubiquiti’s mPower range. You will find anything from a single socket (WiFi 
>> only) to a 6 socket PDU (WiFi and Ethernet, probably 8 sockets for US but 
>> I’m in Europe) with central management system (free) and detailed 
>> consumption graphs and costs if you provide the kWh cost.
>> 
>> I’m running many of those with the controller/management software installed 
>> remotely in a central location and have several alerts and automation 
>> scripts setup when consumption goes beyond a certain level (meaning the 
>> equipment has crashed).
>> 
>> https://www.ubnt.com/mfi/mpower/
>> 
>> Regards, Michel
>> 
>>> On 27 Apr 2018, at 17:46, Andy Ringsmuth <a...@newslink.com> wrote:
>>> 
>>> I’m sure many here are familiar with or using/have used devices to remotely 
>>> power cycle equipment. I’m considering a Dataprobe iBoot-G2 and am curious 
>>> if you’ve had experience with it, or other recommendations.
>>> 
>>> I only need one outlet to be remotely power cycle-able. I have one piece of 
>>> equipment that is occasionally a little flaky and, well, you know the 
>>> hassle.
>>> 
>>> What do people recommend? There seem to be plenty out there which are more 
>>> designed to auto-reboot when Internet connectivity is lost, aka remotely 
>>> reboot the ‘ol cable modem for instance, but that’s not my scenario.
>>> 
>>> Thanks in advance.
>>> 
>>> 
>>> Andy Ringsmuth
>>> a...@newslink.com
>>> News Link – Manager Technology, Travel & Facilities
>>> 2201 Winthrop Rd., Lincoln, NE 68502-4158
>>> (402) 475-6397(402) 304-0083 cellular
>>> 
>> 
> 

Re: Remote power cycle recommendations

[Michel 'ic' Luczak]

If rack-mount is not a hard requirement, I would definitely look into 
Ubiquiti’s mPower range. You will find anything from a single socket (WiFi 
only) to a 6 socket PDU (WiFi and Ethernet, probably 8 sockets for US but I’m 
in Europe) with central management system (free) and detailed consumption 
graphs and costs if you provide the kWh cost.

I’m running many of those with the controller/management software installed 
remotely in a central location and have several alerts and automation scripts 
setup when consumption goes beyond a certain level (meaning the equipment has 
crashed).

https://www.ubnt.com/mfi/mpower/

Regards, Michel

> On 27 Apr 2018, at 17:46, Andy Ringsmuth  wrote:
> 
> I’m sure many here are familiar with or using/have used devices to remotely 
> power cycle equipment. I’m considering a Dataprobe iBoot-G2 and am curious if 
> you’ve had experience with it, or other recommendations.
> 
> I only need one outlet to be remotely power cycle-able. I have one piece of 
> equipment that is occasionally a little flaky and, well, you know the hassle.
> 
> What do people recommend? There seem to be plenty out there which are more 
> designed to auto-reboot when Internet connectivity is lost, aka remotely 
> reboot the ‘ol cable modem for instance, but that’s not my scenario.
> 
> Thanks in advance.
> 
> 
> Andy Ringsmuth
> a...@newslink.com
> News Link – Manager Technology, Travel & Facilities
> 2201 Winthrop Rd., Lincoln, NE 68502-4158
> (402) 475-6397(402) 304-0083 cellular
> 

Re: AS23456

[Michel 'ic' Luczak]

% Information related to 'AS23456 - AS23456'

as-block:   AS23456 - AS23456
descr:  IANA reserved ASN block
remarks:These AS numbers are reserved by IANA
remarks:to represent 32bit AS numbers as
remarks:16bit AS numbers in the AS path
remarks:information encoded with 16bit AS numbers.
remarks:For more details please see RFC4893
remarks:http://iana.org/numbers/
org:ORG-IANA1-RIPE
mnt-by: RIPE-DBM-MNT
created:2009-05-29T08:37:37Z
last-modified:  2014-02-24T14:16:53Z
source: RIPE


> On 9 Apr 2018, at 16:33, DurgaPrasad - DatasoftComnet 
>  wrote:
> 
> Hello all,
> What is this AS23456 - We are seeing some significant traffic in and out 
> using AS-STATS reports.
> 
> Thanks/DP
> 
> 
> 
> 
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
> 

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

[Michel 'ic' Luczak]

The ones I know do so on private VLANs (or ATM circuits on DSL) so anyway 
unrelated to any client’s address space. Also, french triple play ISPs use 
RFC1918 space for IPTV but again isolated of any customer network so doesn’t 
really matter.

> On 2 Mar 2018, at 22:18, K. Scott Helms  wrote:
> 
> I won't comment on the sanity of doing so, but _many_ service providers use
> EMTAs, ATAs, and other voice devices over RFC1918 space back to their core.
>