Netflow collector that can forward flows to another collector based on various metrics.

[Drew Weaver]

Good morning everyone,

I am looking for a Netflow collector that can forward flows based on src ip/src 
net dst ip/dst net to another collector in either real or near time.

If it can be configured via an API that is even better than having to edit 
configuration files.

If anyone has any suggestions I would appreciate it.

Thanks,
-Drew

Re: Netflow collector that can forward flows to another collector based on various metrics.

[Johan Hedberg]

I've been using samplicator for a few years for this, it can be 
configured to forward based on sender ip/net, but it does not have an 
API. I'm using it because it's small, simple and does only one thing.


https://github.com/sleinen/samplicator

//JH

On 2021-01-21 15:39, Karsten Thomann via NANOG wrote:


Hi,

I don't know if pmacct has an API for it, but it can replicate netflow 
and also filter what it is forwarding.


https://github.com/pmacct/pmacct/blob/master/QUICKSTART

Beginning line 2093

Kind regards

Karsten

Am Donnerstag, 21. Januar 2021, 14:31:36 schrieb Drew Weaver:

> Good morning everyone,

>

> I am looking for a Netflow collector that can forward flows based on src

> ip/src net dst ip/dst net to another collector in either real or 
near time.


>

> If it can be configured via an API that is even better than having 
to edit


> configuration files.

>

> If anyone has any suggestions I would appreciate it.

>

> Thanks,

> -Drew

Re: Netflow collector that can forward flows to another collector based on various metrics.

[Karsten Thomann via NANOG]

Hi,

I don't know if pmacct has an API for it, but it can replicate netflow and also 
filter what it is 
forwarding.
https://github.com/pmacct/pmacct/blob/master/QUICKSTART

Beginning line 2093

Kind regards
Karsten

Am Donnerstag, 21. Januar 2021, 14:31:36 schrieb Drew Weaver:
> Good morning everyone,
> 
> I am looking for a Netflow collector that can forward flows based on src
> ip/src net dst ip/dst net to another collector in either real or near time.
> 
> If it can be configured via an API that is even better than having to edit
> configuration files.
> 
> If anyone has any suggestions I would appreciate it.
> 
> Thanks,
> -Drew

Re: DoD IP Space

[Andy Ringsmuth]

> On Jan 20, 2021, at 11:10 PM, Doug Barton  wrote:
> 
> There have already been at least two lines in the sand that the IETF has 
> backed down from. Is it even useful for us to keep saying "IPv6 is the way 
> forward" any more?


Oh, I could not agree more. We need IETF or other powers-that-be to stop the 
line-in-the-sand stuff and instead go with a line in the wet concrete.

I’m sure we all remember Y2k (well, most of us, there could be some young-uns 
on the list). That day was happening whether we wanted it to or not. It was an 
unchangeable, unmovable deadline. 

THAT is what we need for IPv6 implementation. Will it happen? Probably not, 
sadly.

I’d love to see a line in the concrete of, say, January 1, 2025, whereby IPv6 
will be the default.



Andy Ringsmuth
5609 Harding Drive
Lincoln, NE 68521-5831
(402) 304-0083
a...@andyring.com

“Better even die free, than to live slaves.” - Frederick Douglas, 1863

Re: Netflow collector that can forward flows to another collector based on various metrics.

[Michael Krygeris]

Plixer Replicator will do this via REST API is you are looking for a
commercial solution.
If you’re looking for a free solution, Samplicator will do this via config
file.
Neither is a “collector” as neither stores the flows. They simply
forward/copy UDP streams based on a set policy. It sounds like this is what
you are after.

(Full disclosure I works for Plixer)

Mike Krygeris

On Thu, Jan 21, 2021 at 9:31 AM Drew Weaver  wrote:

> Good morning everyone,
>
>
>
> I am looking for a Netflow collector that can forward flows based on src
> ip/src net dst ip/dst net to another collector in either real or near time.
>
>
>
> If it can be configured via an API that is even better than having to edit
> configuration files.
>
>
>
> If anyone has any suggestions I would appreciate it.
>
>
>
> Thanks,
>
> -Drew
>
>
>

Re: DoD IP Space

[borg]

Oh, no worries.. It will never happen ;)
There is reason why everyone stick to IPv4...

Also, there was also nice space that could be used safely on private
networks [14.0.0.0/8]. Unfortunately money needs to flow, so it was
converted to normal space. Shame.

Same with recent shady action w/ 44.0.0.0/8 is sad as well..
IPv4 will stay with us for very long


-- Original message --

From: Owen DeLong 
To: Sabri Berisha 
Cc: nanog , Grant Taylor 
Subject: Re: DoD IP Space
Date: Wed, 20 Jan 2021 13:15:32 -0800

Indeed It will be interesting to see how these CxOs with limited budges
react when backbones finally start turning off IPv4 and they discover that
their network is burning down because of years neglecting the IPv6 brush
growing all around them.

Owen

Re: DoD IP Space

[John Curran]

Chris -

https://search.arin.net/rdap/?query=22.0.0.0  will provide a valid phone number 
for technical & abuse matters.

/John

John Curran
President and CEO
American Registry for Internet Numbers

On 21 Jan 2021, at 12:11 AM, John Lee 
mailto:jllee9...@gmail.com>> wrote:

It is the DISA DOD NIC at:

https://disa.mil/About/Contact

Which will give you the DISA help desk phone number.

John Lee

On Mon, Nov 4, 2019 at 3:57 AM Chris Knipe 
mailto:sav...@savage.za.org>> wrote:
Hi Guys,

Except for the email on ARIN's details, does anyone else have a contact for the 
DoD?

We are experiencing a situation with a 3rd party (direct peer), wanting to 
advertise DoD address space to us, and we need to confirm whether they are 
allowed to do so or not.

Range in question is the 22.0.0.0/8 network, which according 
to ARIN is actively assigned to the DoD (US).

--

Regards,
Chris Knipe

Re: Uganda Communications Commission shutdown order

[Ramakrishna Padmanabhan]

Hello folks,

Wanted to chime in to say that near-realtime outage data/graphs from the IODA 
(Internet Outage Detection and Analysis) system, at CAIDA, UC San Diego, are 
publicly available. For example, the following graph shows that the outage in 
Uganda began at ~4:00 PM UTC on Jan 13th and ended at ~9:00 AM UTC on Jan 18th:
https://ioda.caida.org/ioda/dashboard#view=inspect=country/UG=overview=161028=1611057600
 


Using the public dashboard you can view/check for outages affecting any 
country, sub-national region, and AS: https://ioda.caida.org/ioda/dashboard 
. By default, the dashboard shows 
connectivity data for the last 24 hours, but users can specify any time range 
(up to a max of a month) back to several years. Note that a typical research 
infrastructure disclaimer applies: the system is still actively under 
development. While the automated alerts do contain false positives/negatives, 
the graphs provide users a clear view of what the underlying measurements tell 
us.

Btw, IODA provides data/graphs also to ISOC Insights mentioned by Mat.

Ramakrishna (Rama) Padmanabhan
Postdoctoral researcher
CAIDA, UC San Diego

> On Jan 19, 2021, at 1:31 AM, Matthew Ford  wrote:
> 
> 
> 
>> On 18 Jan 2021, at 23:02, surfer  wrote:
>> 
>> ps.  So far, I know of https://internetshutdowns.in and
>> netblocks.org. If anyone knows more than these that're
>> updated regularly please let me know.  I am interested
>> in 'real time' internet shutdowns globally.
> 
> https://insights.internetsociety.org/shutdowns is very much work-in-progress. 
> With pages like https://insights.internetsociety.org/shutdowns/4992 we're 
> trying to provide a curated archive of shutdown events. Not real time, but 
> hopefully at least timely.
> 
> Feedback very welcome.
> 
> Mat

Re: Netflow collector that can forward flows to another collector based on various metrics.

[Joe Loiacono]

You might try the SiLK offering from Carnegie-Mellon's CERT team. A 
netflow/sflow collector with full tool suite.


Very robust, fast and free.

https://tools.netsa.cert.org/silk

On 1/21/2021 9:31 AM, Drew Weaver wrote:


Good morning everyone,

I am looking for a Netflow collector that can forward flows based on 
src ip/src net dst ip/dst net to another collector in either real or 
near time.


If it can be configured via an API that is even better than having to 
edit configuration files.


If anyone has any suggestions I would appreciate it.

Thanks,

-Drew

Re: Netflow collector that can forward flows to another collector based on various metrics.

[Simon Leinen]

Speaking as the maintainer of samplicator, I'm not sure it's what Drew
is looking for.

Samplicator just sends copies of entire UDP packets.  It doesn't
understand NetFlow/IPFIX or whatever else those packets might contain.

If I understand correctly, drew wants to forward some of the
NetFlow/IPFIX flows, based on source/destination addresses *within those
flows*.  Samplicator cannot do that (by a long shot).

pmacct sounds like a good suggestion.

(I used to have a Lisp program that could also do this, and adding an
API would have been trivial... but the program has been decommissioned
recently after >20 years of service.  Also I never got around to
cleaning that up so that I could distribute the source. :-)
-- 
Simon.

Nice work Ron

[Jean St-Laurent via NANOG]

https://krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occ
upied-by-parler/

 



 
 


Jean St-Laurent 

CISSP #634103


 

ddosTest me security inc


tel:438 806-9800 


site:    https://ddostest.me 


email:    j...@ddostest.me 

 

 

Re: DoD IP Space

[Mark Andrews]

IPv6 doesn’t need a hard date.  It is coming, slowly, but it is coming.
Every data set says the same thing.  It may not be coming as fast as a lot
of us would want or actually think is reasonable as ISP’s are currently
being forced to deploy CGNs (NAT44 and NAT64) because there are laggards
that are not doing their part.

If you offer a service over the Internet then it should be available over
IPv6 otherwise you are costing your customers more to reach you.  CGNs are
not free.

Mark

> On 22 Jan 2021, at 06:07, Sabri Berisha  wrote:
> 
> - On Jan 21, 2021, at 6:40 AM, Andy Ringsmuth a...@andyring.com wrote:
> 
> Hi,
> 
>> I’m sure we all remember Y2k
> 
> Ah, yes. As a young IT consultant wearing a suit and tie (rofl), I upgraded 
> many
> bioses in many office buildings in the months leading up to it...
> 
>> I’d love to see a line in the concrete of, say, January 1, 2025, whereby IPv6
>> will be the default.
> 
> The challenge with that is the market. Y2K was a problem that was existed. It 
> was
> a brick wall that we would hit no matter what. The faulty code was released 
> years
> before the date.
> 
> We, IETF, or even the UN could come up with 1/1/25 as the date where we 
> switch off
> IPv4, and you will still find networks that run IPv4 for the simple reason 
> that
> the people who own those networks have a choice. With Y2K there was no choice.
> 
> The best way to have IPv6 implemented worldwide is by having an incentive for 
> the
> executives that make the decisions. From experience, as I've said on this 
> list a
> few times before, I can tell you that decision makers with a limited budget 
> that
> have to choose between a new revenue generating feature, or a company-wide 
> implementation of IPv6, will choose the one that's best for their own 
> short-term
> interests.
> 
> On that note, I did have a perhaps silly idea: One way to create the demand 
> could
> be to have browser makers add a warning to the URL bar, similar to the HTTPS 
> warnings we see today. If a site is IPv4 only, warn that the site is using
> deprecated technology. 
> 
> Financial incentives also work. Perhaps we can convince Mr. Biden to give a 
> .5%
> tax cut to corporations that fully implement v6. That will create some bonus 
> targets.
> 
> Thanks,
> 
> Sabri

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org

RE: Nice work Ron

[bzs]

On January 21, 2021 at 12:39 nanog@nanog.org (Jean St-Laurent via NANOG) wrote:
 > 
 > I feel this is a good example that a pen is mightier than a sword.

In all honesty have we really given the sword a chance in these cases?

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

Re: Nice work Ron

[Eric Kuhnke]

> How many other Belize defuncts do they have?  How many offshore countries
like Belize are there in the region?

Based on my cursory knowledge of offshore corporate registrations in
Belize, Panama and the Cayman Islands, identifying those locations which
are only mailboxes versus actual business office addresses should not be
overly complicated or difficult.

In the era of Google Street View for most major urban areas the initial
search process can be done remotely, such as when it appears that dozens of
companies occupy one street address of a very small office building.

For instance look at the company registration offices, with hundreds of
corporate entities sharing one office suite address, which were created by
Mossack Fonseca in Panama City.

https://en.wikipedia.org/wiki/Mossack_Fonseca

The same principle would apply not just to LACNIC, but also to anybody who
wanted to go in detail through the number of ISPs and hosting companies
that nominally exist in Malta and Cyprus.


On Thu, Jan 21, 2021 at 10:25 AM Töma Gavrichenkov 
wrote:

> Peace,
>
> On Thu, Jan 21, 2021, 8:17 PM Jean St-Laurent via NANOG 
> wrote:
>
>>
>> https://krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occupied-by-parler/
>>
>
> A disclaimer:
> - Standing for the sanity of the Internet routing;
> - Assuming (quite reliably) actual policy violation;
> - Assuming good faith
>
> — am I the only one to believe that (given that LACNIC had allocated an IP
> block to a company that doesn't conform to the LACNIC policies) what we
> urgently need to see next is the complete audit of the LACNIC operations,
> so that this doesn't look like selective enforcement?
>
> How many other Belize defuncts do they have?  How many offshore countries
> like Belize are there in the region?
>
> --
> Töma
>

Re: DoD IP Space

[Randy Bush]

>> I’m sure we all remember Y2k (well, most of us, there could be some
>> young-uns on the list). That day was happening whether we wanted it to
>> or not. It was an unchangeable, unmovable deadline.
> 
> but i thought 3gpp was gong to force ipv6 adoption

let me try it a different way

why should i care whether you deploy ipv6, move to dual stack, cgnat,
...?  you will do whatever makes sense to the pointy heads in your c
suite.  why should i give them or some tech religion free rent in my
mind when i already have too much real work to do?

randy

Re: DoD IP Space

[j k]

Organizations I have worked with for IPv6 transition, reduced CAPex and
OPex by leveraging the IT refresh cycle, and by ensuring there investment
included leveraging the USGv6 (
https://www.nist.gov/programs-projects/usgv6-program) or IPv6Ready (
https://www.ipv6ready.org/) to mitigate the "We sell IPv6 products, and
want to you to pay for the debugging costs".

Can I assume other organizations don't leverage the IT refresh cycle?

Joe Klein

"inveniet viam, aut faciet" --- Seneca's Hercules Furens (Act II, Scene 1)
"*I skate to where the puck is going to be, not to where it has been."
-- *Wayne
Gretzky
"I never lose. I either win or learn" - Nelson Mandela


On Thu, Jan 21, 2021 at 2:34 PM Brandon Svec 
wrote:

> That's a good one.  Perhaps you don't live/work in the US and can be
> excused for not knowing that US corporations don't pay taxes.  In many
> cases we subsidize them by giving tax credits to the point that the money
> is flowing in the opposite direction entirely. It would be hard to give
> them any more of a break ;)
>
>>
>>
>> Financial incentives also work. Perhaps we can convince Mr. Biden to give
>> a .5%
>> tax cut to corporations that fully implement v6. That will create some
>> bonus
>> targets.
>>
>> Thanks,
>>
>> Sabri
>>
>

Re: DoD IP Space

[Randy Bush]

> I’m sure we all remember Y2k (well, most of us, there could be some
> young-uns on the list). That day was happening whether we wanted it to
> or not. It was an unchangeable, unmovable deadline.

but i thought 3gpp was gong to force ipv6 adoption

Re: Nice work Ron

[Alain Hebert]

    Well,

    FYI: I'm not getting getting this kind of vibe from him, more like 
of an IP Space janitor.


    I'm wondering if it is a statement from Ron or the opinion of the 
author of the article.


    Myself, I'm jealous of Ron for having the capacity of doing this 
kind of task =D on top of his daily $$$ one.


-
Alain Hebertaheb...@pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911  http://www.pubnix.netFax: 514-990-9443

On 1/21/21 1:59 PM, Anne P. Mitchell, Esq. wrote:

On Jan 21, 2021, at 10:16 AM, Jean St-Laurent via NANOG  wrote:

https://krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occupied-by-parler/

For context, from the article:

"The pending disruption for DDoS-Guard and Parler comes compliments of Ron 
Guilmette, a researcher who has made it something of a personal mission to de-platform 
conspiracy theorist and far-right groups."


Anne

--
Anne P. Mitchell,  Attorney at Law
CEO, SuretyMail Email Reputation Certification
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Former Counsel: Mail Abuse Prevention System (MAPS)

Re: Nice work Ron

[Ethan]

"The pending disruption for DDoS-Guard and Parler comes compliments of 
Ron Guilmette, a researcher who has made it something of a personal 
mission to de-platform conspiracy theorist and far-right groups."


Sounds horrible. But now that the American flag is a hate symbol not 
surprising.


The real threat is new comers to the social media market creating 
competition for FB/Twitter. Hopefully Parler is just the start.


- E

Re: Nice work Ron

[Töma Gavrichenkov]

Peace,

On Thu, Jan 21, 2021, 10:20 PM Fredrik Holmqvist / I2B 
wrote:

> Just a question "this one hosted a Web site for a terrorist
> organization", which terrorist organizations web site did they host ?
>

"Hamas", until November.  That was discussed before on the mailing list.

--
Töma

>

Re: DoD IP Space

[Brandon Svec]

That's a good one.  Perhaps you don't live/work in the US and can be
excused for not knowing that US corporations don't pay taxes.  In many
cases we subsidize them by giving tax credits to the point that the money
is flowing in the opposite direction entirely. It would be hard to give
them any more of a break ;)

>
>
> Financial incentives also work. Perhaps we can convince Mr. Biden to give
> a .5%
> tax cut to corporations that fully implement v6. That will create some
> bonus
> targets.
>
> Thanks,
>
> Sabri
>

Re: Nice work Ron

[Töma Gavrichenkov]

Peace,

On Thu, Jan 21, 2021, 9:29 PM Tom Beecher  wrote:

>  am I the only one to believe that (given that LACNIC had allocated an IP
>> block to a company that doesn't conform to the LACNIC policies) what we
>> urgently need to see next is the complete audit of the LACNIC operations,
>> so that this doesn't look like selective enforcement?
>>
>
> LACNIC received a complaint, they investigated that complaint, found it
> warranted, and took appropriate action. "Selective enforcement" would imply
> there have been other complaints filed with LACNIC that have been ignored.
>

I've got a strong feeling though that Ronald Guilmette had been doing the
job LACNIC should've done, possibly long ago.

Once you define a policy, you shouldn't depend on independent investigators
to figure out the violations.  You need to ensure the execution.

--
Töma

>

Re: Nice work Ron

[Tom Beecher]

In my recent ( last 24 months) dealings with LACNIC, they were very
thorough in validating information and enforcing documentation requirements
as we needed to modify some things after some corporate changes.  Obviously
that may not be representative of all their operations, but they were quite
on the ball in making sure we (still) were who we said we were.

I think it's a tricky argument to say what LACNIC *should* or *should not*
have done. We don't know all the facts. But we all know that
fraudulent business records are used all over the world for things like
this all the time. Calling for a complete audit of LACNIC feels quite
extreme absent a pattern of issues, which doesn't seem to have been
presented.

On Thu, Jan 21, 2021 at 1:37 PM Töma Gavrichenkov  wrote:

> Peace,
>
> On Thu, Jan 21, 2021, 9:29 PM Tom Beecher  wrote:
>
>>  am I the only one to believe that (given that LACNIC had allocated an IP
>>> block to a company that doesn't conform to the LACNIC policies) what we
>>> urgently need to see next is the complete audit of the LACNIC operations,
>>> so that this doesn't look like selective enforcement?
>>>
>>
>> LACNIC received a complaint, they investigated that complaint, found it
>> warranted, and took appropriate action. "Selective enforcement" would imply
>> there have been other complaints filed with LACNIC that have been ignored.
>>
>
> I've got a strong feeling though that Ronald Guilmette had been doing the
> job LACNIC should've done, possibly long ago.
>
> Once you define a policy, you shouldn't depend on independent
> investigators to figure out the violations.  You need to ensure the
> execution.
>
> --
> Töma
>
>>

Re: Nice work Ron

[Anne P. Mitchell, Esq.]

> On Jan 21, 2021, at 10:16 AM, Jean St-Laurent via NANOG  
> wrote:
> 
> https://krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occupied-by-parler/

For context, from the article:

"The pending disruption for DDoS-Guard and Parler comes compliments of Ron 
Guilmette, a researcher who has made it something of a personal mission to 
de-platform conspiracy theorist and far-right groups."


Anne

--
Anne P. Mitchell,  Attorney at Law
CEO, SuretyMail Email Reputation Certification
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Former Counsel: Mail Abuse Prevention System (MAPS)

Re: DoD IP Space

[Sabri Berisha]

- On Jan 21, 2021, at 6:40 AM, Andy Ringsmuth a...@andyring.com wrote:

Hi,

> I’m sure we all remember Y2k

Ah, yes. As a young IT consultant wearing a suit and tie (rofl), I upgraded many
bioses in many office buildings in the months leading up to it...

> I’d love to see a line in the concrete of, say, January 1, 2025, whereby IPv6
> will be the default.

The challenge with that is the market. Y2K was a problem that was existed. It 
was
a brick wall that we would hit no matter what. The faulty code was released 
years
before the date.

We, IETF, or even the UN could come up with 1/1/25 as the date where we switch 
off
IPv4, and you will still find networks that run IPv4 for the simple reason that
the people who own those networks have a choice. With Y2K there was no choice.

The best way to have IPv6 implemented worldwide is by having an incentive for 
the
executives that make the decisions. From experience, as I've said on this list a
few times before, I can tell you that decision makers with a limited budget that
have to choose between a new revenue generating feature, or a company-wide 
implementation of IPv6, will choose the one that's best for their own short-term
interests.

On that note, I did have a perhaps silly idea: One way to create the demand 
could
be to have browser makers add a warning to the URL bar, similar to the HTTPS 
warnings we see today. If a site is IPv4 only, warn that the site is using
deprecated technology. 

Financial incentives also work. Perhaps we can convince Mr. Biden to give a .5%
tax cut to corporations that fully implement v6. That will create some bonus 
targets.

Thanks,

Sabri

Re: Nice work Ron

[Töma Gavrichenkov]

Peace,

On Thu, Jan 21, 2021, 9:57 PM Tom Beecher  wrote:

> fraudulent business records are used all over the world for things like
> this all the time. Calling for a complete audit of LACNIC feels quite
> extreme absent a pattern of issues, which doesn't seem to have been
> presented.
>

Listen, here, we basically cherry-picked an arbitrary AS and immediately
found a policy violation.

Yes, this one hosted a Web site for a terrorist organization, but there are
plenty such orgs in the world.  This one was just outta luck with this.
This is what makes me worry.

--
Töma

>

Re: Nice work Ron

[Fredrik Holmqvist / I2B]

Hi.

Just a question "this one hosted a Web site for a terrorist 
organization", which terrorist organizations web site did they host ?


---
Fredrik Holmqvist


On 2021-01-21 20:11, Töma Gavrichenkov wrote:

Peace,

On Thu, Jan 21, 2021, 9:57 PM Tom Beecher  wrote:


fraudulent business records are used all over the world for things
like this all the time. Calling for a complete audit of LACNIC feels
quite extreme absent a pattern of issues, which doesn't seem to have
been presented.


Listen, here, we basically cherry-picked an arbitrary AS and
immediately found a policy violation.

Yes, this one hosted a Web site for a terrorist organization, but
there are plenty such orgs in the world.  This one was just outta luck
with this.  This is what makes me worry.

--
Töma

RE: Nice work Ron

[Jean St-Laurent via NANOG]

I should have probably add more content or a comment.

 

I feel this is a good example that a pen is mightier than a sword. 

 

I am impress by what I read in this article and would definitely like to
hear/read more, maybe coming from Ronald Guilmette? 

 

Thanks all


Jean

 

 

From: NANOG  On Behalf Of Jean
St-Laurent via NANOG
Sent: January 21, 2021 12:17 PM
To: 'NANOG' 
Subject: Nice work Ron

 

https://krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occ
upied-by-parler/

 






Jean St-Laurent 

CISSP #634103


 

ddosTest me security inc


tel:438 806-9800 


site:    https://ddostest.me 


email:    j...@ddostest.me 

 

 

Re: Nice work Ron

[Tom Beecher]

>
>  am I the only one to believe that (given that LACNIC had allocated an IP
> block to a company that doesn't conform to the LACNIC policies) what we
> urgently need to see next is the complete audit of the LACNIC operations,
> so that this doesn't look like selective enforcement?
>

LACNIC received a complaint, they investigated that complaint, found it
warranted, and took appropriate action. "Selective enforcement" would imply
there have been other complaints filed with LACNIC that have been ignored.

On Thu, Jan 21, 2021 at 1:25 PM Töma Gavrichenkov  wrote:

> Peace,
>
> On Thu, Jan 21, 2021, 8:17 PM Jean St-Laurent via NANOG 
> wrote:
>
>>
>> https://krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occupied-by-parler/
>>
>
> A disclaimer:
> - Standing for the sanity of the Internet routing;
> - Assuming (quite reliably) actual policy violation;
> - Assuming good faith
>
> — am I the only one to believe that (given that LACNIC had allocated an IP
> block to a company that doesn't conform to the LACNIC policies) what we
> urgently need to see next is the complete audit of the LACNIC operations,
> so that this doesn't look like selective enforcement?
>
> How many other Belize defuncts do they have?  How many offshore countries
> like Belize are there in the region?
>
> --
> Töma
>

Re: Nice work Ron

[Matt Erculiani]

I'll add that after reading the article, it doesn't appear that Parler was
specifically targeted, just DDoS-Guard prior to becoming their new host.
Deplatforming of Parler wasn't really on anyone's radar back in November
when the complaint with LACNIC was filed and I'm not under the impression
they had lined DDoS-Guard up as a backup host at this point, or their
downtime would have been much less after Amazon gave them the boot; still,
they almost certainly would have been very tight lipped about who that
provider would be.

It just seemed like a convenient coincidence that Parler has since become a
customer and will be inconvenienced by this, the extent to which is not
likely to be very high as they've probably re-written any modules of their
backend that weren't portable, and now have some experience with finding
and deploying on a new host.

-Matt

On Thu, Jan 21, 2021 at 10:39 AM Jean St-Laurent via NANOG 
wrote:

> I should have probably add more content or a comment.
>
>
>
> I feel this is a good example that a pen is mightier than a sword.
>
>
>
> I am impress by what I read in this article and would definitely like to
> hear/read more, maybe coming from Ronald Guilmette?
>
>
>
> Thanks all
>
>
> Jean
>
>
>
>
>
> *From:* NANOG  *On Behalf Of *Jean
> St-Laurent via NANOG
> *Sent:* January 21, 2021 12:17 PM
> *To:* 'NANOG' 
> *Subject:* Nice work Ron
>
>
>
>
> https://krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occupied-by-parler/
>
>
>
> [image: Image removed by sender. ddosTest me Security inc]
>
> Jean St-Laurent
>
> CISSP #634103
>
>
>
> ddosTest me security inc
>
> tel:  438 806-9800 <+14388069800>
>
> site:  https://ddostest.me
>
> email:  j...@ddostest.me
>
>
>
>
>


-- 
Matt Erculiani
ERCUL-ARIN

Re: Nice work Ron

[Töma Gavrichenkov]

Peace,

On Thu, Jan 21, 2021, 8:17 PM Jean St-Laurent via NANOG 
wrote:

>
> https://krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occupied-by-parler/
>

A disclaimer:
- Standing for the sanity of the Internet routing;
- Assuming (quite reliably) actual policy violation;
- Assuming good faith

— am I the only one to believe that (given that LACNIC had allocated an IP
block to a company that doesn't conform to the LACNIC policies) what we
urgently need to see next is the complete audit of the LACNIC operations,
so that this doesn't look like selective enforcement?

How many other Belize defuncts do they have?  How many offshore countries
like Belize are there in the region?

--
Töma

Re: Nice work Ron

[Tom Beecher]

DDOS-Guard is only hosting a temporary static page for Parler, they are not
hosting the full Parler application. (Source : Quote from Parler's CEO,
NYT, 1/19/21,
https://www.nytimes.com/2021/01/19/technology/parler-russian-company.html)

On Thu, Jan 21, 2021 at 12:55 PM Matt Erculiani 
wrote:

> I'll add that after reading the article, it doesn't appear that Parler was
> specifically targeted, just DDoS-Guard prior to becoming their new host.
> Deplatforming of Parler wasn't really on anyone's radar back in November
> when the complaint with LACNIC was filed and I'm not under the impression
> they had lined DDoS-Guard up as a backup host at this point, or their
> downtime would have been much less after Amazon gave them the boot; still,
> they almost certainly would have been very tight lipped about who that
> provider would be.
>
> It just seemed like a convenient coincidence that Parler has since become
> a customer and will be inconvenienced by this, the extent to which is not
> likely to be very high as they've probably re-written any modules of their
> backend that weren't portable, and now have some experience with finding
> and deploying on a new host.
>
> -Matt
>
> On Thu, Jan 21, 2021 at 10:39 AM Jean St-Laurent via NANOG <
> nanog@nanog.org> wrote:
>
>> I should have probably add more content or a comment.
>>
>>
>>
>> I feel this is a good example that a pen is mightier than a sword.
>>
>>
>>
>> I am impress by what I read in this article and would definitely like to
>> hear/read more, maybe coming from Ronald Guilmette?
>>
>>
>>
>> Thanks all
>>
>>
>> Jean
>>
>>
>>
>>
>>
>> *From:* NANOG  *On Behalf Of *Jean
>> St-Laurent via NANOG
>> *Sent:* January 21, 2021 12:17 PM
>> *To:* 'NANOG' 
>> *Subject:* Nice work Ron
>>
>>
>>
>>
>> https://krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occupied-by-parler/
>>
>>
>>
>> [image: Image removed by sender. ddosTest me Security inc]
>>
>> Jean St-Laurent
>>
>> CISSP #634103
>>
>>
>>
>> ddosTest me security inc
>>
>> tel:  438 806-9800 <+14388069800>
>>
>> site:  https://ddostest.me
>>
>> email:  j...@ddostest.me
>>
>>
>>
>>
>>
>
>
> --
> Matt Erculiani
> ERCUL-ARIN
>