Re: [atlas] [Request] System tags for DNS resolution

2015-11-18 Thread Stephane Bortzmeyer 
On Sun, Nov 15, 2015 at 09:32:09AM +0200,
 Chris Amin  wrote 
 a message of 64 lines which said:

> I think what is happening here is that all of those probes except
> for 17854 have at least *one* resolver which does respond to
> queries.

OK, I get it. I modified resolve-name

to continue if the fist resolver returns REFUSED or SERVFAIL

Thanks for the explanations.

> why it has the tag "Doesn't Resolve A".

Do note that many tags documented in
 do not work
(reported as [ripe.net #1195138]).

> I would be interested to hear your (or anybody else's) thoughts on
> whether you would use such a reliable/stable DNS resolution tag, and
> what kind of criteria you would expect for it to be applied.

The current system is not bad, once it is explained and the above bug
fixed.

Re: [atlas] Spoofing measurenment

2015-11-18 Thread Stephane Bortzmeyer 
On Tue, Nov 17, 2015 at 07:01:24PM +0100,
 Peter Koch  wrote 
 a message of 10 lines which said:

> while this may sound tempting, I think it would be more helpful in
> the long run to maintain atlas probes as a tool to map the Internet
> rather than as "spy in the house".

Hmmm, the Atlas probe already learns a lot about the house and
publishes it:

* "this house uses Google Public DNS"
* "this house uses a validating DNS resolver"
* "this house uses IPv6 ULA"

Re: [atlas] Spoofing measurenments

2015-11-18 Thread Jen Linkova 
On Wed, Nov 18, 2015 at 12:57 PM, Alexander Lyamin  wrote:
> Do we have a statistics on what percentage of probes operate behind NAT?

There is a tag "IPv4 RFC1918" so you can select all probes with that
tag to get that number.

> On Tue, Nov 17, 2015 at 7:03 PM, Pavel Odintsov 
> wrote:
>>
>> Hello!
>>
>> Thanks for answer!
>>
>> But actually we have huge issues with IPv4. Could we collect this
>> stats with full anonymous approach for bitting ethical problem here?
>>
>> So we definitely need number of networks who ignore this rules.
>>
>> On Tue, Nov 17, 2015 at 8:00 PM, Jen Linkova  wrote:
>> > On Tue, Nov 17, 2015 at 5:50 PM, Pavel Odintsov
>> >  wrote:
>> >> I'm writing from RIPE71 / Anti spoofing BoF. So I want to ask for some
>> >> difficult ethical question.
>> >>
>> >> Could we detect probe hosts who do not deploy outgoing filtering and
>> >> accept spoofed traffic?
>> >>
>> >> We need to know amount of they. It's really important for solving
>> >> spoofing issue in Internet scale.
>> >
>> > It's been discussed before and some ethical concerns have been raised
>> > by RIPE NCC.
>> >
>> > From pure technical point of view I think it might be possible some
>> > data for Ipv6 (with some false negatives):
>> >
>> > - a probe could generate ULA prefix for itself and send traffic from
>> > that ULA source to, let's say, some anchors (or some other pre-defined
>> > target which is known for allowing packets from ULA sources).
>> > Receiving such packet from a probe would prove tat there is no BCP38
>> > filtering on the path (however blocking packets proves only the fact
>> > that ULAs are being blocked, not real spoofed packets). Or maybe a
>> > probe might get a GUA IP address from RIPE prefix and use it as a
>> > source..
>> > As bi-directional communication is not necessary, any source address
>> > would work.
>> >
>> >>
>> >> --
>> >> Sincerely yours, Pavel Odintsov
>> >>
>> >
>> >
>> >
>> > --
>> > SY, Jen Linkova aka Furry
>>
>>
>>
>> --
>> Sincerely yours, Pavel Odintsov
>
>
>
>
> --
> connecting the dots



-- 
SY, Jen Linkova aka Furry

Re: [atlas] Spoofing measurenments

2015-11-18 Thread Mikael Abrahamsson 

On Wed, 18 Nov 2015, Pavel Odintsov wrote:


Hello!

Could somebody share link to archives with previous discussion of this
ethical question?


https://www.ripe.net/ripe/mail/archives/ripe-atlas/2013-September/001005.html

http://www.gossamer-threads.com/lists/nanog/users/174708

... for instance.


--
Mikael Abrahamssonemail: swm...@swm.pp.se

[atlas] Probe with no firmware

2015-11-18 Thread Anne Inapat 
I registered my probe almost 2 days ago. when I check on the probe on your 
site, it is indicated no firmware. 
I am also unable to get an IP through DHCP. Kindly help.

Re: [atlas] Spoofing measurenments

2015-11-18 Thread Pavel Odintsov 
Thanks! Will read it deeply.

On Wed, Nov 18, 2015 at 3:36 PM, Stephane Bortzmeyer  wrote:
> On Wed, Nov 18, 2015 at 03:23:33PM +0300,
>  Pavel Odintsov  wrote
>  a message of 83 lines which said:
>
>> Could somebody share link to archives with previous discussion of this
>> ethical question?
>
> https://www.ripe.net/ripe/mail/archives/ripe-atlas/2013-September/001005.html
> https://www.ripe.net/ripe/mail/archives/ripe-atlas/2013-June/000838.html
>
> See also the roadmap , section
> "Measurements to detect BCP38 compliance"
>



-- 
Sincerely yours, Pavel Odintsov

Re: [atlas] Spoofing measurenments

2015-11-18 Thread Alexander Lyamin 
Do we have a statistics on what percentage of probes operate behind NAT?


On Tue, Nov 17, 2015 at 7:03 PM, Pavel Odintsov 
wrote:

> Hello!
>
> Thanks for answer!
>
> But actually we have huge issues with IPv4. Could we collect this
> stats with full anonymous approach for bitting ethical problem here?
>
> So we definitely need number of networks who ignore this rules.
>
> On Tue, Nov 17, 2015 at 8:00 PM, Jen Linkova  wrote:
> > On Tue, Nov 17, 2015 at 5:50 PM, Pavel Odintsov
> >  wrote:
> >> I'm writing from RIPE71 / Anti spoofing BoF. So I want to ask for some
> >> difficult ethical question.
> >>
> >> Could we detect probe hosts who do not deploy outgoing filtering and
> >> accept spoofed traffic?
> >>
> >> We need to know amount of they. It's really important for solving
> >> spoofing issue in Internet scale.
> >
> > It's been discussed before and some ethical concerns have been raised
> > by RIPE NCC.
> >
> > From pure technical point of view I think it might be possible some
> > data for Ipv6 (with some false negatives):
> >
> > - a probe could generate ULA prefix for itself and send traffic from
> > that ULA source to, let's say, some anchors (or some other pre-defined
> > target which is known for allowing packets from ULA sources).
> > Receiving such packet from a probe would prove tat there is no BCP38
> > filtering on the path (however blocking packets proves only the fact
> > that ULAs are being blocked, not real spoofed packets). Or maybe a
> > probe might get a GUA IP address from RIPE prefix and use it as a
> > source..
> > As bi-directional communication is not necessary, any source address
> would work.
> >
> >>
> >> --
> >> Sincerely yours, Pavel Odintsov
> >>
> >
> >
> >
> > --
> > SY, Jen Linkova aka Furry
>
>
>
> --
> Sincerely yours, Pavel Odintsov
>



-- 
connecting the dots